Inactive Malware - WindowsRepair

[fjccommish]

Hijacked Firefox on Google searches, WindowsRepair keeps popping up (looks like a virus scan), some process keeps playing some online radio, warnings keep popping up about disk drive failure, keeps hiding all files.

Rkill stops it for about 15 minutes, then it starts it's effects again. Combofix keeps resulting in BSOD.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 6257

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/3/2011 1:45:56 PM
mbam-log-2011-04-03 (13-45-56).txt

Scan type: Quick scan
Objects scanned: 164236
Time elapsed: 37 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-03 14:54:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: 5moe4weg.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwtdypog.sys


---- Threads - GMER 1.0.15 ----

Thread System [4:260] 8606DE84
Thread System [4:264] 86070084

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x06 0xA5 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x1A 0xB8 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x4A 0x9E 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x8A 0x1D 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x0F 0x98 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE1 0x06 0xA5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x05 0x1A 0xB8 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0x4A 0x9E 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1C 0x8A 0x1D 0x2F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD69.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6A.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6B.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6C.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6D.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6E.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0BD6F.log 131072 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\errorPageStrings[1] 0 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\background_gradient[1] 0 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\down[2] 0 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCA9H8D1\httpErrorPagesScripts[2] 0 bytes

---- EOF - GMER 1.0.15 ----

ATTACH:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 12:48:36 PM
System Uptime: 4/3/2011 1:04:10 PM (1 hours ago)
.
Motherboard: Gateway | | RTL
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 88.961 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP658: 4/2/2011 9:14:37 PM - Cleaned registry with Windows Live OneCare safety scanner
.
==== Installed Programs ======================
.
Leawo Free FLV Converter version 2.2.0.2
32 Bit HP CIO Components Installer
6500_E709_Help
6500_E709a
ABC Amber LIT Converter
Acer System Information
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Connect Add-in
Adobe Creative Suite 4 Web Premium
Adobe CS4 American English Speech Analysis Models
Adobe Digital Editions
Adobe Dynamiclink Support
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.9 (Unicode)
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 7.2
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
CDisplay 1.8
Celtx (2.7)
ConvertHelper 2.2
Creative WebCam Instant Driver (1.01.02.0729)
CuteFTP 8 Home
Debut Video Capture Software
Destination Component
DeviceDiscovery
Digidesign Free Bomb Factory Plug-Ins 7.4
Digidesign Shared Plug-Ins 7.4
DocMgr
DocProc
Dynamic Auto-Painter 2.0.7
Extreme Picture Finder 3.13
F-PROT Antivirus for Windows
Fax
ffdshow [rev 1723] [2007-12-24]
Flash Decompiler Trillix
Fraps (remove only)
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.9
Google Talk Plugin
GPBaseService2
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
HyperCam 2
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Interlok driver setup x32
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 24
Jpeg Enhancer 1.8
KVIrc
LAME v3.98.2 for Audacity
Layer III Audio Encoder
LyX 1.6.4-1
Malwarebytes' Anti-Malware
MarketResearch
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Office Word Viewer 2003
Microsoft Robocopy GUI
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works 6-9 Converter
Microsoft XNA Framework Redistributable 3.0
MiKTeX 2.7
mIRC
Mobipocket Reader 6.2
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0 (x86 en-US)
mpegable DS decoder
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Network
NVIDIA GAME System Software 2.8.1
OCR Software by I.R.I.S. 12.0
Octoshape add-in for Adobe Flash Player
OnLive
OpenOffice.org 3.1
Opera 11.01
Orb Runtime libraries
Panda ActiveScan 2.0
PrimoPDF -- by Nitro PDF Software
ProductContext
QuickTime
Real Alternative 1.9.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
REALTEK RTL8187B Wireless LAN Driver
REALTEK Wireless LAN Driver and Utility
redist
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Media Encoder (KB2447961)
Shop for HP Supplies
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Sony Noise Reduction Plug-In 2.0h
Sound Forge Pro 10.0
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
SUPERAntiSpyware
Synaptics Pointing Device Driver
The Price is Right 2010 Edition(TM)
Toolbox
Total Recorder 7.1
TrayApp
Trojan Killer 2.0
Uninstall 1.0.0.1
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
US122 Driver 3.40
VLC media player 1.1.6
Vuze
WebReg
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinRAR archiver
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== End Of File ===========================


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 14:57:42.86 on Sun 04/03/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.795 [GMT -5:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Wireless LAN Utility\RtlService.exe
C:\Program Files\Realtek\Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [mmXNDaTEQtRsP] c:\programdata\mmXNDaTEQtRsP.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\mbam\mbam.exe" /runcleanupscript
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF
IE: Free YouTube to Mp3 Converter - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
TCP: {842AD645-55CB-4D9C-8D53-D1F7FCA9B9B3} = 156.154.70.22,156.154.71.22
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?tab=mc
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-4-2 28552]
R1 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FPAV_RTP.sys [2011-4-2 693080]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-3 61960]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
.
=============== Created Last 30 ================
.
2011-04-03 07:09:15 61960 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-03 07:08:53 -------- d--h--w- c:\progra~2\Avira
2011-04-03 07:08:53 -------- d-----w- c:\program files\Avira
2011-04-03 07:06:34 475136 ---ha-w- c:\progra~2\43835144.exe
2011-04-03 06:57:29 544768 ---ha-w- c:\progra~2\mmXNDaTEQtRsP.exe
2011-04-03 05:51:18 -------- d-s---w- C:\ComboFix
2011-04-03 05:42:06 -------- d--h--w- C:\we
2011-04-03 05:40:58 1377112 ---ha-w- C:\TDSSKiller.exe
2011-04-02 10:59:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-04-02 10:59:30 -------- d-----w- c:\program files\Panda Security
2011-04-02 10:35:13 693080 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
2011-04-02 10:35:05 -------- d--h--w- c:\progra~2\FRISK Software
2011-04-02 10:35:01 -------- d-----w- c:\program files\FRISK Software
2011-04-02 06:02:09 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-02 06:02:04 -------- d--h--w- c:\users\owner\appdata\local\temp
2011-04-02 05:35:35 98816 ----a-w- c:\windows\sed.exe
2011-04-02 05:35:35 89088 ----a-w- c:\windows\MBR.exe
2011-04-02 05:35:35 256512 ----a-w- c:\windows\PEV.exe
2011-04-02 05:35:35 161792 ----a-w- c:\windows\SWREG.exe
2011-04-02 01:46:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-22 19:57:46 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 19:57:46 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 19:57:46 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 01:26:19 -------- d--h--w- c:\users\owner\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-03-09 16:48:52 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 16:48:52 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 16:48:52 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 16:48:52 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 16:48:50 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 16:48:49 677888 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-02-20 05:34:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 14:59:13.57 ===============

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

In the second part of Combofix manual, I listed some options, you should use, in case, Combofix doesn't want to run normally.....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[fjccommish]

I cannot get Combofix to run to the point it creates a log. I've run it a few times since 5PM central, re-downloading after each attempt:

Normal mode as combofix.exe - the little box appeared, the green bar filled, but the blue command prompt window never opened.

Normal mode as myname.exe after running rkill - same result

Safe mode as myname,exe after running rkill. It wanted to update, after updating an error appeared saying it could not locate combofix.exe.

Safe mode as myname,exe after running rkill - BSOD.

Safe mode as myname,exe after running rkill - rebooted during the process, then on reboot nothing happened. It wasn't running any more.

Normal mode after Rkill, windows repair popped up, many error messages about disk failure, and even error messages about combofix being corrupt. Combofix did run through a lot of steps. It eventually rebooted the system, claimed a log file was being created, but after 15 minutes the screen turned black with a white rectangular cursor. After 2 1/2 hours it was still like that so I rebooted. During this process I saw (in the blue combofix window) a message saying it was deleting a windows repair folder, but windows repair continues to run after the reboot.

This is the Rkill log after the last attempt.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/03/2011 at 19:11:52.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\ProgramData\mmXNDaTEQtRsP.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE


Rkill completed on 04/03/2011 at 19:12:00.

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[fjccommish]

OTL Extras logfile created on: 4/5/2011 10:54:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 82.17 Gb Free Space | 55.13% Space Free | Partition Type: NTFS

Computer Name: FRANKCVO | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0661F52D-C089-4B20-9859-8ABE1B1E0AD0}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server |
"{0B9A1F5A-A87A-4349-9A1E-B27E094FC4EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0ED4FF49-A362-4832-B3CF-16DF848DC8C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C3FB36E-A47E-4E97-AE6B-8769A288263C}" = lport=139 | protocol=6 | dir=in | app=system |
"{2416CACC-57A0-46FA-A547-F6D5D581196B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CA620BD-129B-4DE5-88CA-42C4E3B254DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2E62C962-6649-46BB-95FD-BCB202D12A07}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EE466C9-C34A-4D0B-94D7-C8B8A642D3BB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{30DB9D4E-8510-4E6F-B3AD-4F58ECBE10CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{334F2C83-8812-497A-B9BB-3D2ABC0D2F9F}" = rport=138 | protocol=17 | dir=out | app=system |
"{38D05E22-15F9-4652-B2B2-C0F489071F9C}" = lport=445 | protocol=6 | dir=in | app=system |
"{3AB823C9-F5D1-403E-994A-3451CF429B8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3ADA7465-5A28-4170-98BA-FC053E542459}" = lport=10280 | protocol=17 | dir=in | name=m8 |
"{3D3DE4E7-AD8A-41AA-B338-AA72F3991928}" = lport=10243 | protocol=6 | dir=in | name=media2`` |
"{4295373B-42CF-4D50-8540-A04DF48430FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{456A3F92-3471-4252-ACAD-61169A9B5EDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4664205F-C63A-419A-BADB-3023CDCFD914}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49CB26A1-C894-4AD8-BC04-727F0C121F03}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4B63A283-013D-4CCD-8AF1-91EC437C4745}" = rport=445 | protocol=6 | dir=out | app=system |
"{4CA3EF1D-0F3F-478D-875B-04B1B344B16C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{4EDDED52-CC08-49E1-BAD2-EEA48EA0DEE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5108420F-6497-4AA2-BBD0-10196E3375C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52EC2BD7-663A-4E72-8AE9-99B34C91CAA1}" = lport=10282 | protocol=17 | dir=in | name=m6 |
"{5A2B98F9-4D09-408F-A53D-01080E2B631B}" = lport=2869 | protocol=6 | dir=in | name=media |
"{5B9B9117-FB36-46DE-82B5-86CB3178C2C8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5F6BA0C2-4605-4A77-BD76-ED925EB174B8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{66547CF6-94CE-4CF9-9742-2801F6CCEAA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6ACC4DF6-D6D9-4233-97DE-47BCDB1B64D9}" = lport=10283 | protocol=17 | dir=in | name=m5 |
"{6AFA186F-3E79-4374-A449-2FB2AC123711}" = lport=137 | protocol=17 | dir=in | app=system |
"{6E104150-4469-418F-B5CE-9E5F2EE528CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{713098EE-90F9-46A1-A4F4-8DB2C406A1A2}" = lport=10284 | protocol=17 | dir=in | name=m4 |
"{77670A36-96BD-431A-AAA1-11971D27599A}" = lport=138 | protocol=17 | dir=in | app=system |
"{7A0A0F8D-5B2F-426F-8204-6864C1085F8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C645243-AAD3-4756-8585-0E9446E0EA13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86309506-FA94-4CD5-AC97-C04BB6B0273E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{88059636-8B4C-495F-87D9-87DE44EAB12C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D009D7A-F65B-4741-87FE-28AD62AFD1CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{919821CA-2248-405E-A725-8136D210ACEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9640A502-45F1-4648-87FA-5654C7BFBB6C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9A29ED16-2FC4-4F59-BEB9-86A5283F910D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9AD0BCEB-C447-4C65-8382-7BF4BC97415B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C51D5EB-DCB1-4688-8D3E-F9B5827D3522}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9FB70545-5FC7-4D8D-B203-6C9485755B63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A261E1E6-AF3D-4024-AB82-384D60559247}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A3E4A816-FE3F-4EFE-9FDE-7F64117CB9B6}" = lport=10281 | protocol=17 | dir=in | name=m7 |
"{AB5D875F-6CD9-46E9-8E0A-E9CCB9769A0F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0527B94-E766-40B1-A2A2-145F3C0E98B1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAB3ACFF-9D51-4E44-90BF-206806BE81CF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BD7BC1DF-29D4-4DAA-8CFB-EA5C8258BFD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE569214-B47B-4D8A-B87B-01F7FB13049D}" = lport=1900 | protocol=17 | dir=in | name=m3` |
"{BF9FD36F-9E8F-49F3-A558-CE48E356FAC3}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D1721110-F8A4-4C8F-A20F-9E95FB598B39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D356ACB5-86E1-4131-B42E-E2A42B251895}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DFA87630-AF3B-48C7-B01D-22C0B0EC4139}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E56132EA-F3F2-44E9-AC39-AC5743EA9C2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED5001B7-E1B2-4E6D-8CBC-A56E758E1464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F96FCC47-A85C-459C-8E7E-BFCAC8E30533}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA92B819-680E-4E91-A15D-E803DFB4041E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFE175F2-56E0-4549-8927-5A6C14B49ED7}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010FED9B-7266-4EE8-A6AD-63DFE0D53CE1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0BC2252E-2F3A-4365-9050-0827E9823394}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{15457B82-9D02-4F0A-B22C-D51BEF71BF50}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1599550D-EA05-4309-9646-4AD507827F95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{185B3D02-A544-4029-8949-A1B4BAB12F40}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{24A556F2-5D34-4B9C-A942-A06FFC3DF85C}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
"{40BB2CE0-8EC9-4764-8341-9A63C3E141C5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
"{43DDE72B-3C5B-4141-9523-A116AA92C8F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AD39ABE-B420-4F74-8FDB-9C6D573FA081}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E983D94-E624-427F-A353-830528433142}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
"{50F24334-7F88-4EB7-8D59-916A3E1716AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F3BD8E7-5E14-439B-8D0B-03BF2F0E6EFD}" = protocol=6 | dir=out | app=system |
"{6AC8257A-73FE-47F3-834F-12719D01AC27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FA334BE-2F04-40DA-B867-CAE0BFA8CC9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CE8C542-DEDE-4027-9F2F-5872810D46AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{82346A93-4200-4896-8AFC-3A02275E8C97}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87F73067-D04D-4B7C-B7D0-A1020522C9DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{920DC6DA-F08E-424C-B176-F1DDFA2DD50D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{92933B0D-1204-47FB-8241-E061110631B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9320931E-2287-4ECF-AE76-ADB9BDFF2F5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A07EEEB-094A-427C-9A17-0C1479D7134D}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{AA9A272E-0D84-41B2-BF62-844F446D3395}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0913282-B419-4499-80D8-DDB763F7BBFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9A7AFF2-BC27-4463-ADE5-835BC243EE93}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C87862EA-8CD6-4A97-A0AE-04B7CF731F11}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D64B5C23-C714-45E4-801B-AB48C1996158}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8B80111-9DE2-4386-A414-BE73693B8D75}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DB675C6E-64E7-4EE7-93E7-DF0CDB509106}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE967ABD-3B2A-4417-84D5-06985EEBFD68}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\tversity\media server\mediaserver.exe |
"{E4B66CFA-ED25-46F8-AD9D-58FF10B93346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E872A99D-41EC-4224-A56D-9F3939654562}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EDFCB82C-0F85-4174-8D91-EF25DBBF08B5}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
"{F49A0690-22B6-4CAE-98F8-4C24BA4817EE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F5696310-A110-4C26-9D58-AC9403FACBE8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"TCP Query User{4C176AE1-719F-405C-B257-91CCC44D527C}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{7C965CA2-0911-4B47-9B7A-22C605BE4554}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{8E900F5C-D8E9-4628-87B6-311A9DD16AEC}C:\windows\system32\windirlzk.exe" = protocol=6 | dir=in | app=c:\windows\system32\windirlzk.exe |
"TCP Query User{D18A3ED2-D5F9-4184-9C52-8779660A9B21}C:\windows\system32\windirlzk.exe" = protocol=6 | dir=in | app=c:\windows\system32\windirlzk.exe |
"TCP Query User{EF0F4F49-1DAD-4C5B-9E9F-7B7361216764}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{FEFBF8F5-D7FC-4784-86F8-FB5D27070E95}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{182D9A74-7719-46E8-8FEF-0BA443C5A800}C:\windows\system32\windirlzk.exe" = protocol=17 | dir=in | app=c:\windows\system32\windirlzk.exe |
"UDP Query User{1D8900F7-870A-46A2-8C54-6C167C1BDBDC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A4F47A25-0392-4B40-A196-A59B0D0ED77D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{B02EBDA7-4D43-448E-8B3A-2DA4F03F95FC}C:\windows\system32\windirlzk.exe" = protocol=17 | dir=in | app=c:\windows\system32\windirlzk.exe |
"UDP Query User{ED531ADF-9191-4E85-83EE-1ABCCE8BD59E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F6C9E856-D781-40E4-84A2-9D47CD682956}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DF70CB6-553A-4C57-8E6D-876322ECFB78}" = REALTEK Wireless LAN Driver and Utility
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3732AF18-9C3C-428D-B944-F7E3FADEE3F3}" = Adobe Setup
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Digidesign Free Bomb Factory Plug-Ins 7.4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.0.7
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.4
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0AF91F4-D1ED-490E-8751-997AF2A3FF0D}_is1" = Leawo Free FLV Converter version 2.2.0.2
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F4DA32EA-B9F2-4B22-87E2-E8937DA4F6A8}" = Adobe Creative Suite 4 Web Premium
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Adobe_f7a01857897174b3e50432317243d3e" = Adobe Creative Suite 4 Web Premium
"am-thepriceisright2010editiontm" = The Price is Right 2010 Edition(TM)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 7.2
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Celtx (2.7)" = Celtx (2.7)
"Creative PD0620" = Creative WebCam Instant Driver (1.01.02.0729)
"Debut" = Debut Video Capture Software
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Digital Editions" = Adobe Digital Editions
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"Extreme Picture Finder_is1" = Extreme Picture Finder 3.13
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"HyperCam 2" = HyperCam 2
"Jpeg Enhancer_is1" = Jpeg Enhancer 1.8
"KVIrc" = KVIrc
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Layer III Audio Encoder 1.0.70111" = Layer III Audio Encoder
"LyX" = LyX 1.6.4-1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MiKTeX 2.7" = MiKTeX 2.7
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"mpegable DS" = mpegable DS decoder
"OnLive" = OnLive
"Opera 11.01.1190" = Opera 11.01
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"RealAlt_is1" = Real Alternative 1.9.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Cleaner_is1" = The Cleaner 2012
"TotalRecorder" = Total Recorder 7.1
"Uninstall_is1" = Uninstall 1.0.0.1
"US122 Driver_is1" = US122 Driver 3.40
"VLC media player" = VLC media player 1.1.6
"Web_4.0.1165.0" = Microsoft Expression Web 4
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2011 8:25:04 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/22/2011 8:25:04 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 210149

Error - 3/22/2011 8:25:04 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 210149

Error - 3/22/2011 8:25:05 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/22/2011 8:25:05 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 211147

Error - 3/22/2011 8:25:05 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 211147

Error - 3/22/2011 8:25:06 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/22/2011 8:25:06 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 212145

Error - 3/22/2011 8:25:06 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 212145

Error - 3/22/2011 8:25:07 PM | Computer Name = FrankCVO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]
Error - 4/27/2009 12:27:32 AM | Computer Name = FrankCVO | Source = Mcx2Dvcs | ID = 401
Description =

Error - 4/27/2009 12:37:35 AM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 4/27/2009 12:42:35 AM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 8/23/2009 11:15:11 PM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/8/2009 3:29:11 PM | Computer Name = FrankCVO | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/6/2011 6:12:51 AM | Computer Name = FrankCVO | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[fjccommish]

OTL logfile created on: 4/5/2011 10:54:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 82.17 Gb Free Space | 55.13% Space Free | Partition Type: NTFS

Computer Name: FRANKCVO | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/13 19:26:26 | 001,196,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Wireless LAN Utility\RtlService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/04 14:37:00 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/16 17:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\Realtek\Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/04/23 13:08:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/30 12:34:53 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 14:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/31 15:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/28 16:19:41 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/10/27 23:51:34 | 000,127,496 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/08/29 15:50:48 | 000,039,168 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122Wdm.sys -- (Us122WdmService)
DRV - [2007/08/29 15:50:34 | 000,018,304 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122DL.sys -- (US122DL)
DRV - [2007/08/29 15:50:02 | 000,131,968 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122.sys -- (US122)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/26 12:14:22 | 000,019,712 | ---- | M] (Adaptec, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcgbfl.sys -- (avcgbfl)
DRV - [2005/09/26 14:08:12 | 000,125,568 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcgbdr.sys -- (avcgbdr)
DRV - [2004/07/29 14:14:22 | 000,091,577 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/30 18:19:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:28:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 13:28:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/03/20 00:00:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2010/06/04 14:04:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/06/04 14:04:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/04/01 00:08:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\extensions
[2011/04/01 00:08:47 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/22 12:51:58 | 000,000,000 | -H-D | M] (Vuze Remote Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/11/26 05:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 13:43:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/26 05:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010/06/04 14:03:59 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/03 22:02:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\MBAM\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/31 11:13:29 | 000,000,000 | ---D | M] - C:\autopainter -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - msh263.drv File not found
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 00:06:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/03 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\thecleaner
[2011/04/03 23:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Cleaner
[2011/04/03 23:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner
[2011/04/03 23:46:32 | 044,784,008 | ---- | C] (MooSoft Development LLC ) -- C:\Users\Owner\Desktop\cleaner8_setup.exe
[2011/04/03 23:13:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/03 23:09:00 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\backups
[2011/04/03 22:46:04 | 000,218,112 | -H-- | C] (Soeperman Enterprises Ltd.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2011/04/03 22:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
[2011/04/03 22:11:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/03 22:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/04/03 21:54:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/03 21:54:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/03 18:20:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/03 18:01:18 | 000,000,000 | ---D | C] -- C:\FrankC13701F
[2011/04/03 17:44:44 | 000,000,000 | ---D | C] -- C:\Frankc
[2011/04/03 17:38:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/03 02:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/03 02:09:15 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/03 02:09:15 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/03 02:09:15 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/03 02:08:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011/04/03 02:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/03 00:50:23 | 001,377,112 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2011/04/03 00:42:06 | 000,000,000 | ---D | C] -- C:\we
[2011/04/03 00:40:58 | 001,377,112 | -H-- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/04/02 05:59:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/04/02 05:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/04/02 05:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/04/02 05:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\FRISK Software
[2011/04/02 00:35:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/02 00:35:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/02 00:35:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/01 23:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2011/04/01 20:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/04/01 20:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/03/31 16:13:32 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Baseball
[2011/03/25 11:34:09 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\REv
[2011/03/22 23:33:35 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Hertz
[2011/03/21 00:24:35 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\HRL
[2011/03/09 20:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/08 03:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/15 11:28:00 | 001,169,736 | -H-- | C] (Microsoft Corporation) -- C:\Users\Owner\AppData\Roaming\datacore.exe

========== Files - Modified Within 30 Days ==========

[2011/04/05 22:58:12 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/05 22:58:12 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/05 22:51:03 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 22:51:03 | 000,003,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 22:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 22:50:53 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 22:18:03 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000UA.job
[2011/04/04 23:17:01 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000Core.job
[2011/04/04 01:26:26 | 004,757,419 | ---- | M] () -- C:\Users\Owner\Desktop\Cube60_FCabanski.mp3
[2011/04/04 00:40:41 | 002,318,627 | ---- | M] () -- C:\Users\Owner\Desktop\DiabetesWellness_FCabanski.mp3
[2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/03 23:47:18 | 044,784,008 | ---- | M] (MooSoft Development LLC ) -- C:\Users\Owner\Desktop\cleaner8_setup.exe
[2011/04/03 22:58:53 | 000,000,579 | -H-- | M] () -- C:\Users\Owner\Desktop\Windows Repair.lnk
[2011/04/03 22:36:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42393352r
[2011/04/03 22:36:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42393352
[2011/04/03 22:20:02 | 001,402,880 | -H-- | M] () -- C:\Users\Owner\Desktop\HijackThis.msi
[2011/04/03 22:02:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/03 21:47:59 | 001,006,778 | -H-- | M] () -- C:\Users\Owner\Desktop\rkill.scr
[2011/04/03 21:47:29 | 004,313,198 | RH-- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/04/03 21:33:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
[2011/04/03 21:33:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43114248
[2011/04/03 19:09:08 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40623880r
[2011/04/03 19:09:08 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~40623880
[2011/04/03 18:25:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~41148168
[2011/04/03 18:25:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~41148168r
[2011/04/03 18:03:38 | 125,128,293 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/03 17:56:18 | 001,006,778 | -H-- | M] () -- C:\Users\Owner\Desktop\rkill.exe
[2011/04/03 12:18:06 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43835144
[2011/04/03 12:18:04 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43835144r
[2011/04/02 11:59:22 | 000,049,583 | ---- | M] () -- C:\Users\Owner\Documents\365 Liberal Quotes.ods
[2011/04/01 23:03:44 | 000,000,680 | -H-- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/04/01 18:27:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r
[2011/04/01 18:27:37 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
[2011/03/30 23:22:47 | 000,359,040 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_SS.mp3
[2011/03/30 23:16:55 | 000,277,248 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_ALDR.mp3
[2011/03/30 22:45:12 | 000,620,544 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_Aspire.mp3
[2011/03/30 22:29:42 | 000,331,008 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_Grammar.mp3
[2011/03/30 22:18:02 | 002,069,942 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC_ZyVestra.mp3
[2011/03/30 22:16:28 | 000,051,712 | -H-- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/26 15:56:48 | 000,229,479 | ---- | M] () -- C:\Users\Owner\Documents\Untitled.wma
[2011/03/25 02:07:13 | 000,910,105 | -H-- | M] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.mp3
[2011/03/25 02:02:05 | 002,177,334 | -H-- | M] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.aif
[2011/03/23 16:16:56 | 000,015,530 | -H-- | M] () -- C:\Users\Owner\Desktop\huh.jpg
[2011/03/21 00:39:00 | 000,241,622 | ---- | M] () -- C:\Users\Owner\Documents\Headroom Learning SAT Prep Guidelines.odt
[2011/03/20 12:29:09 | 000,007,774 | -H-- | M] () -- C:\Users\Owner\Desktop\Untitled.jpg
[2011/03/18 22:51:12 | 002,712,554 | -H-- | M] () -- C:\Users\Owner\Desktop\AVO_FCabanski.mp3
[2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe
[2011/03/08 01:47:45 | 011,449,883 | -H-- | M] () -- C:\Users\Owner\Desktop\FrankC.zip

========== Files Created - No Company Name ==========

[2011/04/04 01:26:19 | 004,757,419 | ---- | C] () -- C:\Users\Owner\Desktop\Cube60_FCabanski.mp3
[2011/04/04 00:40:38 | 002,318,627 | ---- | C] () -- C:\Users\Owner\Desktop\DiabetesWellness_FCabanski.mp3
[2011/04/03 23:21:24 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/03 22:47:58 | 000,000,579 | -H-- | C] () -- C:\Users\Owner\Desktop\Windows Repair.lnk
[2011/04/03 22:23:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42393352r
[2011/04/03 22:23:18 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~42393352
[2011/04/03 22:20:03 | 001,402,880 | -H-- | C] () -- C:\Users\Owner\Desktop\HijackThis.msi
[2011/04/03 21:48:09 | 001,006,778 | -H-- | C] () -- C:\Users\Owner\Desktop\rkill.scr
[2011/04/03 21:47:21 | 004,313,198 | RH-- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/04/03 21:33:31 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43114248r
[2011/04/03 21:33:31 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43114248
[2011/04/03 19:09:08 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~40623880r
[2011/04/03 19:09:07 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~40623880
[2011/04/03 18:25:09 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~41148168r
[2011/04/03 18:25:07 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~41148168
[2011/04/03 17:56:18 | 001,006,778 | -H-- | C] () -- C:\Users\Owner\Desktop\rkill.exe
[2011/04/03 02:07:08 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43835144r
[2011/04/03 02:07:07 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43835144
[2011/04/02 00:35:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 00:35:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 00:35:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 00:35:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 00:35:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 18:27:37 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43310856r
[2011/04/01 18:27:36 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43310856
[2011/03/30 23:22:44 | 000,359,040 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_SS.mp3
[2011/03/30 23:16:53 | 000,277,248 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_ALDR.mp3
[2011/03/30 22:45:07 | 000,620,544 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_Aspire.mp3
[2011/03/30 22:29:39 | 000,331,008 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_Grammar.mp3
[2011/03/30 22:17:59 | 002,069,942 | -H-- | C] () -- C:\Users\Owner\Desktop\FrankC_ZyVestra.mp3
[2011/03/26 15:56:48 | 000,229,479 | ---- | C] () -- C:\Users\Owner\Documents\Untitled.wma
[2011/03/25 02:02:05 | 002,177,334 | -H-- | C] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.aif
[2011/03/25 01:57:56 | 000,910,105 | -H-- | C] () -- C:\Users\Owner\Desktop\AFLAC_FCabanski.mp3
[2011/03/25 01:46:08 | 075,096,064 | -H-- | C] () -- C:\Users\Owner\Desktop\MOV00C.MOD
[2011/03/25 01:46:03 | 154,818,560 | -H-- | C] () -- C:\Users\Owner\Desktop\MOV00B.MOD
[2011/03/23 16:16:55 | 000,015,530 | -H-- | C] () -- C:\Users\Owner\Desktop\huh.jpg
[2011/03/20 14:26:16 | 000,241,622 | ---- | C] () -- C:\Users\Owner\Documents\Headroom Learning SAT Prep Guidelines.odt
[2011/03/20 12:29:09 | 000,007,774 | -H-- | C] () -- C:\Users\Owner\Desktop\Untitled.jpg
[2011/03/18 22:51:08 | 002,712,554 | -H-- | C] () -- C:\Users\Owner\Desktop\AVO_FCabanski.mp3
[2011/02/12 13:25:12 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/12/29 12:11:43 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010/12/28 17:02:30 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8C25D98BE3.sys
[2010/12/28 17:02:29 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/08/30 18:18:35 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/30 18:15:16 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/08/23 17:38:04 | 000,144,074 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2010/06/09 05:33:20 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/05/09 02:03:18 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\Users\Owner\AppData\Local\7SkRgtbX5FlAM
[2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\ProgramData\7SkRgtbX5FlAM
[2010/02/24 17:09:06 | 000,186,704 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/02/24 17:01:33 | 000,001,847 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/01/15 11:27:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/15 11:27:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/14 12:49:27 | 000,010,752 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2010/01/14 12:45:27 | 000,000,036 | -H-- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2009/10/09 13:29:31 | 000,000,872 | ---- | C] () -- C:\Windows\System32\PCProxy.ini
[2009/10/09 13:29:26 | 000,173,384 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll
[2009/10/02 22:59:59 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/05/25 17:49:17 | 000,217,088 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/04/24 00:13:58 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/22 23:19:05 | 000,051,712 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/16 13:53:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/16 12:54:01 | 000,000,680 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/03/27 20:35:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/27 20:34:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2009/03/27 20:34:13 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/03/05 08:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/11 21:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 21:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 21:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 21:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,327,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/11/10 13:30:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2011/04/04 01:30:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2011/04/05 22:49:08 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2011/01/09 01:28:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\cdnLGjkRYqyoUPQOTFLSiK
[2011/03/09 20:26:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/28 18:09:33 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Pro
[2010/11/03 11:20:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/05/06 13:14:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Foxit
[2011/02/12 04:47:43 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/05/26 18:22:34 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\GlobalSCAPE
[2010/06/04 14:04:18 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Greyfirst
[2011/01/03 17:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\KVIrc4
[2010/01/03 11:39:32 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Leawo
[2010/10/29 17:38:59 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Ludia
[2009/08/28 01:05:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\lyx16
[2009/07/17 12:55:50 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Machete
[2009/09/29 19:21:44 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ManyCam
[2010/10/11 12:27:46 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Mobipocket
[2009/07/17 13:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
[2010/10/05 01:39:07 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\OnLive App
[2009/04/23 11:11:00 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/02/02 01:32:49 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/08/18 16:28:11 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Orbit
[2010/06/06 01:52:47 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2011/03/02 02:05:03 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PrimoPDF
[2010/08/18 16:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
[2010/11/24 00:32:12 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
[2009/05/03 23:48:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2010/06/08 18:13:12 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2010/06/17 23:19:27 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony Creative Software
[2011/02/12 04:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Stella
[2010/05/08 18:12:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\StreamTorrent
[2009/07/13 12:12:54 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/04/03 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\thecleaner
[2011/02/15 00:36:07 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\TotalRecorder
[2010/12/28 17:37:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
[2011/02/12 04:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/03/30 12:23:31 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\VitySoft
[2011/02/12 04:47:52 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\XnViewMP
[2011/04/05 22:49:54 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/27 13:31:09 | 000,009,041 | ---- | M] () -- C:\deviceInfo.txt
[2011/04/05 22:50:53 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/23 11:56:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/16 10:07:58 | 000,110,592 | -H-- | M] () -- C:\iperf.exe
[2005/09/12 19:29:52 | 000,026,440 | -H-- | M] () -- C:\M-Hwr.ttf
[2009/04/23 11:56:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/05 22:50:52 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2011/04/03 21:50:28 | 000,000,468 | ---- | M] () -- C:\rkill.log
[2010/12/29 12:11:48 | 000,005,324 | ---- | M] () -- C:\SetUp-Log-mpegable DS decoder.txt
[2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/07/31 15:59:53 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp082.dll
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/31 16:18:32 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/03 23:47:18 | 044,784,008 | ---- | M] (MooSoft Development LLC ) -- C:\Users\Owner\Desktop\cleaner8_setup.exe
[2011/04/03 21:47:29 | 004,313,198 | RH-- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2005/02/16 11:06:16 | 000,218,112 | -H-- | M] (Soeperman Enterprises Ltd.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2011/04/04 00:06:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/03 17:56:18 | 001,006,778 | -H-- | M] () -- C:\Users\Owner\Desktop\rkill.exe
[2011/03/10 12:27:50 | 001,377,112 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/07/31 16:17:03 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/07/31 16:16:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/07/31 16:16:33 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/16 12:54:18 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini
[2011/03/01 03:29:58 | 000,000,514 | -H-- | M] () -- C:\Users\Owner\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/13 23:41:27 | 000,011,626 | -HS- | M] () -- C:\ProgramData\7SkRgtbX5FlAM
[2010/12/28 17:03:29 | 000,000,088 | RHS- | M] () -- C:\ProgramData\8C25D98BE3.sys
[2010/08/30 18:19:36 | 000,003,950 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/12/28 17:08:27 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/03 19:09:08 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~40623880
[2011/04/03 19:09:08 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40623880r
[2011/04/03 18:25:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~41148168
[2011/04/03 18:25:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~41148168r
[2011/04/03 22:36:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42393352
[2011/04/03 22:36:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42393352r
[2011/04/03 21:33:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43114248
[2011/04/03 21:33:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
[2011/04/01 18:27:37 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
[2011/04/01 18:27:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r
[2011/04/03 12:18:06 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43835144
[2011/04/03 12:18:04 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43835144r

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:F4CA4D70
@Alternate Data Stream - 1290 bytes -> C:\Program Files\Common Files\System:mgurvAEvBZwRHDCgj51
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1126 bytes -> C:\ProgramData\Microsoft:9FEwnGlnJA4V2nXXAar
@Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:zvyOd7ChzRa7AsDEM9dWVeijMaB
@Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:cxRZweriKJpcunPMmwS0QtS
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
  IE - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
  O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
  O3 - HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (Reg Error: Key error.)
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2011/04/03 22:36:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42393352r
  [2011/04/03 22:36:49 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~42393352
  [2011/04/03 21:33:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
  [2011/04/03 21:33:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43114248
  [2011/04/03 19:09:08 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40623880r
  [2011/04/03 19:09:08 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~40623880
  [2011/04/03 18:25:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~41148168
  [2011/04/03 18:25:09 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~41148168r
  [2011/04/03 12:18:06 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43835144
  [2011/04/03 12:18:04 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43835144r
  [2011/04/01 18:27:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r
  [2011/04/01 18:27:37 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856
  [2010/12/28 17:02:30 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8C25D98BE3.sys
  [2010/12/28 17:02:29 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
  [2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\Users\Owner\AppData\Local\7SkRgtbX5FlAM
  [2010/04/13 23:39:20 | 000,011,626 | -HS- | C] () -- C:\ProgramData\7SkRgtbX5FlAM
  [2011/01/09 01:28:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\cdnLGjkRYqyoUPQOTFLSiK
  @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:F4CA4D70
  @Alternate Data Stream - 1290 bytes -> C:\Program Files\Common Files\System:mgurvAEvBZwRHDCgj51
  @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
  @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
  @Alternate Data Stream - 1126 bytes -> C:\ProgramData\Microsoft:9FEwnGlnJA4V2nXXAar
  @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:zvyOd7ChzRa7AsDEM9dWVeijMaB
  @Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:cxRZweriKJpcunPMmwS0QtS
  @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

 

[fjccommish]

It rebooted the system when it was finished. No log popped up, and after the reboot I couldn't find a log.

OTL also deleted itself - it's gone from the desktop.

 

[Broni]

Download fresh copy, run the fix one more time and post the log.

 

[fjccommish]

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKU\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1900823155-2928093892-1064168173-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File C:\ProgramData\~42393352r not found.
File C:\ProgramData\~42393352 not found.
File C:\ProgramData\~43114248r not found.
File C:\ProgramData\~43114248 not found.
File C:\ProgramData\~40623880r not found.
File C:\ProgramData\~40623880 not found.
File C:\ProgramData\~41148168 not found.
File C:\ProgramData\~41148168r not found.
File C:\ProgramData\~43835144 not found.
File C:\ProgramData\~43835144r not found.
File C:\ProgramData\~43310856r not found.
File C:\ProgramData\~43310856 not found.
File C:\ProgramData\8C25D98BE3.sys not found.
File C:\ProgramData\KGyGaAvL.sys not found.
File C:\Users\Owner\AppData\Local\7SkRgtbX5FlAM not found.
File C:\ProgramData\7SkRgtbX5FlAM not found.
C:\Users\Owner\AppData\Roaming\cdnLGjkRYqyoUPQOTFLSiK folder moved successfully.
Unable to delete ADS C:\ProgramData\TEMP:F4CA4D70 .
Unable to delete ADS C:\Program Files\Common Files\System:mgurvAEvBZwRHDCgj51 .
Unable to delete ADS C:\ProgramData\TEMP:94A19129 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\Microsoft:9FEwnGlnJA4V2nXXAar .
Unable to delete ADS C:\ProgramData\Microsoft:zvyOd7ChzRa7AsDEM9dWVeijMaB .
Unable to delete ADS C:\ProgramData\Microsoft:cxRZweriKJpcunPMmwS0QtS .
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 36186 bytes
->Temporary Internet Files folder emptied: 259397 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 817166613 bytes
->Opera cache emptied: 1012440 bytes
->Flash cache emptied: 10213 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51379 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 781.00 mb


[EMPTYFLASH]

User: Admin1
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04082011_003123

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Delete your Combofix file, download fresh one and see, if it'll run now.

 

[fjccommish]

Combofix finished. This is the log.

ComboFix 11-04-07.08 - Owner 04/08/2011 11:29:09.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1243 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair\Windows Repair.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 16:35 . 2011-04-08 16:36 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-04-08 16:35 . 2011-04-08 16:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-04-08 16:35 . 2011-04-08 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-08 16:35 . 2011-04-08 16:35 -------- d-----w- c:\users\Admin1\AppData\Local\temp
2011-04-06 07:25 . 2011-04-06 07:25 -------- d-----w- C:\_OTL
2011-04-04 04:49 . 2011-04-04 04:49 -------- d-----w- c:\users\Owner\AppData\Roaming\thecleaner
2011-04-04 04:49 . 2011-04-04 04:52 -------- d-----w- c:\program files\The Cleaner
2011-04-03 23:01 . 2011-04-03 23:02 -------- d-----w- C:\FrankC13701F
2011-04-03 22:44 . 2011-04-03 22:44 -------- d-----w- C:\Frankc
2011-04-03 07:09 . 2011-03-04 21:11 137656 ---ha-w- c:\windows\system32\drivers\avipbb.sys
2011-04-03 07:09 . 2011-03-04 19:37 61960 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-03 07:08 . 2011-04-03 07:08 -------- d--h--w- c:\programdata\Avira
2011-04-03 07:08 . 2011-04-03 07:08 -------- d-----w- c:\program files\Avira
2011-04-03 05:42 . 2011-04-03 05:42 -------- d-----w- C:\we
2011-04-02 10:59 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-04-02 10:59 . 2011-04-02 10:59 -------- d-----w- c:\program files\Panda Security
2011-04-02 10:47 . 2011-04-03 02:15 -------- d-----w- c:\program files\Windows Live Safety Center
2011-04-02 10:35 . 2011-04-02 10:35 -------- d--h--w- c:\programdata\FRISK Software
2011-04-02 01:46 . 2011-04-02 19:12 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-03-22 19:57 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 19:57 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 19:57 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 01:26 . 2011-03-10 01:26 -------- d--h--w- c:\users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-03-09 16:48 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 16:48 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 16:48 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 16:48 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 16:48 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 16:48 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 05:34 . 2010-07-24 18:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:37 . 2011-02-12 10:05 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-12 10:05 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-12 10:05 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-12 10:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-12 10:04 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-12 10:04 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-12 10:04 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-12 10:04 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-12 10:04 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-12 10:05 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-12 10:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-12 10:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-12 10:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-12 10:05 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-12 10:05 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-12 10:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-12 10:05 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-12 10:05 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-12 10:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-12 10:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-12 10:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-12 10:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-12 10:05 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-12 10:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-12 10:05 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\MBAM\mbam.exe" [2010-04-29 1090952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-27 00:06 136176 ---hatw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ---ha-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive]
2011-03-29 22:53 5150936 ----a-w- c:\program files\The Cleaner\tcap.exe
.
R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122.sys [2007-08-29 131968]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DL.sys [2007-08-29 18304]
R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-28 722416]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-28 127496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 00:06]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1900823155-2928093892-1064168173-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 00:06]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF
IE: Free YouTube to Mp3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: {842AD645-55CB-4D9C-8D53-D1F7FCA9B9B3} = 156.154.70.22,156.154.71.22
TCP: {FA859631-21FD-4801-89A5-40B9F001A94B} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tta80589.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?tab=mc
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Connect Add-in - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 11:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-04-08 11:38:23
ComboFix-quarantined-files.txt 2011-04-08 16:38
.
Pre-Run: 82,993,823,744 bytes free
Post-Run: 82,645,233,664 bytes free
.
- - End Of File - - 6BA44CF9ABED7752AF46477703211068

 

[Broni]

Good job

How is computer doing?

What is your AV program?

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Broni]

Are you still out there?