TechSpot

Malware - WindowsRepair

By fjccommish
Apr 3, 2011
  1. Hijacked Firefox on Google searches, WindowsRepair keeps popping up (looks like a virus scan), some process keeps playing some online radio, warnings keep popping up about disk drive failure, keeps hiding all files.

    Rkill stops it for about 15 minutes, then it starts it's effects again. Combofix keeps resulting in BSOD.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 6257

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    4/3/2011 1:45:56 PM
    mbam-log-2011-04-03 (13-45-56).txt

    Scan type: Quick scan
    Objects scanned: 164236
    Time elapsed: 37 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-03 14:54:59
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-22RST0 rev.04.01G04
    Running: 5moe4weg.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwtdypog.sys


    ---- Threads - GMER 1.0.15 ----

    Thread System [4:260] 8606DE84
    Thread System [4:264] 86070084

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x06 0xA5 0xA4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x1A 0xB8 0x2D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x4A 0x9E 0xAA ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x8A 0x1D 0x2F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x06 0xA5 0xA4 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x1A 0xB8 0x2D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x4A 0x9E 0xAA ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x8A 0x1D 0x2F ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD69.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6A.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6B.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6C.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6D.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6E.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6F.log 131072 bytes
    File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\errorPageStrings[1] 0 bytes
    File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\background_gradient[1] 0 bytes
    File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\down[2] 0 bytes
    File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\httpErrorPagesScripts[2] 0 bytes

    ---- EOF - GMER 1.0.15 ----

    ATTACH:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/16/2009 12:48:36 PM
    System Uptime: 4/3/2011 1:04:10 PM (1 hours ago)
    .
    Motherboard: Gateway | | RTL
    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1600/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 88.961 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP658: 4/2/2011 9:14:37 PM - Cleaned registry with Windows Live OneCare safety scanner
    .
    ==== Installed Programs ======================
    .
    Leawo Free FLV Converter version 2.2.0.2
    32 Bit HP CIO Components Installer
    6500_E709_Help
    6500_E709a
    ABC Amber LIT Converter
    Acer System Information
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Connect Add-in
    Adobe Creative Suite 4 Web Premium
    Adobe CS4 American English Speech Analysis Models
    Adobe Digital Editions
    Adobe Dynamiclink Support
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    Adobe Setup
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.9 (Unicode)
    Avira AntiVir Personal - Free Antivirus
    Belarc Advisor 7.2
    Bonjour
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CCleaner
    CDisplay 1.8
    Celtx (2.7)
    ConvertHelper 2.2
    Creative WebCam Instant Driver (1.01.02.0729)
    CuteFTP 8 Home
    Debut Video Capture Software
    Destination Component
    DeviceDiscovery
    Digidesign Free Bomb Factory Plug-Ins 7.4
    Digidesign Shared Plug-Ins 7.4
    DocMgr
    DocProc
    Dynamic Auto-Painter 2.0.7
    Extreme Picture Finder 3.13
    F-PROT Antivirus for Windows
    Fax
    ffdshow [rev 1723] [2007-12-24]
    Flash Decompiler Trillix
    Fraps (remove only)
    Free Audio CD Burner version 1.4
    Free YouTube to MP3 Converter version 3.9
    Google Talk Plugin
    GPBaseService2
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 12.0
    HP Document Manager 2.0
    HP Imaging Device Functions 12.0
    HP Officejet 6500 E709 Series
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    HPSSupply
    HyperCam 2
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Interlok driver setup x32
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 24
    Jpeg Enhancer 1.8
    KVIrc
    LAME v3.98.2 for Audacity
    Layer III Audio Encoder
    LyX 1.6.4-1
    Malwarebytes' Anti-Malware
    MarketResearch
    Media Player Classic - Home Cinema v1.4.2499.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Design 4
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Studio 4
    Microsoft Expression Web 4
    Microsoft Office Word Viewer 2003
    Microsoft Robocopy GUI
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ Run Time Lib Setup
    Microsoft Works 6-9 Converter
    Microsoft XNA Framework Redistributable 3.0
    MiKTeX 2.7
    mIRC
    Mobipocket Reader 6.2
    Mozilla Firefox (3.6.13)
    Mozilla Firefox 4.0 (x86 en-US)
    mpegable DS decoder
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    neroxml
    Network
    NVIDIA GAME System Software 2.8.1
    OCR Software by I.R.I.S. 12.0
    Octoshape add-in for Adobe Flash Player
    OnLive
    OpenOffice.org 3.1
    Opera 11.01
    Orb Runtime libraries
    Panda ActiveScan 2.0
    PrimoPDF -- by Nitro PDF Software
    ProductContext
    QuickTime
    Real Alternative 1.9.0
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    REALTEK RTL8187B Wireless LAN Driver
    REALTEK Wireless LAN Driver and Utility
    redist
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Media Encoder (KB2447961)
    Shop for HP Supplies
    Skype™ 5.1
    SmartWebPrinting
    SolutionCenter
    Sony Noise Reduction Plug-In 2.0h
    Sound Forge Pro 10.0
    Spybot - Search & Destroy
    Status
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    The Price is Right 2010 Edition(TM)
    Toolbox
    Total Recorder 7.1
    TrayApp
    Trojan Killer 2.0
    Uninstall 1.0.0.1
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    US122 Driver 3.40
    VLC media player 1.1.6
    Vuze
    WebReg
    Windows Live ID Sign-in Assistant
    Windows Live OneCare safety scanner
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinPcap 4.0.2
    WinRAR archiver
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    .
    ==== End Of File ===========================


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Owner at 14:57:42.86 on Sun 04/03/2011
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.795 [GMT -5:00]
    .
    AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Wireless LAN Utility\RtlService.exe
    C:\Program Files\Realtek\Wireless LAN Utility\RtWlan.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [mmXNDaTEQtRsP] c:\programdata\mmXNDaTEQtRsP.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\mbam\mbam.exe" /runcleanupscript
    mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-explorer: RestrictRun = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-explorer: RestrictRun = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF
    IE: Free YouTube to Mp3 Converter - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    TCP: {842AD645-55CB-4D9C-8D53-D1F7FCA9B9B3} = 156.154.70.22,156.154.71.22
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tta80589.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?tab=mc
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
    FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-4-2 28552]
    R1 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FPAV_RTP.sys [2011-4-2 693080]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-3 61960]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    .
    =============== Created Last 30 ================
    .
    2011-04-03 07:09:15 61960 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-03 07:08:53 -------- d--h--w- c:\progra~2\Avira
    2011-04-03 07:08:53 -------- d-----w- c:\program files\Avira
    2011-04-03 07:06:34 475136 ---ha-w- c:\progra~2\43835144.exe
    2011-04-03 06:57:29 544768 ---ha-w- c:\progra~2\mmXNDaTEQtRsP.exe
    2011-04-03 05:51:18 -------- d-s---w- C:\ComboFix
    2011-04-03 05:42:06 -------- d--h--w- C:\we
    2011-04-03 05:40:58 1377112 ---ha-w- C:\TDSSKiller.exe
    2011-04-02 10:59:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-04-02 10:59:30 -------- d-----w- c:\program files\Panda Security
    2011-04-02 10:35:13 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
    2011-04-02 10:35:05 -------- d--h--w- c:\progra~2\FRISK Software
    2011-04-02 10:35:01 -------- d-----w- c:\program files\FRISK Software
    2011-04-02 06:02:09 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-04-02 06:02:04 -------- d--h--w- c:\users\owner\appdata\local\temp
    2011-04-02 05:35:35 98816 ----a-w- c:\windows\sed.exe
    2011-04-02 05:35:35 89088 ----a-w- c:\windows\MBR.exe
    2011-04-02 05:35:35 256512 ----a-w- c:\windows\PEV.exe
    2011-04-02 05:35:35 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-02 01:46:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2011-03-22 19:57:46 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 19:57:46 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 19:57:46 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-10 01:26:19 -------- d--h--w- c:\users\owner\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-03-09 16:48:52 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 16:48:52 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 16:48:52 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 16:48:52 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 16:48:50 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 16:48:49 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    ==================== Find3M ====================
    .
    2011-02-20 05:34:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 14:59:13.57 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    In the second part of Combofix manual, I listed some options, you should use, in case, Combofix doesn't want to run normally.....

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. fjccommish

    fjccommish TS Rookie Topic Starter

    I cannot get Combofix to run to the point it creates a log. I've run it a few times since 5PM central, re-downloading after each attempt:

    Normal mode as combofix.exe - the little box appeared, the green bar filled, but the blue command prompt window never opened.

    Normal mode as myname.exe after running rkill - same result

    Safe mode as myname,exe after running rkill. It wanted to update, after updating an error appeared saying it could not locate combofix.exe.

    Safe mode as myname,exe after running rkill - BSOD.

    Safe mode as myname,exe after running rkill - rebooted during the process, then on reboot nothing happened. It wasn't running any more.

    Normal mode after Rkill, windows repair popped up, many error messages about disk failure, and even error messages about combofix being corrupt. Combofix did run through a lot of steps. It eventually rebooted the system, claimed a log file was being created, but after 15 minutes the screen turned black with a white rectangular cursor. After 2 1/2 hours it was still like that so I rebooted. During this process I saw (in the blue combofix window) a message saying it was deleting a windows repair folder, but windows repair continues to run after the reboot.

    This is the Rkill log after the last attempt.

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 04/03/2011 at 19:11:52.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\ProgramData\mmXNDaTEQtRsP.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE


    Rkill completed on 04/03/2011 at 19:12:00.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. fjccommish

    fjccommish TS Rookie Topic Starter

    OTL Extras logfile created on: 4/5/2011 10:54:28 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 82.17 Gb Free Space | 55.13% Space Free | Partition Type: NTFS

    Computer Name: FRANKCVO | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0661F52D-C089-4B20-9859-8ABE1B1E0AD0}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server |
    "{0B9A1F5A-A87A-4349-9A1E-B27E094FC4EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{0ED4FF49-A362-4832-B3CF-16DF848DC8C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1C3FB36E-A47E-4E97-AE6B-8769A288263C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2416CACC-57A0-46FA-A547-F6D5D581196B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2CA620BD-129B-4DE5-88CA-42C4E3B254DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{2E62C962-6649-46BB-95FD-BCB202D12A07}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2EE466C9-C34A-4D0B-94D7-C8B8A642D3BB}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{30DB9D4E-8510-4E6F-B3AD-4F58ECBE10CE}" = rport=137 | protocol=17 | dir=out | app=system |
    "{334F2C83-8812-497A-B9BB-3D2ABC0D2F9F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{38D05E22-15F9-4652-B2B2-C0F489071F9C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3AB823C9-F5D1-403E-994A-3451CF429B8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3ADA7465-5A28-4170-98BA-FC053E542459}" = lport=10280 | protocol=17 | dir=in | name=m8 |
    "{3D3DE4E7-AD8A-41AA-B338-AA72F3991928}" = lport=10243 | protocol=6 | dir=in | name=media2`` |
    "{4295373B-42CF-4D50-8540-A04DF48430FB}" = rport=139 | protocol=6 | dir=out | app=system |
    "{456A3F92-3471-4252-ACAD-61169A9B5EDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4664205F-C63A-419A-BADB-3023CDCFD914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{49CB26A1-C894-4AD8-BC04-727F0C121F03}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4B63A283-013D-4CCD-8AF1-91EC437C4745}" = rport=445 | protocol=6 | dir=out | app=system |
    "{4CA3EF1D-0F3F-478D-875B-04B1B344B16C}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{4EDDED52-CC08-49E1-BAD2-EEA48EA0DEE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5108420F-6497-4AA2-BBD0-10196E3375C2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{52EC2BD7-663A-4E72-8AE9-99B34C91CAA1}" = lport=10282 | protocol=17 | dir=in | name=m6 |
    "{5A2B98F9-4D09-408F-A53D-01080E2B631B}" = lport=2869 | protocol=6 | dir=in | name=media |
    "{5B9B9117-FB36-46DE-82B5-86CB3178C2C8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{5F6BA0C2-4605-4A77-BD76-ED925EB174B8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{66547CF6-94CE-4CF9-9742-2801F6CCEAA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6ACC4DF6-D6D9-4233-97DE-47BCDB1B64D9}" = lport=10283 | protocol=17 | dir=in | name=m5 |
    "{6AFA186F-3E79-4374-A449-2FB2AC123711}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6E104150-4469-418F-B5CE-9E5F2EE528CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{713098EE-90F9-46A1-A4F4-8DB2C406A1A2}" = lport=10284 | protocol=17 | dir=in | name=m4 |
    "{77670A36-96BD-431A-AAA1-11971D27599A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7A0A0F8D-5B2F-426F-8204-6864C1085F8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C645243-AAD3-4756-8585-0E9446E0EA13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{86309506-FA94-4CD5-AC97-C04BB6B0273E}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{88059636-8B4C-495F-87D9-87DE44EAB12C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8D009D7A-F65B-4741-87FE-28AD62AFD1CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{919821CA-2248-405E-A725-8136D210ACEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9640A502-45F1-4648-87FA-5654C7BFBB6C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{9A29ED16-2FC4-4F59-BEB9-86A5283F910D}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{9AD0BCEB-C447-4C65-8382-7BF4BC97415B}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{9C51D5EB-DCB1-4688-8D3E-F9B5827D3522}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{9FB70545-5FC7-4D8D-B203-6C9485755B63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A261E1E6-AF3D-4024-AB82-384D60559247}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{A3E4A816-FE3F-4EFE-9FDE-7F64117CB9B6}" = lport=10281 | protocol=17 | dir=in | name=m7 |
    "{AB5D875F-6CD9-46E9-8E0A-E9CCB9769A0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B0527B94-E766-40B1-A2A2-145F3C0E98B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BAB3ACFF-9D51-4E44-90BF-206806BE81CF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BD7BC1DF-29D4-4DAA-8CFB-EA5C8258BFD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BE569214-B47B-4D8A-B87B-01F7FB13049D}" = lport=1900 | protocol=17 | dir=in | name=m3` |
    "{BF9FD36F-9E8F-49F3-A558-CE48E356FAC3}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{D1721110-F8A4-4C8F-A20F-9E95FB598B39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D356ACB5-86E1-4131-B42E-E2A42B251895}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{DFA87630-AF3B-48C7-B01D-22C0B0EC4139}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E56132EA-F3F2-44E9-AC39-AC5743EA9C2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{ED5001B7-E1B2-4E6D-8CBC-A56E758E1464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F96FCC47-A85C-459C-8E7E-BFCAC8E30533}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FA92B819-680E-4E91-A15D-E803DFB4041E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FFE175F2-56E0-4549-8927-5A6C14B49ED7}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{010FED9B-7266-4EE8-A6AD-63DFE0D53CE1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{0BC2252E-2F3A-4365-9050-0827E9823394}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{15457B82-9D02-4F0A-B22C-D51BEF71BF50}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{1599550D-EA05-4309-9646-4AD507827F95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{185B3D02-A544-4029-8949-A1B4BAB12F40}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{24A556F2-5D34-4B9C-A942-A06FFC3DF85C}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
    "{40BB2CE0-8EC9-4764-8341-9A63C3E141C5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
    "{43DDE72B-3C5B-4141-9523-A116AA92C8F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4AD39ABE-B420-4F74-8FDB-9C6D573FA081}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4E983D94-E624-427F-A353-830528433142}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
    "{50F24334-7F88-4EB7-8D59-916A3E1716AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5F3BD8E7-5E14-439B-8D0B-03BF2F0E6EFD}" = protocol=6 | dir=out | app=system |
    "{6AC8257A-73FE-47F3-834F-12719D01AC27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6FA334BE-2F04-40DA-B867-CAE0BFA8CC9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7CE8C542-DEDE-4027-9F2F-5872810D46AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{82346A93-4200-4896-8AFC-3A02275E8C97}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{87F73067-D04D-4B7C-B7D0-A1020522C9DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{920DC6DA-F08E-424C-B176-F1DDFA2DD50D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{92933B0D-1204-47FB-8241-E061110631B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9320931E-2287-4ECF-AE76-ADB9BDFF2F5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9A07EEEB-094A-427C-9A17-0C1479D7134D}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
    "{AA9A272E-0D84-41B2-BF62-844F446D3395}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B0913282-B419-4499-80D8-DDB763F7BBFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B9A7AFF2-BC27-4463-ADE5-835BC243EE93}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C87862EA-8CD6-4A97-A0AE-04B7CF731F11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D64B5C23-C714-45E4-801B-AB48C1996158}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D8B80111-9DE2-4386-A414-BE73693B8D75}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{DB675C6E-64E7-4EE7-93E7-DF0CDB509106}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{DE967ABD-3B2A-4417-84D5-06985EEBFD68}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
    "{E4B66CFA-ED25-46F8-AD9D-58FF10B93346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E872A99D-41EC-4224-A56D-9F3939654562}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{EDFCB82C-0F85-4174-8D91-EF25DBBF08B5}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
    "{F49A0690-22B6-4CAE-98F8-4C24BA4817EE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{F5696310-A110-4C26-9D58-AC9403FACBE8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "TCP Query User{4C176AE1-719F-405C-B257-91CCC44D527C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{7C965CA2-0911-4B47-9B7A-22C605BE4554}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{8E900F5C-D8E9-4628-87B6-311A9DD16AEC}C:\windows\system32\windirlzk.exe" = protocol=6 | dir=in | app=c:\windows\system32\windirlzk.exe |
    "TCP Query User{D18A3ED2-D5F9-4184-9C52-8779660A9B21}C:\windows\system32\windirlzk.exe" = protocol=6 | dir=in | app=c:\windows\system32\windirlzk.exe |
    "TCP Query User{EF0F4F49-1DAD-4C5B-9E9F-7B7361216764}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
    "TCP Query User{FEFBF8F5-D7FC-4784-86F8-FB5D27070E95}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{182D9A74-7719-46E8-8FEF-0BA443C5A800}C:\windows\system32\windirlzk.exe" = protocol=17 | dir=in | app=c:\windows\system32\windirlzk.exe |
    "UDP Query User{1D8900F7-870A-46A2-8C54-6C167C1BDBDC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{A4F47A25-0392-4B40-A196-A59B0D0ED77D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{B02EBDA7-4D43-448E-8B3A-2DA4F03F95FC}C:\windows\system32\windirlzk.exe" = protocol=17 | dir=in | app=c:\windows\system32\windirlzk.exe |
    "UDP Query User{ED531ADF-9191-4E85-83EE-1ABCCE8BD59E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{F6C9E856-D781-40E4-84A2-9D47CD682956}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0DF70CB6-553A-4C57-8E6D-876322ECFB78}" = REALTEK Wireless LAN Driver and Utility
    "{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3732AF18-9C3C-428D-B944-F7E3FADEE3F3}" = Adobe Setup
    "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
    "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
    "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
    "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
    "{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
    "{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.0.7
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
    "{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0AF91F4-D1ED-490E-8751-997AF2A3FF0D}_is1" = Leawo Free FLV Converter version 2.2.0.2
    "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
    "{F4DA32EA-B9F2-4B22-87E2-E8937DA4F6A8}" = Adobe Creative Suite 4 Web Premium
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "ABC Amber LIT Converter" = ABC Amber LIT Converter
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
    "Adobe_f7a01857897174b3e50432317243d3e" = Adobe Creative Suite 4 Web Premium
    "am-thepriceisright2010editiontm" = The Price is Right 2010 Edition(TM)
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Belarc Advisor" = Belarc Advisor 7.2
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "CCleaner" = CCleaner
    "CDisplay_is1" = CDisplay 1.8
    "Celtx (2.7)" = Celtx (2.7)
    "Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
    "Debut" = Debut Video Capture Software
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "Digital Editions" = Adobe Digital Editions
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "Extreme Picture Finder_is1" = Extreme Picture Finder 3.13
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
    "Fraps" = Fraps (remove only)
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 1.99.1
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 12.0
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "HyperCam 2" = HyperCam 2
    "Jpeg Enhancer_is1" = Jpeg Enhancer 1.8
    "KVIrc" = KVIrc
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Layer III Audio Encoder 1.0.70111" = Layer III Audio Encoder
    "LyX" = LyX 1.6.4-1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MiKTeX 2.7" = MiKTeX 2.7
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "mpegable DS" = mpegable DS decoder
    "OnLive" = OnLive
    "Opera 11.01.1190" = Opera 11.01
    "PrimoPDF" = PrimoPDF -- by Nitro PDF Software
    "RealAlt_is1" = Real Alternative 1.9.0
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "The Cleaner_is1" = The Cleaner 2012
    "TotalRecorder" = Total Recorder 7.1
    "Uninstall_is1" = Uninstall 1.0.0.1
    "US122 Driver_is1" = US122 Driver 3.40
    "VLC media player" = VLC media player 1.1.6
    "Web_4.0.1165.0" = Microsoft Expression Web 4
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinPcapInst" = WinPcap 4.0.2
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Connect Add-in" = Adobe Connect Add-in
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/22/2011 8:25:04 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/22/2011 8:25:04 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 210149

    Error - 3/22/2011 8:25:04 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 210149

    Error - 3/22/2011 8:25:05 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/22/2011 8:25:05 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 211147

    Error - 3/22/2011 8:25:05 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 211147

    Error - 3/22/2011 8:25:06 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/22/2011 8:25:06 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 212145

    Error - 3/22/2011 8:25:06 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 212145

    Error - 3/22/2011 8:25:07 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Media Center Events ]
    Error - 4/27/2009 12:27:32 AM | Computer Name = FrankCVO | Source = Mcx2Dvcs | ID = 401
    Description =

    Error - 4/27/2009 12:37:35 AM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 4/27/2009 12:42:35 AM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 8/23/2009 11:15:11 PM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 10/8/2009 3:29:11 PM | Computer Name = FrankCVO | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/6/2011 6:12:51 AM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  6. fjccommish

    fjccommish TS Rookie Topic Starter

    OTL logfile created on: 4/5/2011 10:54:28 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 82.17 Gb Free Space | 55.13% Space Free | Partition Type: NTFS

    Computer Name: FRANKCVO | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2011/03/04 14:37:00 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/04 14:36:52 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/04 14:36:51 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/01/13 19:26:26 | 001,196,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Wireless LAN Utility\RtWLan.exe
    PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Wireless LAN Utility\RtlService.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/04 14:37:00 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/04 14:36:52 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\Realtek\Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2009/04/23 13:08:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/04 16:11:12 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/03/04 14:37:13 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/12/30 12:34:53 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/31 15:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/10/28 16:19:41 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2008/10/27 23:51:34 | 000,127,496 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
    DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
    DRV - [2007/08/29 15:50:48 | 000,039,168 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122Wdm.sys -- (Us122WdmService)
    DRV - [2007/08/29 15:50:34 | 000,018,304 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122DL.sys -- (US122DL)
    DRV - [2007/08/29 15:50:02 | 000,131,968 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122.sys -- (US122)
    DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/10/26 12:14:22 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcgbfl.sys -- (avcgbfl)
    DRV - [2005/09/26 14:08:12 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcgbdr.sys -- (avcgbdr)
    DRV - [2004/07/29 14:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
    FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
    FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
    FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
    FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/30 18:19:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:28:49 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 13:28:49 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/03/20 00:00:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

    [2010/06/04 14:04:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2010/06/04 14:04:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
    [2011/04/01 00:08:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\extensions
    [2011/04/01 00:08:47 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/03/22 12:51:58 | 000,000,000 | -H-D | M] (Vuze Remote Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/11/26 05:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/24 13:43:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/26 05:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
    [2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
    [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/04/03 22:02:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\MBAM\mbam.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/03/31 11:13:29 | 000,000,000 | ---D | M] - C:\autopainter -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.I420 - msh263.drv File not found
    Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/04 00:06:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/04/03 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\thecleaner
    [2011/04/03 23:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
    [2011/04/03 23:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner
    [2011/04/03 23:46:32 | 044,784,008 | ---- | C] (MooSoft Development LLC ) -- C:\Users\Owner\Desktop\cleaner8_setup.exe
    [2011/04/03 23:13:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/04/03 23:09:00 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\backups
    [2011/04/03 22:46:04 | 000,218,112 | -H-- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Owner\Desktop\HijackThis.exe
    [2011/04/03 22:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
    [2011/04/03 22:11:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/04/03 22:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\temp
    [2011/04/03 21:54:37 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/04/03 21:54:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/03 18:20:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/04/03 18:01:18 | 000,000,000 | ---D | C] -- C:\FrankC13701F
    [2011/04/03 17:44:44 | 000,000,000 | ---D | C] -- C:\Frankc
    [2011/04/03 17:38:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/04/03 02:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/04/03 02:09:15 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/04/03 02:09:15 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/04/03 02:09:15 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/04/03 02:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
    [2011/04/03 02:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/04/03 00:50:23 | 001,377,112 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
    [2011/04/03 00:42:06 | 000,000,000 | ---D | C] -- C:\we
    [2011/04/03 00:40:58 | 001,377,112 | -H-- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
    [2011/04/02 05:59:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
    [2011/04/02 05:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2011/04/02 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
    [2011/04/02 05:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\FRISK Software
    [2011/04/02 00:35:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/02 00:35:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/02 00:35:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/01 23:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2011/04/01 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
    [2011/04/01 20:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2011/03/31 16:13:32 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Baseball
    [2011/03/25 11:34:09 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\REv
    [2011/03/22 23:33:35 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Hertz
    [2011/03/21 00:24:35 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\HRL
    [2011/03/09 20:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/08 03:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/01/15 11:28:00 | 001,169,736 | -H-- | C] (Microsoft Corporation) -- C:\Users\Owner\AppData\Roaming\datacore.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/04/05 22:58:12 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/05 22:58:12 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/05 22:51:03 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/05 22:51:03 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/05 22:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/05 22:50:53 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/05 22:18:03 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000UA.job
    [2011/04/04 23:17:01 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000Core.job
    [2011/04/04 01:26:26 | 004,757,419 | ---- | M] () -- C:\Users\Owner\Desktop\Cube60_FCabanski.mp3
    [2011/04/04 00:40:41 | 002,318,627 | ---- | M] () -- C:\Users\Owner\Desktop\DiabetesWellness_FCabanski.mp3
    [2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/04/03 23:47:18 | 044,784,008 | ---- | M] (MooSoft Development LLC ) -- C:\Users\Owner\Desktop\cleaner8_setup.exe
    [2011/04/03 22:58:53 | 000,000,579 | -H-- | M] () -- C:\Users\Owner\Desktop\Windows Repair.lnk
    [2011/04/03 22:36:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42393352r
    [2011/04/03 22:36:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42393352
    [2011/04/03 22:20:02 | 001,402,880 | -H-- | M] () -- C:\Users\Owner\Desktop\HijackThis.msi
    [2011/04/03 22:02:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/04/03 21:47:59 | 001,006,778 | -H-- | M] () -- C:\Users\Owner\Desktop\rkill.scr
    [2011/04/03 21:47:29 | 004,313,198 | RH-- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/04/03 21:33:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
    [2011/04/03 21:33:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43114248
    [2011/04/03 19:09:08 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40623880r
    [2011/04/03 19:09:08 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~40623880
    [2011/04/03 18:25:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~41148168
    [2011/04/03 18:25:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~41148168r
    [2011/04/03 18:03:38 | 125,128,293 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/04/03 17:56:18 | 001,006,778 | -H-- | M] () -- C:\Users\Owner\Desktop\rkill.exe
    [2011/04/03 12:18:06 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43835144
    [2011/04/03 12:18:04 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43835144r
    [2011/04/02 11:59:22 | 000,049,583 | ---- | M] () -- C:\Users\Owner\Documents\365 Liberal Quotes.ods
    [2011/04/01 23:03:44 | 000,000,680 | -H-- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2011/04/01 18:27:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r
    [2011/04/01 18:27:37 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
    [2011/03/30 23:22:47 | 000,359,040 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_SS.mp3
    [2011/03/30 23:16:55 | 000,277,248 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_ALDR.mp3
    [2011/03/30 22:45:12 | 000,620,544 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_Aspire.mp3
    [2011/03/30 22:29:42 | 000,331,008 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_Grammar.mp3
    [2011/03/30 22:18:02 | 002,069,942 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_ZyVestra.mp3
    [2011/03/30 22:16:28 | 000,051,712 | -H-- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/26 15:56:48 | 000,229,479 | ---- | M] () -- C:\Users\Owner\Documents\Untitled.wma
    [2011/03/25 02:07:13 | 000,910,105 | -H-- | M] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.mp3
    [2011/03/25 02:02:05 | 002,177,334 | -H-- | M] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.aif
    [2011/03/23 16:16:56 | 000,015,530 | -H-- | M] () -- C:\Users\Owner\Desktop\huh.jpg
    [2011/03/21 00:39:00 | 000,241,622 | ---- | M] () -- C:\Users\Owner\Documents\Headroom Learning SAT Prep Guidelines.odt
    [2011/03/20 12:29:09 | 000,007,774 | -H-- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg
    [2011/03/18 22:51:12 | 002,712,554 | -H-- | M] () -- C:\Users\Owner\Desktop\AVO_FCabanski.mp3
    [2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
    [2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
    [2011/03/08 01:47:45 | 011,449,883 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC.zip

    ========== Files Created - No Company Name ==========

    [2011/04/04 01:26:19 | 004,757,419 | ---- | C] () -- C:\Users\Owner\Desktop\Cube60_FCabanski.mp3
    [2011/04/04 00:40:38 | 002,318,627 | ---- | C] () -- C:\Users\Owner\Desktop\DiabetesWellness_FCabanski.mp3
    [2011/04/03 23:21:24 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/03 22:47:58 | 000,000,579 | -H-- | C] () -- C:\Users\Owner\Desktop\Windows Repair.lnk
    [2011/04/03 22:23:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42393352r
    [2011/04/03 22:23:18 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~42393352
    [2011/04/03 22:20:03 | 001,402,880 | -H-- | C] () -- C:\Users\Owner\Desktop\HijackThis.msi
    [2011/04/03 21:48:09 | 001,006,778 | -H-- | C] () -- C:\Users\Owner\Desktop\rkill.scr
    [2011/04/03 21:47:21 | 004,313,198 | RH-- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/04/03 21:33:31 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43114248r
    [2011/04/03 21:33:31 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43114248
    [2011/04/03 19:09:08 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~40623880r
    [2011/04/03 19:09:07 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~40623880
    [2011/04/03 18:25:09 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~41148168r
    [2011/04/03 18:25:07 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~41148168
    [2011/04/03 17:56:18 | 001,006,778 | -H-- | C] () -- C:\Users\Owner\Desktop\rkill.exe
    [2011/04/03 02:07:08 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43835144r
    [2011/04/03 02:07:07 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43835144
    [2011/04/02 00:35:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/02 00:35:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/02 00:35:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/02 00:35:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/02 00:35:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/01 18:27:37 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43310856r
    [2011/04/01 18:27:36 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43310856
    [2011/03/30 23:22:44 | 000,359,040 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_SS.mp3
    [2011/03/30 23:16:53 | 000,277,248 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_ALDR.mp3
    [2011/03/30 22:45:07 | 000,620,544 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_Aspire.mp3
    [2011/03/30 22:29:39 | 000,331,008 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_Grammar.mp3
    [2011/03/30 22:17:59 | 002,069,942 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_ZyVestra.mp3
    [2011/03/26 15:56:48 | 000,229,479 | ---- | C] () -- C:\Users\Owner\Documents\Untitled.wma
    [2011/03/25 02:02:05 | 002,177,334 | -H-- | C] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.aif
    [2011/03/25 01:57:56 | 000,910,105 | -H-- | C] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.mp3
    [2011/03/25 01:46:08 | 075,096,064 | -H-- | C] () -- C:\Users\Owner\Desktop\MOV00C.MOD
    [2011/03/25 01:46:03 | 154,818,560 | -H-- | C] () -- C:\Users\Owner\Desktop\MOV00B.MOD
    [2011/03/23 16:16:55 | 000,015,530 | -H-- | C] () -- C:\Users\Owner\Desktop\huh.jpg
    [2011/03/20 14:26:16 | 000,241,622 | ---- | C] () -- C:\Users\Owner\Documents\Headroom Learning SAT Prep Guidelines.odt
    [2011/03/20 12:29:09 | 000,007,774 | -H-- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg
    [2011/03/18 22:51:08 | 002,712,554 | -H-- | C] () -- C:\Users\Owner\Desktop\AVO_FCabanski.mp3
    [2011/02/12 13:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
    [2010/12/29 12:11:43 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
    [2010/12/28 17:02:30 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8C25D98BE3.sys
    [2010/12/28 17:02:29 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/08/30 18:18:35 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/08/30 18:15:16 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
    [2010/08/23 17:38:04 | 000,144,074 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
    [2010/06/09 05:33:20 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2010/05/09 02:03:18 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
    [2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\Users\Owner\AppData\Local\7SkRgtbX5FlAM
    [2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\ProgramData\7SkRgtbX5FlAM
    [2010/02/24 17:09:06 | 000,186,704 | ---- | C] () -- C:\Windows\hpwins23.dat
    [2010/02/24 17:01:33 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
    [2010/01/15 11:27:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/01/15 11:27:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/01/14 12:49:27 | 000,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
    [2010/01/14 12:45:27 | 000,000,036 | -H-- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
    [2009/10/09 13:29:31 | 000,000,872 | ---- | C] () -- C:\Windows\System32\PCProxy.ini
    [2009/10/09 13:29:26 | 000,173,384 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll
    [2009/10/02 22:59:59 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
    [2009/05/25 17:49:17 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
    [2009/04/24 00:13:58 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/04/22 23:19:05 | 000,051,712 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/16 13:53:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/04/16 12:54:01 | 000,000,680 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/03/27 20:35:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2009/03/27 20:34:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
    [2009/03/27 20:34:13 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2009/03/05 08:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2008/02/11 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/02/11 21:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
    [2008/02/11 21:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
    [2008/02/11 21:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
    [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,327,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2009/11/10 13:30:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
    [2011/04/04 01:30:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
    [2011/04/05 22:49:08 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
    [2011/01/09 01:28:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\cdnLGjkRYqyoUPQOTFLSiK
    [2011/03/09 20:26:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/10/28 18:09:33 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Pro
    [2010/11/03 11:20:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
    [2009/05/06 13:14:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Foxit
    [2011/02/12 04:47:43 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
    [2009/05/26 18:22:34 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\GlobalSCAPE
    [2010/06/04 14:04:18 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Greyfirst
    [2011/01/03 17:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\KVIrc4
    [2010/01/03 11:39:32 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Leawo
    [2010/10/29 17:38:59 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Ludia
    [2009/08/28 01:05:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\lyx16
    [2009/07/17 12:55:50 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Machete
    [2009/09/29 19:21:44 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam
    [2010/10/11 12:27:46 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Mobipocket
    [2009/07/17 13:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
    [2010/10/05 01:39:07 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\OnLive App
    [2009/04/23 11:11:00 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
    [2011/02/02 01:32:49 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Opera
    [2010/08/18 16:28:11 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Orbit
    [2010/06/06 01:52:47 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
    [2011/03/02 02:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PrimoPDF
    [2010/08/18 16:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
    [2010/11/24 00:32:12 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
    [2009/05/03 23:48:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
    [2010/06/08 18:13:12 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony
    [2010/06/17 23:19:27 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony Creative Software
    [2011/02/12 04:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Stella
    [2010/05/08 18:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\StreamTorrent
    [2009/07/13 12:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
    [2011/04/03 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\thecleaner
    [2011/02/15 00:36:07 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\TotalRecorder
    [2010/12/28 17:37:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
    [2011/02/12 04:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    [2010/03/30 12:23:31 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\VitySoft
    [2011/02/12 04:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\XnViewMP
    [2011/04/05 22:49:54 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/07/27 13:31:09 | 000,009,041 | ---- | M] () -- C:\deviceInfo.txt
    [2011/04/05 22:50:53 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2009/04/23 11:56:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/16 10:07:58 | 000,110,592 | -H-- | M] () -- C:\iperf.exe
    [2005/09/12 19:29:52 | 000,026,440 | -H-- | M] () -- C:\M-Hwr.ttf
    [2009/04/23 11:56:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/04/05 22:50:52 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
    [2011/04/03 21:50:28 | 000,000,468 | ---- | M] () -- C:\rkill.log
    [2010/12/29 12:11:48 | 000,005,324 | ---- | M] () -- C:\SetUp-Log-mpegable DS decoder.txt
    [2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/07/31 15:59:53 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 04:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
    [2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp082.dll
    [2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/31 16:18:32 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/03 23:47:18 | 044,784,008 | ---- | M] (MooSoft Development LLC ) -- C:\Users\Owner\Desktop\cleaner8_setup.exe
    [2011/04/03 21:47:29 | 004,313,198 | RH-- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2005/02/16 11:06:16 | 000,218,112 | -H-- | M] (Soeperman Enterprises Ltd.) -- C:\Users\Owner\Desktop\HijackThis.exe
    [2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/04/03 17:56:18 | 001,006,778 | -H-- | M] () -- C:\Users\Owner\Desktop\rkill.exe
    [2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/07/31 16:17:03 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/07/31 16:16:33 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/16 12:54:18 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini
    [2011/03/01 03:29:58 | 000,000,514 | -H-- | M] () -- C:\Users\Owner\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/04/13 23:41:27 | 000,011,626 | -HS- | M] () -- C:\ProgramData\7SkRgtbX5FlAM
    [2010/12/28 17:03:29 | 000,000,088 | RHS- | M] () -- C:\ProgramData\8C25D98BE3.sys
    [2010/08/30 18:19:36 | 000,003,950 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/12/28 17:08:27 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/04/03 19:09:08 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~40623880
    [2011/04/03 19:09:08 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40623880r
    [2011/04/03 18:25:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~41148168
    [2011/04/03 18:25:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~41148168r
    [2011/04/03 22:36:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42393352
    [2011/04/03 22:36:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42393352r
    [2011/04/03 21:33:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43114248
    [2011/04/03 21:33:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
    [2011/04/01 18:27:37 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
    [2011/04/01 18:27:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r
    [2011/04/03 12:18:06 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43835144
    [2011/04/03 12:18:04 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43835144r

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:F4CA4D70
    @Alternate Data Stream - 1290 bytes -> C:\Program Files\Common Files\System:mgurvAEvBZwRHDCgj51
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 1126 bytes -> C:\ProgramData\Microsoft:9FEwnGlnJA4V2nXXAar
    @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:zvyOd7ChzRa7AsDEM9dWVeijMaB
    @Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:cxRZweriKJpcunPMmwS0QtS
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/04/03 22:36:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42393352r
      [2011/04/03 22:36:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42393352
      [2011/04/03 21:33:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
      [2011/04/03 21:33:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43114248
      [2011/04/03 19:09:08 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40623880r
      [2011/04/03 19:09:08 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~40623880
      [2011/04/03 18:25:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~41148168
      [2011/04/03 18:25:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~41148168r
      [2011/04/03 12:18:06 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43835144
      [2011/04/03 12:18:04 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43835144r
      [2011/04/01 18:27:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r
      [2011/04/01 18:27:37 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
      [2010/12/28 17:02:30 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8C25D98BE3.sys
      [2010/12/28 17:02:29 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
      [2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\Users\Owner\AppData\Local\7SkRgtbX5FlAM
      [2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\ProgramData\7SkRgtbX5FlAM
      [2011/01/09 01:28:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\cdnLGjkRYqyoUPQOTFLSiK
      @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:F4CA4D70
      @Alternate Data Stream - 1290 bytes -> C:\Program Files\Common Files\System:mgurvAEvBZwRHDCgj51
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
      @Alternate Data Stream - 1126 bytes -> C:\ProgramData\Microsoft:9FEwnGlnJA4V2nXXAar
      @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:zvyOd7ChzRa7AsDEM9dWVeijMaB
      @Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:cxRZweriKJpcunPMmwS0QtS
      @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  8. fjccommish

    fjccommish TS Rookie Topic Starter

    It rebooted the system when it was finished. No log popped up, and after the reboot I couldn't find a log.

    OTL also deleted itself - it's gone from the desktop.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download fresh copy, run the fix one more time and post the log.
     
  10. fjccommish

    fjccommish TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File C:\ProgramData\~42393352r not found.
    File C:\ProgramData\~42393352 not found.
    File C:\ProgramData\~43114248r not found.
    File C:\ProgramData\~43114248 not found.
    File C:\ProgramData\~40623880r not found.
    File C:\ProgramData\~40623880 not found.
    File C:\ProgramData\~41148168 not found.
    File C:\ProgramData\~41148168r not found.
    File C:\ProgramData\~43835144 not found.
    File C:\ProgramData\~43835144r not found.
    File C:\ProgramData\~43310856r not found.
    File C:\ProgramData\~43310856 not found.
    File C:\ProgramData\8C25D98BE3.sys not found.
    File C:\ProgramData\KGyGaAvL.sys not found.
    File C:\Users\Owner\AppData\Local\7SkRgtbX5FlAM not found.
    File C:\ProgramData\7SkRgtbX5FlAM not found.
    C:\Users\Owner\AppData\Roaming\cdnLGjkRYqyoUPQOTFLSiK folder moved successfully.
    Unable to delete ADS C:\ProgramData\TEMP:F4CA4D70 .
    Unable to delete ADS C:\Program Files\Common Files\System:mgurvAEvBZwRHDCgj51 .
    Unable to delete ADS C:\ProgramData\TEMP:94A19129 .
    Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
    Unable to delete ADS C:\ProgramData\Microsoft:9FEwnGlnJA4V2nXXAar .
    Unable to delete ADS C:\ProgramData\Microsoft:zvyOd7ChzRa7AsDEM9dWVeijMaB .
    Unable to delete ADS C:\ProgramData\Microsoft:cxRZweriKJpcunPMmwS0QtS .
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 36186 bytes
    ->Temporary Internet Files folder emptied: 259397 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 817166613 bytes
    ->Opera cache emptied: 1012440 bytes
    ->Flash cache emptied: 10213 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 51379 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 781.00 mb


    [EMPTYFLASH]

    User: Admin1
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04082011_003123

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Delete your Combofix file, download fresh one and see, if it'll run now.
     
  12. fjccommish

    fjccommish TS Rookie Topic Starter

    Combofix finished. This is the log.

    ComboFix 11-04-07.08 - Owner 04/08/2011 11:29:09.5.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1243 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Windows Repair.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-08 16:35 . 2011-04-08 16:36 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2011-04-08 16:35 . 2011-04-08 16:35 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-04-08 16:35 . 2011-04-08 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-08 16:35 . 2011-04-08 16:35 -------- d-----w- c:\users\Admin1\AppData\Local\temp
    2011-04-06 07:25 . 2011-04-06 07:25 -------- d-----w- C:\_OTL
    2011-04-04 04:49 . 2011-04-04 04:49 -------- d-----w- c:\users\Owner\AppData\Roaming\thecleaner
    2011-04-04 04:49 . 2011-04-04 04:52 -------- d-----w- c:\program files\The Cleaner
    2011-04-03 23:01 . 2011-04-03 23:02 -------- d-----w- C:\FrankC13701F
    2011-04-03 22:44 . 2011-04-03 22:44 -------- d-----w- C:\Frankc
    2011-04-03 07:09 . 2011-03-04 21:11 137656 ---ha-w- c:\windows\system32\drivers\avipbb.sys
    2011-04-03 07:09 . 2011-03-04 19:37 61960 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-03 07:08 . 2011-04-03 07:08 -------- d--h--w- c:\programdata\Avira
    2011-04-03 07:08 . 2011-04-03 07:08 -------- d-----w- c:\program files\Avira
    2011-04-03 05:42 . 2011-04-03 05:42 -------- d-----w- C:\we
    2011-04-02 10:59 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-04-02 10:59 . 2011-04-02 10:59 -------- d-----w- c:\program files\Panda Security
    2011-04-02 10:47 . 2011-04-03 02:15 -------- d-----w- c:\program files\Windows Live Safety Center
    2011-04-02 10:35 . 2011-04-02 10:35 -------- d--h--w- c:\programdata\FRISK Software
    2011-04-02 01:46 . 2011-04-02 19:12 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2011-03-22 19:57 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 19:57 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-22 19:57 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-10 01:26 . 2011-03-10 01:26 -------- d--h--w- c:\users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-03-09 16:48 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 16:48 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 16:48 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 16:48 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 16:48 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 16:48 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-20 05:34 . 2010-07-24 18:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-20 16:37 . 2011-02-12 10:05 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-12 10:05 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-12 10:05 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-12 10:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-12 10:04 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-12 10:04 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-12 10:04 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-12 10:04 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-12 10:04 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-12 10:05 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-12 10:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-12 10:04 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-12 10:04 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-12 10:05 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-12 10:05 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-12 10:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-12 10:05 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-12 10:05 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-12 10:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-12 10:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-12 10:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-12 10:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-12 10:05 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-12 10:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-12 10:05 683008 ----a-w- c:\windows\system32\d2d1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\MBAM\mbam.exe" [2010-04-29 1090952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-08-27 00:06 136176 ---hatw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 21:24 54840 ---ha-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
    2011-03-29 22:53 5150936 ----a-w- c:\program files\The Cleaner\tcap.exe
    .
    R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    R3 US122;US122 Driver;c:\windows\system32\Drivers\US122.sys [2007-08-29 131968]
    R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DL.sys [2007-08-29 18304]
    R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdm.sys [2007-08-29 39168]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-28 722416]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
    S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
    S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 127496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 00:06]
    .
    2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 00:06]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Append Link Target to Existing PDF
    IE: Free YouTube to Mp3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    TCP: {842AD645-55CB-4D9C-8D53-D1F7FCA9B9B3} = 156.154.70.22,156.154.71.22
    TCP: {FA859631-21FD-4801-89A5-40B9F001A94B} = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?tab=mc
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Connect Add-in - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-08 11:36
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-04-08 11:38:23
    ComboFix-quarantined-files.txt 2011-04-08 16:38
    .
    Pre-Run: 82,993,823,744 bytes free
    Post-Run: 82,645,233,664 bytes free
    .
    - - End Of File - - 6BA44CF9ABED7752AF46477703211068
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good job :)

    How is computer doing?

    What is your AV program?

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Are you still out there?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...