TechSpot

Infected with Nasty Java Bug!

By gottarollwithit
Aug 14, 2012
  1. I think I'm fighting a compound problem here. A couple days ago I got slammed with Security Shield 2012. I wriggled my way out of that with Malwarebytes installed via Chameleon.

    Then, I was getting random audio advertisements and a sound clips playing all throughout the night. I tried killing it with Avast Free AV. After a boot time scan and a full system scan it seems to have gone away. The results state that it found: Threat: Java:CVE2012-0507-EI[Expl], Threat: JavaAgent-amx[Expl}, and a long list of other stuff starting with Threat Java...

    I have absolutely no idea what I have. I enabled the "file shield" on Avast and it keeps alerting me of new viruses that it has blocked.
    I have gone down the sticky'd list of 5 things to do before posting in the hopes that it would kill this thing. No dice and no idea how to interpret the logs that get put out.

    Got any advice on how to kill whatever bug(s) I got?

    Thanks!!!
     

    Attached Files:

  2. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Not sure if I'm supposed to attach these logs, or paste them directly into the thread. Beneath are the logs for viewing. (Sorry in advance if this isn't the way folks here want it)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-14 18:29:37
    Windows 6.0.6001 Service Pack 1
    Running: wozvzuoc.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1A 0x18 0x20 0x7D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1A 0x18 0x20 0x7D ...

    ---- EOF - GMER 1.0.15 ----
     
  3. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_31
    Run by Ray at 18:33:22 on 2012-08-14
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8182.5816 [GMT -7:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    \\.\globalroot\systemroot\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.dell.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    uRun: [radem] rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset
    uRun: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    mRun: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    StartupFolder: C:\Users\Ray\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0A83F878-A190-4BDC-92A1-5A809D002E86} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 relog_ap
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    mRun-x64: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-3-20 88576]
    R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-11-27 401920]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-13 44808]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-10 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-10 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 OV550I;OVT Scanner;C:\Windows\system32\Drivers\ov550ivx.sys --> C:\Windows\system32\Drivers\ov550ivx.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 scsiscan;SCSI Scanner Driver;C:\Windows\System32\drivers\scsiscan.sys [2009-11-25 10576]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-2 93184]
    .
    =============== Created Last 30 ================
    .
    2012-08-13 07:08:10 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-08-13 07:08:08 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-08-13 07:07:11 41224 ----a-w- C:\Windows\avastSS.scr
    2012-08-13 07:06:33 -------- d-----w- C:\ProgramData\AVAST Software
    2012-08-13 07:06:33 -------- d-----w- C:\Program Files\AVAST Software
    2012-08-13 04:46:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-10 19:36:30 4200024 ----a-w- C:\Windows\SysWow64\cdintf400.dll
    2012-08-10 19:35:18 -------- d-----w- C:\Program Files (x86)\Quicken
    2012-08-10 08:59:39 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFB905EF-2447-40BC-8CE3-5DD9BCF4627E}\mpengine.dll
    2012-08-02 21:01:07 -------- d--h--w- C:\Users\Ray\AppData\Roaming\CF5B8AE0
    2012-07-25 18:27:50 -------- d-----w- C:\Users\Ray\AppData\Local\Macromedia
    .
    ==================== Find3M ====================
    .
    2012-08-12 21:35:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-12 21:35:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 18:34:08.15 ===============
     
  4. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.13.01

    Windows Vista Service Pack 1 x64 NTFS
    Internet Explorer 7.0.6001.18000
    Ray :: RAY-PC [administrator]

    8/14/2012 5:40:34 PM
    mbam-log-2012-08-14 (17-40-34).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199132
    Time elapsed: 2 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    I still need Attach.txt part of DDS.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/20/2009 1:16:52 PM
    System Uptime: 8/13/2012 6:47:33 PM (28 hours ago)
    .
    Motherboard: Dell Inc. | | 0R849J
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 1600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 916 GiB total, 609.569 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.029 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 932 GiB total, 55.89 GiB free.
    K: is Removable
    L: is Removable
    M: is Removable
    N: is Removable
    O: is Removable
    P: is FIXED (NTFS) - 932 GiB total, 409.399 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Nikon SUPER COOLSCAN 9000 ED
    Device ID: ROOT\IMAGE\0000
    Manufacturer: DIY Software
    Name: Nikon SUPER COOLSCAN 9000 ED
    PNP Device ID: ROOT\IMAGE\0000
    Service: scsiscan
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Nikon SUPER COOLSCAN 9000 ED
    Device ID: ROOT\IMAGE\0001
    Manufacturer: DIY Software
    Name: Nikon SUPER COOLSCAN 9000 ED #3
    PNP Device ID: ROOT\IMAGE\0001
    Service: scsiscan
    .
    ==== System Restore Points ===================
    .
    RP1576: 7/25/2012 8:33:48 PM - Scheduled Checkpoint
    RP1577: 7/26/2012 12:00:11 AM - Windows Backup
    RP1578: 7/27/2012 12:00:11 AM - Windows Backup
    RP1579: 7/27/2012 2:06:56 AM - Windows Update
    RP1580: 7/27/2012 6:02:57 PM - Scheduled Checkpoint
    RP1581: 7/28/2012 12:00:10 AM - Windows Backup
    RP1582: 7/29/2012 12:00:11 AM - Windows Backup
    RP1583: 7/30/2012 12:00:11 AM - Windows Backup
    RP1584: 7/31/2012 12:00:09 AM - Windows Backup
    RP1585: 7/31/2012 2:20:52 AM - Windows Update
    RP1586: 8/1/2012 12:00:12 AM - Windows Backup
    RP1587: 8/2/2012 12:00:10 AM - Windows Backup
    RP1588: 8/3/2012 12:00:10 AM - Windows Backup
    RP1589: 8/3/2012 1:37:11 AM - Windows Update
    RP1590: 8/3/2012 1:58:16 PM - Scheduled Checkpoint
    RP1591: 8/4/2012 1:05:30 AM - Windows Backup
    RP1592: 8/4/2012 1:30:35 AM - 8/4/12 restore point
    RP1593: 8/4/2012 2:00:03 AM - Device Driver Package Install: HP Printers
    RP1594: 8/4/2012 2:01:48 AM - Device Driver Package Install: HP Printers
    RP1595: 8/5/2012 12:00:14 AM - Windows Backup
    RP1596: 8/6/2012 12:00:11 AM - Windows Backup
    RP1597: 8/7/2012 12:00:09 AM - Windows Backup
    RP1598: 8/7/2012 1:57:53 AM - Windows Update
    RP1599: 8/8/2012 12:00:11 AM - Windows Backup
    RP1600: 8/9/2012 12:00:10 AM - Windows Backup
    RP1601: 8/10/2012 12:00:10 AM - Windows Backup
    RP1602: 8/10/2012 1:58:00 AM - Windows Update
    RP1603: 8/11/2012 12:00:11 AM - Windows Backup
    RP1604: 8/11/2012 2:27:53 PM - Installed StreetSmart Edge
    RP1605: 8/12/2012 12:00:10 AM - Windows Backup
    RP1606: 8/13/2012 12:00:07 AM - Windows Backup
    RP1607: 8/13/2012 12:05:48 AM - avast! Free Antivirus Setup
    RP1608: 8/14/2012 4:50:11 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    .
    ABBYY FineReader 5.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader X (10.1.3)
    Amazon Games & Software Downloader
    AnyDVD
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    avast! Free Antivirus
    BadCopy Pro
    Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    Canon Pro9500 Mark II series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Easy-PhotoPrint Pro
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Turkish
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CloneDVD2
    Compatibility Pack for the 2007 Office system
    CyberView CS - ImageBox 1.2a (Build 20090921)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Getting Started Guide
    EPSON Perf 4870 Reference Guide
    EPSON Scan
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP LaserJet P1000 series
    HP Photosmart Essential
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPSSupply
    iSEEK AnswerWorks English Runtime
    Java Auto Updater
    Java(TM) 6 Update 31
    LaserJet 1020 series
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netflix in Windows Media Center
    Nikon Scan
    OVTScanner_X64
    PhotoshopdotcomInspirationBrowser
    Picasa 3
    PIXresizer 2.0.4
    Quicken 2007
    Quicken 2012
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Seagate DiscWizard
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skins
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    StreetSmart Edge
    StreetSmart Pro
    TurboTax 2011
    TurboTax 2011 wcaiper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    USB MassStorage CardReader
    VueScan
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/13/2012 12:11:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
    8/13/2012 12:11:18 AM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/12/2012 2:52:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/12/2012 2:52:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/12/2012 2:52:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    .
    ==== End Of File ===========================
     
  7. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Ray [Admin rights]
    Mode: Scan -- Date: 08/14/2012 22:05:19

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 9 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : radem (rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-2500361401-2329092988-2998417166-1000[...]\Run : radem (rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset) -> FOUND
    [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\n.) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\L --> FOUND
    [ZeroAccess][FILE] @ : c:\users\ray\appdata\local\{671474f1-fa80-57d5-7acd-d325b83af53a}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\ray\appdata\local\{671474f1-fa80-57d5-7acd-d325b83af53a}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\ray\appdata\local\{671474f1-fa80-57d5-7acd-d325b83af53a}\L --> FOUND
    [Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000340AS ATA Device +++++
    --- User ---
    [MBR] 008df27dff082dfd03d5d08ee7856032
    [BSP] 70162c37983db158c142ea96ca50514d : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST31000333AS ATA Device +++++
    --- User ---
    [MBR] 913073e647d240f23a9dde3b046a872b
    [BSP] 9ea3752a40f5fa59374b5db9bcd27f00 : MBR Code unknown
    Partition table:
    1 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: WDC WD10EAVS-00D7B1 ATA Device +++++
    --- User ---
    [MBR] 0d8bb3b04d56bb31dc0b0ab6c23805a4
    [BSP] c4086c680478a26fef701459a93cc49b : Standard MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: TEAC USB HS-CF Card USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: TEAC USB HS-xD/SM USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  8. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Well, problems are getting worse.
    So, I scanned with Rogue Killer and posted the results. Then, I downloaded the aswMBR.exe and scanned with it. On the first scan, I left it to scan and when I came back it was as if the computer had crashed. Didn't get a log or anything off of the first scan, so I scanned again. After the second scan, I got the following logs. As I was opening Firefox to post them up, it Blue Screened and memory dumped on me!!! Any idea what caused this???

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-15 00:08:07
    -----------------------------
    00:08:07.596 OS Version: Windows x64 6.0.6001 Service Pack 1
    00:08:07.596 Number of processors: 8 586 0x1A04
    00:08:07.596 ComputerName: RAY-PC UserName: Ray
    00:08:10.778 Initialize success
    00:08:10.903 AVAST engine defs: 12081401
    00:08:13.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:08:13.976 Disk 0 Vendor: ST31000340AS DE13 Size: 953869MB BusType: 3
    00:08:13.976 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    00:08:13.976 Disk 1 Vendor: ST31000333AS CC3H Size: 953869MB BusType: 3
    00:08:13.992 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4
    00:08:13.992 Disk 2 Vendor: WDC_WD10EAVS-00D7B1 01.01A01 Size: 953869MB BusType: 3
    00:08:14.023 Disk 0 MBR read successfully
    00:08:14.023 Disk 0 MBR scan
    00:08:14.023 Disk 0 Windows VISTA default MBR code
    00:08:14.039 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    00:08:14.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
    00:08:14.054 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938445 MB offset 31586304
    00:08:14.101 Disk 0 scanning C:\Windows\system32\drivers
    00:08:22.775 Service scanning
    00:08:33.227 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    00:08:35.988 Modules scanning
    00:08:35.988 Disk 0 trace - called modules:
    00:08:36.019 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys AnyDVD.sys >>UNKNOWN [0xfffffa80071342b0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    00:08:36.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800819a060]
    00:08:36.035 3 CLASSPNP.SYS[fffffa600134bb3a] -> nt!IofCallDriver -> [0xfffffa8007f3e520]
    00:08:36.035 5 acpi.sys[fffffa6000b70ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007f3a520]
    00:08:36.050 \Driver\atapi[0xfffffa8007f2ae70] -> IRP_MJ_CREATE -> 0xfffffa80071342b0
    00:08:37.797 AVAST engine scan C:\Windows
    00:08:43.897 AVAST engine scan C:\Windows\system32
    00:11:22.176 AVAST engine scan C:\Windows\system32\drivers
    00:11:38.260 AVAST engine scan C:\Users\Ray
    00:43:03.219 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Desktop\logs\MBR.dat"
    00:43:03.235 The log file has been saved successfully to "C:\Users\Ray\Desktop\logs\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You're infected with ZeroAccess rootkit.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKill.txt and Combofix.txt.
     
  10. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Well, this isn't quite going as planned. I ran Combofix, but it never generated any log or results. I ran it, left, then came back to a normal looking screen with the Combofix window closed. I looked in the C drive where the results are supposed to be and there's nothing. I did this a couple times so....

    Then, I followed your Rkill instructions. Downloaded Rkill and redownloaded Combofix. Booted to safe mode, ran Rkill, then Combofix. It gets about 1/2 way through and basically stops. The clock is still moving, so I guess it was still working. But... I left b/c it was taking a long time and I came back to a computer that had restarted on it's own. I brought everything back to safe mode and Combofix now seems to be crashed in the background. (pane on the bottom that I can't restore) Any idea what to do???

    And... Combofix seems to make a file directly on the C drive. It's not a log or txt file. It has a buncha random letters/numbers and when I double click it, it leads to showing me all of my drives.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  12. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Well, that worked out as planned.
    Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 15-08-2012 17:11:56
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6931488 2008-12-21] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
    HKLM\...\Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [136472 2008-06-24] (Seagate)
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-17] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon [722256 2008-12-11] (CANON INC.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1325848 2008-06-24] (Seagate)
    HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [904768 2008-06-24] (Acronis)
    HKLM-x32\...\Run: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [326144 2009-10-23] (Amazon.com)
    HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
    HKU\Ray\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Ray\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6241952 2012-07-30] (SlySoft, Inc.)
    HKU\Ray\...\Run: [radem] rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset [246272 2012-03-31] (C-Media Electronics Inc.)
    HKU\Ray\...\Run: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12288 2012-04-19] (Charles Schwab & Co., Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Lsa: [Authentication Packages] msv1_0
    relog_ap
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Ray\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ======

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 LPDSVC; C:\Windows\System32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)
    2 SgtSch2Svc; "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" [605464 2008-06-24] (Seagate)
    3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

    ========================== Drivers (Whitelisted) =============

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [44272 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
    3 NAL; \??\C:\Windows\system32\Drivers\iqvw64e.sys [33888 2008-05-23] (Intel Corporation )
    3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
    3 scsiscan; C:\Windows\System32\Drivers\scsiscan.sys [17920 2008-01-20] (Microsoft Corporation)
    3 scsiscan; C:\Windows\SysWow64\Drivers\scsiscan.sys [10576 1999-09-25] (Microsoft Corporation)
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2009-04-08] (Acronis)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2009-04-15] (Duplex Secure Ltd.)
    0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2009-04-08] (Acronis)
    2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2009-04-08] (Acronis)
    0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2009-04-08] (Acronis)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============


    2012-08-15 17:11 - 2012-08-15 17:11 - 00000000 ____D C:\FRST
    2012-08-15 15:00 - 2012-08-15 15:00 - 00000000 ____D C:\Windows\pss
    2012-08-15 14:47 - 2012-08-15 14:47 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill.exe
    2012-08-15 13:28 - 2012-08-15 15:54 - 00000000 ____D C:\Qoobox
    2012-08-15 13:27 - 2012-08-15 13:30 - 00000000 ____D C:\Windows\erdnt
    2012-08-14 23:46 - 2012-08-14 23:46 - 00270408 ____A C:\Windows\Minidump\Mini081512-01.dmp
    2012-08-14 21:30 - 2012-08-14 21:30 - 00270408 ____A C:\Windows\Minidump\Mini081412-01.dmp
    2012-08-14 21:28 - 2012-08-14 23:46 - 1195333827 ____A C:\Windows\MEMORY.DMP
    2012-08-14 21:08 - 2012-08-14 21:09 - 04731392 ____A (AVAST Software) C:\Users\Ray\Desktop\aswMBR.exe
    2012-08-14 21:03 - 2012-08-14 21:05 - 00000000 ____D C:\Users\Ray\Desktop\RK_Quarantine
    2012-08-14 21:01 - 2012-08-14 21:01 - 01558528 ____A C:\Users\Ray\Desktop\RogueKiller.exe
    2012-08-14 17:31 - 2012-08-14 17:31 - 00607260 ____R (Swearware) C:\Users\Ray\Downloads\dds.com
    2012-08-14 17:30 - 2011-12-02 16:06 - 00000902 ____A C:\Users\Ray\Desktop\Mozilla Firefox.lnk
    2012-08-14 16:24 - 2012-08-14 16:25 - 00302592 ____A C:\Users\Ray\Downloads\wozvzuoc.exe
    2012-08-12 23:09 - 2012-08-14 15:46 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-12 23:08 - 2012-08-12 23:08 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-08-12 23:08 - 2012-08-12 23:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-12 23:08 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-12 23:08 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-12 23:08 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-12 23:08 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-12 23:08 - 2012-07-03 08:21 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-08-12 23:08 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-12 23:07 - 2012-08-12 23:08 - 00356656 ____A C:\Users\Ray\AppData\Local\dd_vcredistMSI5361.txt
    2012-08-12 23:07 - 2012-08-12 23:08 - 00012598 ____A C:\Users\Ray\AppData\Local\dd_vcredistUI5361.txt
    2012-08-12 23:07 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-08-12 23:07 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-12 23:06 - 2012-08-12 23:06 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-08-12 23:06 - 2012-08-12 23:06 - 00000000 ____D C:\Program Files\AVAST Software
    2012-08-12 23:00 - 2012-08-12 23:02 - 89340632 ____A C:\Users\Ray\Downloads\avast_free_antivirus_setup.exe
    2012-08-12 20:46 - 2012-08-12 20:46 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-12 20:46 - 2012-08-12 20:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-12 20:44 - 2012-08-12 20:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ray\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-11 13:27 - 2012-08-11 13:27 - 20324112 ____A (Acresso Software Inc. ) C:\Users\Ray\Downloads\streetsmartedge(1).exe
    2012-08-10 11:36 - 2012-08-10 11:36 - 00001635 ____A C:\Users\Public\Desktop\Quicken.lnk
    2012-08-10 11:36 - 2011-09-16 18:51 - 04200024 ____A (Amyuni Technologies
    2012-08-10 11:35 - 2012-08-10 11:54 - 00000000 ____D C:\Program Files (x86)\Quicken
    2012-08-04 00:59 - 2012-08-04 01:04 - 00014353 ____A C:\P1005.log
    2012-08-04 00:59 - 2012-08-04 00:59 - 03715152 ____A C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
    2012-08-04 00:25 - 2012-08-04 00:36 - 00000000 ____D C:\Users\Ray\Desktop\New Folder
    2012-08-03 12:19 - 2012-08-03 14:30 - 00000024 ____A C:\Windows\B186097B1EA1EAEC.log
    2012-08-02 13:01 - 2012-08-12 13:49 - 00000000 ___HD C:\Users\Ray\AppData\Roaming\CF5B8AE0
    2012-07-31 07:00 - 2012-07-31 07:00 - 09949624 ____A C:\Users\Ray\Downloads\SetupAnyDVD7060.exe
    2012-07-25 10:27 - 2012-07-25 10:27 - 00000000 ____D C:\Users\Ray\AppData\Local\Macromedia
    2012-07-21 08:36 - 2012-07-21 08:36 - 00000305 ____A C:\Users\Ray\Desktop\Desktop - Shortcut.lnk

    ============ 3 Months Modified Files ========================

    2012-08-15 16:06 - 2009-03-20 12:15 - 01786881 ____A C:\Windows\WindowsUpdate.log
    2012-08-15 16:06 - 2006-11-02 07:42 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-15 16:06 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-15 16:06 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-15 16:06 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-15 16:05 - 2006-11-02 04:46 - 00716688 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-15 15:59 - 2010-08-10 10:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-15 15:34 - 2009-04-08 18:46 - 00001460 ____A C:\Users\Ray\AppData\Local\d3d9caps64.dat
    2012-08-15 15:03 - 2009-04-02 12:24 - 00211968 ____A C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-15 14:47 - 2012-08-15 14:47 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill.exe
    2012-08-15 14:45 - 2010-08-10 10:51 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-14 23:46 - 2012-08-14 23:46 - 00270408 ____A C:\Windows\Minidump\Mini081512-01.dmp
    2012-08-14 23:46 - 2012-08-14 21:28 - 1195333827 ____A C:\Windows\MEMORY.DMP
    2012-08-14 21:30 - 2012-08-14 21:30 - 00270408 ____A C:\Windows\Minidump\Mini081412-01.dmp
    2012-08-14 21:09 - 2012-08-14 21:08 - 04731392 ____A (AVAST Software) C:\Users\Ray\Desktop\aswMBR.exe
    2012-08-14 21:01 - 2012-08-14 21:01 - 01558528 ____A C:\Users\Ray\Desktop\RogueKiller.exe
    2012-08-14 17:31 - 2012-08-14 17:31 - 00607260 ____R (Swearware) C:\Users\Ray\Downloads\dds.com
    2012-08-14 16:25 - 2012-08-14 16:24 - 00302592 ____A C:\Users\Ray\Downloads\wozvzuoc.exe
    2012-08-14 15:53 - 2010-12-10 12:18 - 00065024 ____A C:\Users\Ray\Desktop\Stock.xls
    2012-08-14 15:46 - 2012-08-12 23:09 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-08-14 15:40 - 2009-04-02 16:57 - 00000414 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
    2012-08-13 15:43 - 2008-01-20 19:26 - 00064426 ____A C:\Windows\PFRO.log
    2012-08-12 23:08 - 2012-08-12 23:08 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-08-12 23:08 - 2012-08-12 23:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-08-12 23:08 - 2012-08-12 23:07 - 00356656 ____A C:\Users\Ray\AppData\Local\dd_vcredistMSI5361.txt
    2012-08-12 23:08 - 2012-08-12 23:07 - 00012598 ____A C:\Users\Ray\AppData\Local\dd_vcredistUI5361.txt
    2012-08-12 23:02 - 2012-08-12 23:00 - 89340632 ____A C:\Users\Ray\Downloads\avast_free_antivirus_setup.exe
    2012-08-12 20:46 - 2012-08-12 20:46 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-12 20:44 - 2012-08-12 20:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ray\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-12 13:35 - 2012-03-29 08:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-12 13:35 - 2012-03-29 08:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-12 07:47 - 2011-08-12 09:35 - 00012288 ____A C:\Users\Ray\Desktop\Honolulu Must Tries.wps
    2012-08-12 07:47 - 2009-07-29 13:02 - 00003290 ____A C:\Users\Ray\AppData\Roaming\wklnhst.dat
    2012-08-12 01:05 - 2009-11-10 11:57 - 00000468 ____A C:\Windows\Tasks\Driver Robot.job
    2012-08-11 13:28 - 2011-03-01 16:34 - 00001003 ____A C:\Users\Public\Desktop\StreetSmart Edge.lnk
    2012-08-11 13:27 - 2012-08-11 13:27 - 20324112 ____A (Acresso Software Inc. ) C:\Users\Ray\Downloads\streetsmartedge(1).exe
    2012-08-10 11:36 - 2012-08-10 11:36 - 00001635 ____A C:\Users\Public\Desktop\Quicken.lnk
    2012-08-10 11:35 - 2009-04-02 13:56 - 00000126 ____A C:\Windows\QUICKEN.INI
    2012-08-09 07:33 - 2010-12-17 08:45 - 02673664 ____A C:\Users\Ray\Desktop\Restaurants to try.wps
    2012-08-07 19:27 - 2011-05-19 16:14 - 00000680 ____A C:\Users\Ray\AppData\Local\d3d9caps.dat
    2012-08-04 01:04 - 2012-08-04 00:59 - 00014353 ____A C:\P1005.log
    2012-08-04 00:59 - 2012-08-04 00:59 - 03715152 ____A C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
    2012-08-03 14:30 - 2012-08-03 12:19 - 00000024 ____A C:\Windows\B186097B1EA1EAEC.log
    2012-08-03 12:26 - 2009-04-08 10:20 - 00000125 ___SH C:\Users\All Users\.zreglib
    2012-08-01 07:02 - 2012-07-11 13:56 - 00002142 ____A C:\Windows\setupact.log
    2012-07-31 07:00 - 2012-07-31 07:00 - 09949624 ____A C:\Users\Ray\Downloads\SetupAnyDVD7060.exe
    2012-07-31 07:00 - 2009-05-14 07:25 - 00000938 ____A C:\Users\Public\Desktop\AnyDVD.lnk
    2012-07-31 06:57 - 2010-11-03 07:56 - 00038400 ____A C:\Users\Ray\Desktop\Cell Phone Numbers.xls
    2012-07-21 08:36 - 2012-07-21 08:36 - 00000305 ____A C:\Users\Ray\Desktop\Desktop - Shortcut.lnk
    2012-07-13 06:14 - 2012-07-13 06:13 - 09830264 ____A C:\Users\Ray\Downloads\SetupAnyDVD7050.exe
    2012-07-11 13:56 - 2012-07-11 13:56 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-11 02:02 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-03 12:46 - 2011-12-11 23:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 08:21 - 2012-08-12 23:08 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-08-12 23:08 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-08-12 23:08 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-08-12 23:08 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-08-12 23:08 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-07-03 08:21 - 2012-08-12 23:08 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-08-12 23:07 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-03 08:21 - 2012-08-12 23:07 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-02 10:22 - 2012-07-02 10:13 - 1050389616 ____A (Microsoft Corporation) C:\Users\Ray\Downloads\X17-75238.exe
    2012-06-27 02:35 - 2006-11-02 07:21 - 00397144 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-27 02:12 - 2006-11-02 04:34 - 00000266 ____A C:\Windows\win.ini
    2012-06-26 12:27 - 2009-04-02 11:01 - 00107776 ____A C:\Users\Ray\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-17 08:08 - 2009-04-15 21:12 - 00002631 ____A C:\Users\Ray\Desktop\Microsoft Office Excel 2003.lnk
    2012-06-15 08:33 - 2010-03-10 08:19 - 00000829 ____A C:\Users\Public\Desktop\StreetSmart Pro.lnk
    2012-06-11 06:54 - 2012-04-17 16:42 - 00009216 ____A C:\Users\Ray\Desktop\Carlos Worklist 4-18-12.wps
    2012-05-31 11:25 - 2011-06-23 01:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 19:50 - 2012-05-29 19:50 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-29 12:41 - 2012-05-29 12:41 - 39483256 ____A (Apple Inc.) C:\Users\Ray\Downloads\QuickTimeInstaller.exe


    ZeroAccess:
    C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}
    C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\L
    C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U

    ZeroAccess:
    C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}
    C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\@
    C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\L
    C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 8182.26 MB
    Available physical RAM: 7531.93 MB
    Total Pagefile: 7928.15 MB
    Available Pagefile: 7493.44 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:916.45 GB) (Free:607.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (External Hardrive) (Fixed) (Total:931.51 GB) (Free:408.39 GB) NTFS
    3 Drive e: (Internal Back Up Hard Drive) (Fixed) (Total:931.5 GB) (Free:55.89 GB) NTFS
    4 Drive f: (KINGSTON) (Removable) (Total:1.89 GB) (Free:1.88 GB) FAT
    14 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:1.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 932 GB 0 B
    Disk 1 Online 932 GB 6144 KB
    Disk 2 Online 932 GB 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 Online 1937 MB 0 B
    Disk 8 No Media 0 B 0 B
    Disk 9 No Media 0 B 0 B
    Disk 10 No Media 0 B 0 B
    Disk 11 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 63 MB 32 KB
    Partition 2 Primary 15 GB 63 MB
    Partition 3 Primary 916 GB 15 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 14 FAT Partition 63 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 916 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 932 GB 8033 KB
    Partition 1 Logical 932 GB 8064 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Internal Ba NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 932 GB 32 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 D External Ha NTFS Partition 932 GB Healthy

    ==================================================================================

    Partitions of Disk 7:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1933 MB 4032 KB

    ==================================================================================

    Disk: 7
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 11 F KINGSTON FAT Removable 1933 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-15 16:05

    ======================= End Of Log ==========================
     
  13. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 2012-08-15 17:28:41
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\System32\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) BA539D2CE99C05A180EC518EA2040D6A
    C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-09-17 16:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-09-17 16:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    ====== End Of Search ======
     
  14. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    No idea if you want this or if it helps, but as requested before, here's my Rkill results log. Since I couldn't get Combofix to spit out a log, I have none to offer.

    Thanks!!

    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/15/2012 04:03:16 PM in x64 mode.
    Windows Version: Windows Vista

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

    * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


    Performing miscellaneous checks.

    * No issues found.

    Searching for Missing Digital Signatures:

    * C:\Windows\System32\services.exe [NoSig]

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/15/2012 04:03:40 PM
    Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally and see if Combofix will run.
     

    Attached Files:

  16. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Well, I screwed up a little bit. I ran FRST64 and hit Fix without the fixlist on the thumbdrive. Hopefully that ain't a prob. To try to fix this, I put fixlist on the drive and then ran the Fix button again.
    Here's the lastest fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
    Ran by SYSTEM at 2012-08-15 18:17:35 Run:2
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\Ray\Software\Microsoft\Windows\CurrentVersion\Run\\radem Value not found.
    C:\Users\Ray\AppData\Local\Temp\radem.dll not found.
    C:\Users\Ray\AppData\Roaming\CF5B8AE0 not found.
    C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a} not found.
    C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a} not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  17. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Well, I got Combofix to at least work past the first screen with the status bar. It no longer gets hung up there and mysteriously closes and does nothing afterwards. I had to uninstall Avast b/c even after disabling it, Combofix kept whining about it. At this point, Combofix is now "Attempting to create a new system restore point" in an MS DOS kinda window.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Keep it going...
     
  19. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Alright, finally got Combofix to spit out a log. So, what exactly did Combofix do for me?



    ComboFix 12-08-15.01 - Ray 08/15/2012 18:39:18.1.8 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8182.6615 [GMT -7:00]
    Running from: c:\users\Ray\Desktop\yourname1.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 72 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\B186097B1EA1EAEC.log
    c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\@
    c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U\00000001.@
    c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U\80000000.@
    c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U\800000cb.@
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 01:45 . 2012-08-16 02:07 -------- d-----w- c:\users\Ray\AppData\Local\temp
    2012-08-16 01:45 . 2012-08-16 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-16 01:11 . 2012-08-16 01:11 -------- d-----w- C:\FRST
    2012-08-13 07:08 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-13 07:06 . 2012-08-16 01:31 -------- d-----w- c:\programdata\AVAST Software
    2012-08-13 07:06 . 2012-08-13 07:06 -------- d-----w- c:\program files\AVAST Software
    2012-08-13 04:46 . 2012-08-13 04:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-10 19:36 . 2011-09-17 02:51 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
    2012-08-10 19:35 . 2012-08-10 19:54 -------- d-----w- c:\program files (x86)\Quicken
    2012-08-10 08:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFB905EF-2447-40BC-8CE3-5DD9BCF4627E}\mpengine.dll
    2012-07-25 18:27 . 2012-07-25 18:27 -------- d-----w- c:\users\Ray\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-12 21:35 . 2012-03-29 16:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-12 21:35 . 2012-03-29 16:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 10:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
    2012-07-03 20:46 . 2011-12-12 07:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-31 19:25 . 2011-06-23 09:12 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-30 6241952]
    "QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-04-19 12288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
    "AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
    "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    c:\users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2008-12-22 88576]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
    .
    2012-08-16 c:\windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-22 6931488]
    "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-15 19:09:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-16 02:09
    .
    Pre-Run: 798,767,673,344 bytes free
    Post-Run: 799,367,323,648 bytes free
    .
    - - End Of File - - 5B3C8716D9BED91C1748BBA0A2928A14
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good :)

    Any current issues?

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.16.01

    Windows Vista Service Pack 1 x64 NTFS
    Internet Explorer 7.0.6001.18000
    Ray :: RAY-PC [administrator]

    8/15/2012 7:59:44 PM
    mbam-log-2012-08-15 (19-59-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200726
    Time elapsed: 1 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  22. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    OTL logfile created on: 8/15/2012 8:03:02 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Ray\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.36% Memory free
    16.03 Gb Paging File | 14.51 Gb Available in Paging File | 90.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.45 Gb Total Space | 741.62 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 1.16 Gb Free Space | 7.74% Space Free | Partition Type: NTFS
    Drive J: | 931.50 Gb Total Space | 55.89 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
    Drive P: | 931.51 Gb Total Space | 409.36 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

    Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/15 20:00:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
    PRC - [2012/07/30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    PRC - [2008/09/23 19:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/10/23 13:31:44 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
    MOD - [2008/06/24 18:35:34 | 001,328,408 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/12/22 00:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2008/10/17 03:24:26 | 000,905,216 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008/09/23 19:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 19:52:05 | 000,041,984 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/18 14:20:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
    SRV - [2009/07/27 13:35:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
    SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/06/24 19:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/04/15 21:56:54 | 000,867,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/04/08 15:22:41 | 000,711,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
    DRV:64bit: - [2009/04/08 15:22:41 | 000,081,952 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
    DRV:64bit: - [2009/04/08 15:22:36 | 000,235,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
    DRV:64bit: - [2009/04/08 15:22:33 | 000,593,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
    DRV:64bit: - [2008/12/22 00:37:14 | 000,185,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2008/10/17 03:24:30 | 004,709,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2008/10/17 03:24:30 | 004,709,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/09/28 05:46:48 | 000,316,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2008/09/28 01:22:14 | 000,402,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/05/23 13:54:38 | 000,033,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
    DRV:64bit: - [2008/02/21 17:10:36 | 000,196,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ov550ivx.sys -- (OV550I)
    DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2008/01/20 19:47:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\scsiscan.sys -- (scsiscan)
    DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2007/11/14 00:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [1999/09/25 03:36:06 | 000,010,576 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\scsiscan.sys -- (scsiscan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes,DefaultScope = {D73444F7-AA4A-4CC0-9D84-5697B491014F}
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes\{D73444F7-AA4A-4CC0-9D84-5697B491014F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 14:20:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/20 10:52:09 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CC088F17-7B66-11E1-826D-B8AC6F996F26}: C:\Users\Ray\AppData\Local\{CC088F17-7B66-11E1-826D-B8AC6F996F26}\ [2012/03/31 12:22:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 14:20:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/20 10:52:09 | 000,000,000 | ---D | M]

    [2009/04/02 12:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\Mozilla\Extensions
    [2012/05/26 16:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\extensions
    [2012/05/26 16:38:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/10/27 14:43:54 | 000,002,254 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\searchplugins\askcom.xml
    [2012/04/25 16:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/31 12:22:00 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\RAY\APPDATA\LOCAL\{CC088F17-7B66-11E1-826D-B8AC6F996F26}
    [2012/07/18 14:20:16 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/03 09:34:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/01/07 21:00:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/07 21:00:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

    O1 HOSTS File: ([2012/08/15 19:06:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000..\Run: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe (Charles Schwab & Co., Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O15 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A83F878-A190-4BDC-92A1-5A809D002E86}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Ray\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Ray\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()
    O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/15 20:00:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
    [2012/08/15 19:10:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/15 19:10:01 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\temp
    [2012/08/15 18:23:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/15 18:23:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/15 18:23:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/15 18:22:07 | 004,731,145 | R--- | C] (Swearware) -- C:\Users\Ray\Desktop\yourname1.exe
    [2012/08/15 18:11:47 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/15 16:00:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/08/15 15:47:39 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ray\Desktop\rkill.exe
    [2012/08/15 14:28:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/15 14:27:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/14 22:08:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ray\Desktop\aswMBR.exe
    [2012/08/14 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\RK_Quarantine
    [2012/08/14 17:41:11 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\logs
    [2012/08/13 00:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/08/13 00:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/08/13 00:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/08/12 21:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/12 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/10 12:36:30 | 004,200,024 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
    [2012/08/10 12:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
    [2012/08/10 12:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
    [2012/08/04 01:25:33 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\New Folder
    [2012/07/25 11:27:50 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\Macromedia

    ========== Files - Modified Within 30 Days ==========

    [2012/08/15 20:00:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
    [2012/08/15 19:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/15 19:06:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/15 19:06:53 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/15 18:53:36 | 000,716,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/15 18:53:36 | 000,613,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/15 18:53:36 | 000,107,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/15 18:47:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/15 18:47:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/15 18:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/15 18:22:22 | 004,731,145 | R--- | M] (Swearware) -- C:\Users\Ray\Desktop\yourname1.exe
    [2012/08/15 17:41:07 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
    [2012/08/15 16:34:20 | 000,001,460 | ---- | M] () -- C:\Users\Ray\AppData\Local\d3d9caps64.dat
    [2012/08/15 16:03:23 | 000,211,968 | ---- | M] () -- C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/08/15 15:47:41 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ray\Desktop\rkill.exe
    [2012/08/15 00:46:01 | 1195,333,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/14 22:09:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ray\Desktop\aswMBR.exe
    [2012/08/14 22:01:42 | 001,558,528 | ---- | M] () -- C:\Users\Ray\Desktop\RogueKiller.exe
    [2012/08/14 16:46:21 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/13 00:15:10 | 000,002,011 | ---- | M] () -- C:\Users\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/08/13 00:08:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/08/12 21:46:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 08:47:34 | 000,012,288 | ---- | M] () -- C:\Users\Ray\Desktop\Honolulu Must Tries.wps
    [2012/08/12 08:47:34 | 000,003,290 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat
    [2012/08/11 14:28:29 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\StreetSmart Edge.lnk
    [2012/08/10 12:36:17 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\Quicken.lnk
    [2012/08/10 12:35:51 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
    [2012/08/09 08:33:25 | 002,673,664 | ---- | M] () -- C:\Users\Ray\Desktop\Restaurants to try.wps
    [2012/08/07 20:27:00 | 000,000,680 | ---- | M] () -- C:\Users\Ray\AppData\Local\d3d9caps.dat
    [2012/08/04 21:57:38 | 002,843,878 | ---- | M] () -- C:\Users\Ray\Desktop\005.JPG
    [2012/08/04 01:59:56 | 003,715,152 | ---- | M] () -- C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
    [2012/08/03 13:26:16 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2012/07/31 08:00:59 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
    [2012/07/21 09:36:39 | 000,000,305 | ---- | M] () -- C:\Users\Ray\Desktop\Desktop - Shortcut.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/15 18:23:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/15 18:23:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/15 18:23:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/15 18:23:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/15 18:23:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/14 22:28:39 | 1195,333,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/14 22:01:42 | 001,558,528 | ---- | C] () -- C:\Users\Ray\Desktop\RogueKiller.exe
    [2012/08/14 18:30:37 | 000,000,902 | ---- | C] () -- C:\Users\Ray\Desktop\Mozilla Firefox.lnk
    [2012/08/13 00:09:10 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/13 00:09:10 | 000,002,011 | ---- | C] () -- C:\Users\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/08/13 00:08:07 | 000,285,328 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
    [2012/08/13 00:08:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/08/12 21:46:48 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/10 12:36:17 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\Quicken.lnk
    [2012/08/08 16:59:44 | 002,843,878 | ---- | C] () -- C:\Users\Ray\Desktop\005.JPG
    [2012/08/04 01:59:38 | 003,715,152 | ---- | C] () -- C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
    [2012/07/21 09:36:39 | 000,000,305 | ---- | C] () -- C:\Users\Ray\Desktop\Desktop - Shortcut.lnk
    [2012/07/21 08:19:00 | 000,760,417 | ---- | C] () -- C:\Users\Ray\Documents\living room (3).JPG
    [2011/12/14 09:08:19 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/12/10 14:34:03 | 000,010,210 | -HS- | C] () -- C:\Users\Ray\AppData\Local\w7qt08g3tq7oll
    [2011/12/10 14:34:03 | 000,010,210 | -HS- | C] () -- C:\ProgramData\w7qt08g3tq7oll
    [2011/06/21 09:31:02 | 000,733,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/19 17:14:18 | 000,000,680 | ---- | C] () -- C:\Users\Ray\AppData\Local\d3d9caps.dat
    [2009/07/29 14:02:43 | 000,003,290 | ---- | C] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat
    [2009/04/08 19:46:55 | 000,001,460 | ---- | C] () -- C:\Users\Ray\AppData\Local\d3d9caps64.dat
    [2009/04/08 11:20:21 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2009/04/02 13:24:35 | 000,211,968 | ---- | C] () -- C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2009/11/10 12:57:18 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Blitware
    [2010/12/15 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Bluefive software
    [2011/10/03 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Canon
    [2012/08/10 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Charles Schwab
    [2009/12/08 18:47:47 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\EPSON
    [2009/06/09 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Image Zone Express
    [2009/08/04 10:19:01 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Leadertech
    [2009/11/27 15:52:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Nikon
    [2009/11/25 16:36:23 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\PIE
    [2009/04/12 09:33:51 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Printer Info Cache
    [2009/07/29 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Template
    [2012/08/15 18:46:05 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/08/15 17:41:07 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 565 bytes -> C:\Users\Ray\Documents\Correction of address.eml:OECustomProperty

    < End of report >
     
  23. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    So, how does everything look??

    It seems that my random audio has gone away. As I took off Avast, I can't really tell if there are any viruses attacking me...
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Extras.txt?
     
  25. gottarollwithit

    gottarollwithit TS Rookie Topic Starter Posts: 36

    Sorry, missed one! Gah, these logs all look the same! See anything of note?

    OTL Extras logfile created on: 8/15/2012 8:03:02 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Ray\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.36% Memory free
    16.03 Gb Paging File | 14.51 Gb Available in Paging File | 90.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.45 Gb Total Space | 741.62 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 1.16 Gb Free Space | 7.74% Space Free | Partition Type: NTFS
    Drive J: | 931.50 Gb Total Space | 55.89 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
    Drive P: | 931.51 Gb Total Space | 409.36 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

    Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9500_II_series" = Canon Pro9500 II series Printer Driver
    "{893D9341-6AEA-8463-83E1-70D004A56AD3}" = ccc-utility64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PROSetDX" = Intel(R) Network Connections 13.1.33.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
    "{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
    "{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
    "{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
    "{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
    "{5646676A-5A97-4B66-BE71-1B1770AD982B}" = StreetSmart Edge
    "{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
    "{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
    "{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
    "{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
    "{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
    "{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
    "{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
    "{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
    "{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_X64
    "{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
    "{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
    "{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
    "{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
    "{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E74B759B-1291-4CBA-962D-E1D86BCCAFE9}" = CyberView CS - ImageBox 1.2a (Build 20090921)
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
    "{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
    "{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
    "{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
    "040a_5005" = USB MassStorage CardReader
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "AnyDVD" = AnyDVD
    "BadCopy Pro" = BadCopy Pro
    "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    "Canon Pro9500 Mark II series User Registration" = Canon Pro9500 Mark II series User Registration
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CloneDVD2" = CloneDVD2
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
    "EPSON Scanner" = EPSON Scan
    "Google Chrome" = Google Chrome
    "HP LaserJet P1000 series" = HP LaserJet P1000 series
    "HP-LaserJet 1020 series" = LaserJet 1020 series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "Picasa 3" = Picasa 3
    "PIXresizer_is1" = PIXresizer 2.0.4
    "Silent Package Run-Time Sample" = EPSON Perf 4870 Reference Guide
    "TurboTax 2011" = TurboTax 2011
    "VueScan" = VueScan

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/17/2012 10:06:01 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/17/2012 10:46:05 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/17/2012 11:06:01 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/17/2012 11:46:05 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 12:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 12:46:05 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 1:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 1:46:05 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 2:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 2:46:05 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 6/18/2012 3:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    [ Media Center Events ]
    Error - 10/7/2009 4:35:32 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/10/2009 3:32:23 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/4/2009 4:41:36 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/13/2012 4:21:24 AM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/13/2012 6:14:19 AM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/13/2012 8:21:23 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/14/2012 7:49:36 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/14/2012 10:07:03 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/15/2012 4:08:17 AM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/15/2012 4:31:41 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 8/15/2012 9:20:24 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 8/15/2012 9:31:31 PM | Computer Name = Ray-PC | Source = HTTP | ID = 15016
    Description =

    Error - 8/15/2012 9:32:55 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 8/15/2012 9:34:34 PM | Computer Name = Ray-PC | Source = volsnap | ID = 393236
    Description = The shadow copies of volume D: were aborted because of a failed free
    space computation.

    Error - 8/15/2012 9:35:08 PM | Computer Name = Ray-PC | Source = volsnap | ID = 393236
    Description = The shadow copies of volume C: were aborted because of a failed free
    space computation.

    Error - 8/15/2012 9:42:03 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/15/2012 9:45:24 PM | Computer Name = Ray-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\yourname1\catchme.sys has been blocked from loading due to
    incompatibility with this system. Please contact your software vendor for a compatible
    version of the driver.

    Error - 8/15/2012 9:46:00 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/15/2012 9:47:19 PM | Computer Name = Ray-PC | Source = HTTP | ID = 15016
    Description =

    Error - 8/15/2012 9:48:39 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...