TechSpot

Re-Direct Virus (Plomedia, etc) Completed all scans, logs attached

Solved
By MarkZaff
Mar 12, 2011
  1. Seems I have that bug thats going around.

    Followed the instructions as posted. Results posted below. Thanks in advance for any help you can provide....then we'll move on to the problems with the other machine.

    Mark



    AVG AV-Free
    Virus DB: 271.1.1/3502
    Version: 9.0.872

    "Scan ""Scan whole computer"" completed."
    "No infection was found during this scan"
    "Folders selected for scanning:";"Scan whole computer"
    "Scan started:";"Saturday, March 12, 2011, 1:40:41 PM"
    "Scan finished:";"Saturday, March 12, 2011, 2:48:08 PM (1 hour(s) 7 minute(s) 27 second(s))"
    "Total object scanned:";"495895"
    "User who launched the scan:";"Andreita"



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6037

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19019

    3/12/2011 3:53:40 PM
    mbam-log-2011-03-12 (15-53-40).txt

    Scan type: Quick scan
    Objects scanned: 152041
    Time elapsed: 10 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Andreita at 17:12:05.96 on Sat 03/12/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.212 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Starfield\offSyncService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Andreita\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\igfxext.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Andreita\Desktop\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:Tabs
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.us.acer.yahoo.com
    mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
    mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://fdl.msn.com/public/chat/msnchat45.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    TCP: {C04FCCFF-A4C4-40D6-97E1-1BC3BEB398D2} = 4.2.2.1,4.2.2.2
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-26 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-26 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-26 243024]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-8-12 13560]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-12 46592]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2011-2-2 1215216]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
    .
    =============== Created Last 30 ================
    .
    2011-03-05 21:01:17 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-03-05 21:01:02 40448 ----a-w- c:\windows\system32\winrs.exe
    2011-03-05 21:01:02 20480 ----a-w- c:\windows\system32\winrshost.exe
    2011-03-05 21:01:02 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-03-05 21:01:00 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-03-05 21:01:00 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2011-03-05 06:04:50 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2011-03-05 04:51:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-03-05 01:41:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-05 01:40:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-05 01:40:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-05 01:39:35 -------- d-----w- c:\users\andreita\appdata\roaming\AVG9
    2011-03-03 19:15:40 -------- d-----w- c:\program files\Drop Down Deals
    2011-03-03 19:15:39 -------- d-----w- c:\progra~2\Tarma Installer
    2011-03-02 14:28:26 -------- d-----w- c:\users\andreita\appdata\local\offsync
    2011-03-02 14:23:23 -------- d-----w- c:\users\andreita\appdata\local\Starfield
    2011-03-02 14:23:06 -------- d-----w- c:\program files\Starfield
    2011-02-25 14:24:30 73728 ----a-w- c:\windows\system32\APISlice_AVG_RESTORED.dll
    2011-02-25 14:24:29 73728 ----a-w- c:\windows\system32\APISlice.dll
    2011-02-24 23:37:28 -------- d-----w- c:\program files\common files\Macrovision Shared
    2011-02-24 22:49:07 -------- d-----w- c:\users\andreita\appdata\roaming\Malwarebytes
    2011-02-24 22:48:49 -------- d-----w- c:\progra~2\Malwarebytes
    .
    ==================== Find3M ====================
    .
    2011-02-10 02:45:46 1409 ----a-w- c:\windows\QTFont.for
    2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-14 15:49:30 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2007-11-13 19:47:02 4364800 ----a-w- c:\program files\openofficeorg23.msi
    2007-11-01 20:57:50 319488 ----a-w- c:\program files\setup.exe
    2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6001 Disk: Hitachi_ rev.SB4O -> Harddisk0\DR0 -> \Device\Ide\iaStor0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86613439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x866197b8]; MOV EAX, [0x86619834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x824BFFEF] -> \Device\Harddisk0\DR0[0x86071220]
    3 CLASSPNP[0x86DBA745] -> ntkrnlpa!IofCallDriver[0x824BFFEF] -> [0x84ED28C8]
    5 acpi[0x82A9F6A0] -> ntkrnlpa!IofCallDriver[0x824BFFEF] -> [0x84EF6030]
    \Driver\iaStor[0x862770F8] -> IRP_MJ_CREATE -> 0x86613439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC70P#4&291c20ff&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 17:14:45.23 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01).
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/25/2007 8:08:54 AM
    System Uptime: 3/12/2011 4:08:32 PM (1 hours ago)
    .
    Motherboard: Acer, Inc. | | Nestos
    Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 800/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 69 GiB total, 25.386 GiB free.
    D: is FIXED (NTFS) - 69 GiB total, 68.325 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011D1025&REV_02\4&3B390CB8&0&00E2
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011D1025&REV_02\4&3B390CB8&0&00E2
    Service: b57nd60x
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    AAC Decoder
    Acer Arcade Deluxe
    Acer Assist
    Acer Crystal Eye webcam
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer Registration
    Acer ScreenSaver
    Acer Tour
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.4 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.1
    Advanced SystemCare 3
    Agere Systems HDA Modem
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    AVG Free 9.0
    Broadcom Gigabit Integrated Controller
    Compatibility Pack for the 2007 Office system
    DivX Codec
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    doPDF 5.3 printer
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Launch Manager
    LightScribe 1.4.142.1
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WSE 3.0 Runtime
    MKV Splitter
    Move Networks Media Player for Internet Explorer
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    Outlook Setup Tool
    Picasa 3
    PowerProducer 3.72
    QuickTime
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Skype™ 5.0
    Smart Defrag
    Spelling Dictionaries Support For Adobe Reader 8
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.762
    Winbond CIR Drivers
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Workspace Desktop
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2011 8:22:49 PM, Error: EventLog [6008] - The previous system shutdown at 8:21:03 PM on 3/9/2011 was unexpected.
    3/9/2011 7:37:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    3/9/2011 11:45:33 AM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
    3/9/2011 11:42:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/9/2011 10:53:43 AM, Error: EventLog [6008] - The previous system shutdown at 10:47:18 AM on 3/9/2011 was unexpected.
    3/9/2011 1:33:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    3/8/2011 9:23:15 AM, Error: EventLog [6008] - The previous system shutdown at 9:20:21 AM on 3/8/2011 was unexpected.
    3/8/2011 8:44:28 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    3/8/2011 8:04:45 AM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    3/8/2011 4:28:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    3/8/2011 4:28:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
    3/8/2011 10:12:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/8/2011 10:10:19 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/8/2011 10:08:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.0.0.7 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    3/7/2011 3:40:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the eNet Service service to connect.
    3/7/2011 3:40:56 PM, Error: Service Control Manager [7000] - The eNet Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/7/2011 3:35:41 PM, Error: EventLog [6008] - The previous system shutdown at 3:33:48 PM on 3/7/2011 was unexpected.
    3/7/2011 2:52:03 PM, Error: EventLog [6008] - The previous system shutdown at 2:50:09 PM on 3/7/2011 was unexpected.
    3/7/2011 2:46:06 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/7/2011 2:44:26 PM, Error: EventLog [6008] - The previous system shutdown at 2:42:46 PM on 3/7/2011 was unexpected.
    3/6/2011 7:42:13 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:16 PM on 3/6/2011 was unexpected.
    3/6/2011 7:33:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    3/6/2011 6:47:47 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/6/2011 6:35:08 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/6/2011 6:28:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:27 PM on 3/5/2011 was unexpected.
    3/5/2011 9:37:39 AM, Error: EventLog [6008] - The previous system shutdown at 9:28:28 AM on 3/5/2011 was unexpected.
    3/5/2011 5:20:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    3/5/2011 4:56:33 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    3/5/2011 4:55:14 PM, Error: EventLog [6008] - The previous system shutdown at 4:52:55 PM on 3/5/2011 was unexpected.
    3/5/2011 12:39:43 AM, Error: volmgr [46] - Crash dump initialization failed!
    3/5/2011 12:00:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate Notice Service service to connect.
    3/5/2011 12:00:06 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/5/2011 1:29:12 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
    3/5/2011 1:20:07 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    3/5/2011 1:06:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    3/5/2011 1:06:24 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/5/2011 1:06:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/12/2011 8:53:52 AM, Error: EventLog [6008] - The previous system shutdown at 8:52:31 AM on 3/12/2011 was unexpected.
    3/12/2011 8:38:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    3/12/2011 8:29:50 AM, Error: EventLog [6008] - The previous system shutdown at 8:28:23 AM on 3/12/2011 was unexpected.
    3/12/2011 3:36:23 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    3/12/2011 3:31:37 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/12/2011 3:30:38 PM, Error: EventLog [6008] - The previous system shutdown at 3:28:46 PM on 3/12/2011 was unexpected.
    3/12/2011 12:26:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    3/11/2011 11:56:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    3/11/2011 10:33:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eRecoveryService service.
    3/10/2011 4:25:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    3/10/2011 3:01:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.17 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    3/10/2011 2:38:53 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    3/10/2011 2:38:53 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    3/10/2011 2:38:53 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
    3/10/2011 12:51:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 001DD912B7E1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    GMER log is missing, but don't run it now, since you're infected with a rootkit.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    GMER Log

    Thanks for the quick response Broni...

    I had run the GMER but forgot to paste. Here it is. Running the killer now.

    MZ


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-12 16:53:54
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.SB4O
    Running: 60gx74q3.exe; Driver: C:\Users\Andreita\AppData\Local\Temp\kwldquog.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtProtectVirtualMemory 775785D8 5 Bytes JMP 0089000A
    .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtWriteVirtualMemory 77578F18 5 Bytes JMP 008B000A
    .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!KiUserExceptionDispatcher 77579648 5 Bytes JMP 0088000A
    .text C:\Windows\system32\svchost.exe[1444] ole32.dll!CoCreateInstance 7741E2D8 5 Bytes JMP 00F2000A
    .text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtProtectVirtualMemory 775785D8 5 Bytes JMP 0073000A
    .text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtWriteVirtualMemory 77578F18 5 Bytes JMP 0074000A
    .text C:\Windows\Explorer.EXE[1584] ntdll.dll!KiUserExceptionDispatcher 77579648 5 Bytes JMP 0072000A
    .text C:\Windows\system32\wuauclt.exe[3316] ntdll.dll!NtProtectVirtualMemory 775785D8 5 Bytes JMP 002C000A
    .text C:\Windows\system32\wuauclt.exe[3316] ntdll.dll!NtWriteVirtualMemory 77578F18 5 Bytes JMP 002D000A
    .text C:\Windows\system32\wuauclt.exe[3316] ntdll.dll!KiUserExceptionDispatcher 77579648 5 Bytes JMP 001D000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744988B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744D98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7449B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7448FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74497A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7448EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744CB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7449BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7449074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744906B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7451D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744B7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7448E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7448697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1584] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74492465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS541616J9SA00_________________SB4OC70P#4&291c20ff&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
     
  4. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    TDSSKiller Result

    See Below.

    Will await further instruction.

    This is wife's computer. Just noticed still running SP1 and possibly older JS. Advise when to update. Also recommendations for replacement for AVG Free as it is what allowed the breech.

    MZ


    2011/03/12 19:37:08.0579 3756 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/12 19:37:08.0929 3756 ================================================================================
    2011/03/12 19:37:08.0929 3756 SystemInfo:
    2011/03/12 19:37:08.0929 3756
    2011/03/12 19:37:08.0930 3756 OS Version: 6.0.6001 ServicePack: 1.0
    2011/03/12 19:37:08.0930 3756 Product type: Workstation
    2011/03/12 19:37:08.0930 3756 ComputerName: ANDREITA-LAP
    2011/03/12 19:37:08.0930 3756 UserName: Andreita
    2011/03/12 19:37:08.0930 3756 Windows directory: C:\Windows
    2011/03/12 19:37:08.0930 3756 System windows directory: C:\Windows
    2011/03/12 19:37:08.0931 3756 Processor architecture: Intel x86
    2011/03/12 19:37:08.0931 3756 Number of processors: 2
    2011/03/12 19:37:08.0931 3756 Page size: 0x1000
    2011/03/12 19:37:08.0931 3756 Boot type: Normal boot
    2011/03/12 19:37:08.0931 3756 ================================================================================
    2011/03/12 19:37:11.0577 3756 Initialize success
    2011/03/12 19:37:17.0799 5916 ================================================================================
    2011/03/12 19:37:17.0799 5916 Scan started
    2011/03/12 19:37:17.0799 5916 Mode: Manual;
    2011/03/12 19:37:17.0799 5916 ================================================================================
    2011/03/12 19:37:21.0966 5916 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    2011/03/12 19:37:22.0103 5916 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/03/12 19:37:22.0287 5916 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/03/12 19:37:22.0371 5916 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/03/12 19:37:22.0418 5916 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/03/12 19:37:22.0601 5916 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
    2011/03/12 19:37:22.0752 5916 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/03/12 19:37:22.0994 5916 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/03/12 19:37:23.0069 5916 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/03/12 19:37:23.0147 5916 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/03/12 19:37:23.0272 5916 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/03/12 19:37:23.0324 5916 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/03/12 19:37:23.0383 5916 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/03/12 19:37:23.0581 5916 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/03/12 19:37:23.0773 5916 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/03/12 19:37:23.0943 5916 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/03/12 19:37:24.0022 5916 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/12 19:37:24.0139 5916 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    2011/03/12 19:37:24.0215 5916 athr (42a781b795b36a7182ded8b55c245153) C:\Windows\system32\DRIVERS\athr.sys
    2011/03/12 19:37:24.0556 5916 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
    2011/03/12 19:37:24.0656 5916 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
    2011/03/12 19:37:24.0849 5916 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
    2011/03/12 19:37:24.0989 5916 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/03/12 19:37:25.0126 5916 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/03/12 19:37:25.0496 5916 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/12 19:37:25.0632 5916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/03/12 19:37:25.0758 5916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/03/12 19:37:25.0876 5916 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/03/12 19:37:26.0014 5916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/03/12 19:37:26.0216 5916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/03/12 19:37:26.0286 5916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/03/12 19:37:26.0356 5916 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/03/12 19:37:26.0409 5916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/12 19:37:26.0641 5916 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/12 19:37:26.0802 5916 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    2011/03/12 19:37:26.0961 5916 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    2011/03/12 19:37:27.0110 5916 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/12 19:37:27.0213 5916 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/03/12 19:37:27.0278 5916 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/12 19:37:27.0335 5916 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/03/12 19:37:27.0390 5916 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/03/12 19:37:27.0600 5916 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/12 19:37:27.0750 5916 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    2011/03/12 19:37:27.0914 5916 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
    2011/03/12 19:37:28.0028 5916 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/12 19:37:28.0311 5916 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/12 19:37:28.0603 5916 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/03/12 19:37:28.0756 5916 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    2011/03/12 19:37:28.0961 5916 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/03/12 19:37:29.0219 5916 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    2011/03/12 19:37:29.0308 5916 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    2011/03/12 19:37:29.0418 5916 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/12 19:37:29.0579 5916 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/12 19:37:29.0641 5916 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/03/12 19:37:29.0731 5916 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/12 19:37:29.0902 5916 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/12 19:37:29.0983 5916 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/12 19:37:30.0092 5916 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/03/12 19:37:30.0190 5916 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/03/12 19:37:30.0626 5916 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/12 19:37:31.0004 5916 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/12 19:37:31.0405 5916 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/03/12 19:37:31.0635 5916 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    2011/03/12 19:37:31.0944 5916 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/12 19:37:32.0177 5916 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/03/12 19:37:32.0348 5916 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    2011/03/12 19:37:33.0272 5916 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/03/12 19:37:33.0404 5916 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/12 19:37:33.0620 5916 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/03/12 19:37:33.0679 5916 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/03/12 19:37:33.0918 5916 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/03/12 19:37:34.0206 5916 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/03/12 19:37:34.0363 5916 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
    2011/03/12 19:37:34.0525 5916 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/03/12 19:37:34.0738 5916 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/03/12 19:37:34.0799 5916 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/12 19:37:34.0904 5916 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/12 19:37:35.0035 5916 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/03/12 19:37:35.0198 5916 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/03/12 19:37:35.0318 5916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/03/12 19:37:35.0402 5916 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/03/12 19:37:35.0547 5916 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/12 19:37:35.0597 5916 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/03/12 19:37:35.0673 5916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/03/12 19:37:35.0727 5916 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/12 19:37:35.0895 5916 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/12 19:37:36.0024 5916 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/12 19:37:36.0297 5916 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/12 19:37:36.0458 5916 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/03/12 19:37:36.0653 5916 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/03/12 19:37:36.0702 5916 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/03/12 19:37:36.0766 5916 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/03/12 19:37:36.0903 5916 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/03/12 19:37:37.0148 5916 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/03/12 19:37:37.0269 5916 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/12 19:37:37.0347 5916 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/12 19:37:37.0576 5916 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/12 19:37:37.0656 5916 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/12 19:37:37.0710 5916 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/03/12 19:37:37.0861 5916 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/12 19:37:38.0008 5916 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/03/12 19:37:38.0177 5916 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/12 19:37:38.0408 5916 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/12 19:37:38.0630 5916 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/12 19:37:38.0740 5916 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/12 19:37:38.0900 5916 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/03/12 19:37:38.0946 5916 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/03/12 19:37:39.0050 5916 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/03/12 19:37:39.0238 5916 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/12 19:37:39.0347 5916 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/12 19:37:39.0454 5916 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/12 19:37:39.0650 5916 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/12 19:37:39.0749 5916 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/12 19:37:39.0842 5916 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/12 19:37:39.0993 5916 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/12 19:37:40.0093 5916 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    2011/03/12 19:37:40.0190 5916 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/12 19:37:40.0429 5916 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    2011/03/12 19:37:40.0509 5916 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/12 19:37:40.0585 5916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/12 19:37:40.0763 5916 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/12 19:37:40.0907 5916 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/12 19:37:41.0065 5916 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/12 19:37:41.0169 5916 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/12 19:37:41.0394 5916 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/03/12 19:37:41.0503 5916 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    2011/03/12 19:37:41.0717 5916 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/12 19:37:41.0849 5916 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/12 19:37:42.0036 5916 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2011/03/12 19:37:42.0255 5916 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/03/12 19:37:42.0464 5916 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/03/12 19:37:42.0553 5916 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/03/12 19:37:42.0605 5916 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/03/12 19:37:42.0649 5916 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/12 19:37:42.0850 5916 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/12 19:37:43.0030 5916 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/03/12 19:37:43.0124 5916 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    2011/03/12 19:37:43.0169 5916 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/03/12 19:37:43.0405 5916 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    2011/03/12 19:37:43.0466 5916 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/03/12 19:37:43.0508 5916 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/03/12 19:37:43.0597 5916 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/03/12 19:37:43.0948 5916 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/12 19:37:44.0020 5916 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/03/12 19:37:44.0126 5916 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/12 19:37:44.0306 5916 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
    2011/03/12 19:37:44.0689 5916 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
    2011/03/12 19:37:44.0905 5916 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
    2011/03/12 19:37:45.0250 5916 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/03/12 19:37:45.0354 5916 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/03/12 19:37:45.0522 5916 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/03/12 19:37:45.0623 5916 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/12 19:37:45.0665 5916 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/12 19:37:45.0857 5916 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/12 19:37:45.0979 5916 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/12 19:37:46.0196 5916 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/12 19:37:46.0271 5916 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/12 19:37:46.0387 5916 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/12 19:37:46.0557 5916 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/12 19:37:46.0616 5916 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/12 19:37:46.0737 5916 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/12 19:37:46.0940 5916 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/03/12 19:37:47.0010 5916 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/03/12 19:37:47.0121 5916 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    2011/03/12 19:37:47.0274 5916 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/03/12 19:37:47.0447 5916 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/12 19:37:47.0630 5916 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/12 19:37:47.0732 5916 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/03/12 19:37:47.0856 5916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/03/12 19:37:48.0035 5916 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/03/12 19:37:48.0072 5916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/03/12 19:37:48.0136 5916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/03/12 19:37:48.0403 5916 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/03/12 19:37:48.0483 5916 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/12 19:37:48.0605 5916 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/03/12 19:37:48.0738 5916 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/03/12 19:37:48.0862 5916 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/03/12 19:37:48.0907 5916 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/03/12 19:37:49.0062 5916 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/03/12 19:37:49.0162 5916 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/12 19:37:49.0338 5916 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
    2011/03/12 19:37:49.0581 5916 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/03/12 19:37:49.0680 5916 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/12 19:37:49.0873 5916 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/12 19:37:49.0977 5916 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/12 19:37:50.0361 5916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/12 19:37:50.0466 5916 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/03/12 19:37:50.0548 5916 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/03/12 19:37:50.0666 5916 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/03/12 19:37:50.0754 5916 SynTP (978acc15501e62d4b26c1567ce42fbad) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/03/12 19:37:50.0901 5916 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    2011/03/12 19:37:51.0090 5916 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/12 19:37:51.0228 5916 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/12 19:37:51.0283 5916 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/12 19:37:51.0345 5916 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/12 19:37:51.0423 5916 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/12 19:37:51.0625 5916 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/12 19:37:51.0775 5916 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/12 19:37:51.0832 5916 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/03/12 19:37:52.0060 5916 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/12 19:37:52.0117 5916 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/03/12 19:37:52.0176 5916 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/12 19:37:52.0406 5916 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/12 19:37:52.0462 5916 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/03/12 19:37:52.0529 5916 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/03/12 19:37:52.0580 5916 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/03/12 19:37:52.0635 5916 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/12 19:37:52.0804 5916 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\Windows\system32\Drivers\usbaapl.sys
    2011/03/12 19:37:52.0894 5916 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/12 19:37:53.0006 5916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/03/12 19:37:53.0155 5916 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/12 19:37:53.0274 5916 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/12 19:37:53.0334 5916 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/03/12 19:37:53.0485 5916 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/03/12 19:37:53.0580 5916 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/12 19:37:53.0661 5916 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/12 19:37:53.0793 5916 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
    2011/03/12 19:37:53.0897 5916 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/12 19:37:53.0951 5916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/03/12 19:37:54.0108 5916 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/03/12 19:37:54.0161 5916 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/03/12 19:37:54.0206 5916 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/03/12 19:37:54.0263 5916 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/03/12 19:37:54.0332 5916 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/12 19:37:54.0500 5916 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    2011/03/12 19:37:54.0617 5916 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/03/12 19:37:54.0709 5916 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/03/12 19:37:54.0858 5916 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/12 19:37:54.0890 5916 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/12 19:37:54.0986 5916 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/03/12 19:37:55.0056 5916 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/12 19:37:55.0287 5916 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
    2011/03/12 19:37:55.0632 5916 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/12 19:37:55.0790 5916 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/03/12 19:37:55.0901 5916 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/12 19:37:56.0005 5916 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/12 19:37:56.0142 5916 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
    2011/03/12 19:37:56.0239 5916 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/03/12 19:37:56.0250 5916 ================================================================================
    2011/03/12 19:37:56.0250 5916 Scan finished
    2011/03/12 19:37:56.0250 5916 ================================================================================
    2011/03/12 19:37:56.0285 1316 Detected object count: 1
    2011/03/12 19:39:44.0235 1316 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/03/12 19:39:44.0236 1316 \HardDisk0 - ok
    2011/03/12 19:39:44.0288 1316 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/03/12 19:39:54.0951 5088 Deinitialize success
     
  5. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Updates will come later, when your computer is totally clean.

    How is redirection?

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    MBRCheck

    Redirects have subsided.

    Below are the results of MBRChk

    Running ComboFix now

    MZ


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 1 (build 6001), 32-bit
    Base Board Manufacturer: Acer, Inc.
    BIOS Manufacturer: Acer
    System Manufacturer: Acer, inc.
    System Product Name: Aspire 4720Z
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 152):
    0x82438000 \SystemRoot\system32\ntkrnlpa.exe
    0x82405000 \SystemRoot\system32\hal.dll
    0x80605000 \SystemRoot\system32\kdcom.dll
    0x80608000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80668000 \SystemRoot\system32\PSHED.dll
    0x80679000 \SystemRoot\system32\BOOTVID.dll
    0x80681000 \SystemRoot\system32\CLFS.SYS
    0x806C2000 \SystemRoot\system32\CI.dll
    0x82A00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x82A7C000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x82A89000 \SystemRoot\system32\drivers\acpi.sys
    0x82ACF000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x82AD8000 \SystemRoot\system32\drivers\msisadrv.sys
    0x82AE0000 \SystemRoot\system32\drivers\pci.sys
    0x82B07000 \SystemRoot\System32\drivers\partmgr.sys
    0x82B16000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x82B19000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82B23000 \SystemRoot\system32\drivers\volmgr.sys
    0x82B32000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82B7C000 \SystemRoot\system32\drivers\intelide.sys
    0x82B83000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82B91000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82C0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x82CD3000 \SystemRoot\system32\drivers\atapi.sys
    0x82CDB000 \SystemRoot\system32\drivers\ataport.SYS
    0x82CF9000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82D2B000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82D3B000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x82D44000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x82D4D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82E0B000 \SystemRoot\system32\drivers\ndis.sys
    0x82F16000 \SystemRoot\system32\drivers\msrpc.sys
    0x82F41000 \SystemRoot\system32\drivers\NETIO.SYS
    0x86A0F000 \SystemRoot\System32\drivers\tcpip.sys
    0x86AF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x86C0C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x86D1B000 \SystemRoot\system32\drivers\volsnap.sys
    0x86D54000 \SystemRoot\System32\Drivers\spldr.sys
    0x86D5C000 \SystemRoot\system32\drivers\psdvdisk.sys
    0x86D6E000 \SystemRoot\system32\drivers\PSDNServ.sys
    0x86D77000 \SystemRoot\System32\Drivers\mup.sys
    0x86D86000 \SystemRoot\System32\drivers\ecache.sys
    0x86DAD000 \SystemRoot\system32\drivers\disk.sys
    0x86DBE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x86DDF000 \SystemRoot\system32\drivers\crcdisk.sys
    0x86DF5000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x86C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x86B13000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8AC04000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8B251000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8B2F0000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B2FD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8B308000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8B346000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8B355000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x86B22000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8B367000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8B377000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8B385000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8B39F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8B3AE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x82F7B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8B3C2000 \SystemRoot\system32\DRIVERS\winbondcir.sys
    0x8B3D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8B3EA000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0x8B3F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x86BD3000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8AC00000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x86DE8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x82FCC000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8AC02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0x86A00000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x86A07000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x82FE4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x82DBE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x82BA1000 \SystemRoot\system32\DRIVERS\storport.sys
    0x82FED000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x82BE2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x82E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x807A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x82DEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x807C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x807D9000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x807EE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x86DF3000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8B600000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8B62A000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x8B638000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8B642000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8B64F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8B683000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8B80D000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8B9BF000 \SystemRoot\system32\drivers\portcls.sys
    0x8B694000 \SystemRoot\system32\drivers\drmk.sys
    0x8B6B9000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x8B9EC000 \SystemRoot\system32\drivers\modem.sys
    0x8B800000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x8B7D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8B9F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8B7E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8B7EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8B7F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x82FF8000 \SystemRoot\System32\Drivers\Null.SYS
    0x82C00000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8BE0A000 \SystemRoot\System32\drivers\vga.sys
    0x8BE16000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8BE37000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8BE3F000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8BE47000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8BE52000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8BE60000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8BE69000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8BE7F000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8BE93000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8BEC5000 \SystemRoot\system32\drivers\afd.sys
    0x8BF0D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8BF23000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8BF31000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8BF44000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8BF80000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8BF8A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8CA09000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x8CBB0000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x8CBBD000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x94810000 \SystemRoot\System32\win32k.sys
    0x8CBD1000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8CBDB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94A30000 \SystemRoot\System32\TSDDD.dll
    0x94A50000 \SystemRoot\System32\cdd.dll
    0x8BFA1000 \SystemRoot\system32\drivers\luafv.sys
    0xA9607000 \SystemRoot\system32\drivers\spsys.sys
    0xA96B6000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA96C6000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA96F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA96FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA970D000 \SystemRoot\system32\drivers\HTTP.sys
    0xA977A000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA9797000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA97B0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA97C5000 \SystemRoot\system32\drivers\mrxdav.sys
    0x8BFBC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA9C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA9C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA9C52000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA9C7A000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA9CE0000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA9CF6000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    0xA9D07000 \SystemRoot\system32\drivers\peauth.sys
    0xA9DE5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA9DEF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA9DFB000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
    0x77880000 \Windows\System32\ntdll.dll

    Processes (total 62):
    0 System Idle Process
    4 System
    456 C:\Windows\System32\smss.exe
    532 csrss.exe
    576 C:\Windows\System32\wininit.exe
    588 csrss.exe
    624 C:\Windows\System32\services.exe
    652 C:\Windows\System32\winlogon.exe
    676 C:\Windows\System32\lsass.exe
    688 C:\Windows\System32\lsm.exe
    824 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\audiodg.exe
    1200 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\SLsvc.exe
    1248 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\svchost.exe
    1664 C:\Windows\System32\spoolsv.exe
    1688 C:\Windows\System32\svchost.exe
    1876 C:\Windows\System32\agrsmsvc.exe
    1908 C:\Acer\ALaunch\ALaunchSvc.exe
    208 C:\Windows\System32\dwm.exe
    212 C:\Windows\System32\taskeng.exe
    496 C:\Windows\explorer.exe
    816 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1164 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    1432 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    1020 C:\Acer\Empowering Technology\eNet\eNet Service.exe
    784 C:\Program Files\Starfield\offSyncService.exe
    2096 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2148 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2552 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2568 C:\Windows\RtHDVCpl.exe
    2584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2592 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2600 C:\Acer\Empowering Technology\eAudio\eAudio.exe
    2620 C:\Windows\System32\igfxtray.exe
    2628 C:\Windows\System32\igfxpers.exe
    2640 C:\Windows\ehome\ehtray.exe
    2648 C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    2872 C:\Windows\System32\igfxsrvc.exe
    2900 C:\Acer\Mobility Center\MobilityService.exe
    3068 C:\Windows\System32\svchost.exe
    3080 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    3132 C:\Windows\System32\svchost.exe
    3208 C:\Windows\System32\svchost.exe
    3228 C:\Windows\System32\SearchIndexer.exe
    3312 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    3368 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    3436 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    3664 WmiPrvSE.exe
    3672 WmiPrvSE.exe
    3780 unsecapp.exe
    2268 C:\Windows\System32\taskeng.exe
    2284 C:\Windows\System32\wbem\unsecapp.exe
    500 C:\Windows\ehome\ehmsas.exe
    3040 C:\Windows\System32\igfxext.exe
    2484 C:\Windows\System32\wuauclt.exe
    3128 C:\Users\Andreita\Desktop\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`eda00000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1f200000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: EF8BDDFCE3316153C12FED7A663D8468DEEA06D0


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  7. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    ComboFix Result

    I think we're almost there...

    What do you think?

    Reinstall AVG or you got a better Freebie suggestion?

    MZ

    ComboFix 11-03-12.01 - Andreita 03/12/2011 21:17:39.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.334 [GMT -5:00]
    Running from: c:\users\Andreita\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Drop Down Deals
    c:\program files\Drop Down Deals\YontooIEClient.dll
    c:\program files\Setup.exe
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-13 02:31 . 2011-03-13 02:33 -------- d-----w- c:\users\Andreita\AppData\Local\temp
    2011-03-13 02:31 . 2011-03-13 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-05 21:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-03-05 21:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-03-05 21:01 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
    2011-03-05 21:01 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
    2011-03-05 21:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-03-05 21:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
    2011-03-05 06:04 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2011-03-05 04:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-03-05 01:39 . 2011-03-05 01:39 -------- d-----w- c:\users\Andreita\AppData\Roaming\AVG9
    2011-03-02 14:28 . 2011-03-02 14:28 -------- d-----w- c:\users\Andreita\AppData\Local\offsync
    2011-03-02 14:23 . 2011-03-02 14:23 -------- d-----w- c:\users\Andreita\AppData\Local\Starfield
    2011-03-02 14:23 . 2011-03-03 19:03 -------- d-----w- c:\program files\Starfield
    2011-02-26 00:32 . 2011-02-26 00:32 -------- d-----w- c:\program files\Apple Software Update
    2011-02-25 14:24 . 2011-02-25 14:24 73728 ----a-w- c:\windows\system32\APISlice_AVG_RESTORED.dll
    2011-02-25 14:24 . 2011-02-25 14:24 73728 ----a-w- c:\windows\system32\APISlice.dll
    2011-02-25 13:25 . 2011-02-25 13:25 -------- d-----w- c:\windows\Sun
    2011-02-24 23:37 . 2011-02-25 03:28 -------- d-----w- c:\programdata\FLEXnet
    2011-02-24 23:37 . 2011-02-24 23:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-02-24 22:49 . 2011-03-13 01:59 -------- d-----w- c:\users\Andreita\AppData\Roaming\Malwarebytes
    2011-02-24 20:26 . 2011-02-24 21:37 -------- d-----w- c:\users\Administrator
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-10 02:45 . 2011-02-10 02:45 1409 ----a-w- c:\windows\QTFont.for
    2011-01-08 07:50 . 2011-02-09 04:17 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 05:57 . 2011-02-09 04:17 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:25 . 2011-02-09 04:17 2038784 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 14:57 . 2011-01-12 10:54 409600 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-14 15:49 . 2011-01-12 10:54 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2007-11-13 19:47 . 2007-11-13 19:47 4364800 ----a-w- c:\program files\openofficeorg23.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 4472832]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 857648]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-29 707080]
    "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
    "PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
    S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-14 46592]
    S2 File Backup;File Backup Service;c:\program files\Starfield\offSyncService.exe [2011-02-02 1215216]
    S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:Tabs
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://en.us.acer.yahoo.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    TCP: {C04FCCFF-A4C4-40D6-97E1-1BC3BEB398D2} = 4.2.2.1,4.2.2.2
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-SmartRAM - c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Andreita\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-12 21:33
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-03-12 21:43:01
    ComboFix-quarantined-files.txt 2011-03-13 02:42
    .
    Pre-Run: 26,855,931,904 bytes free
    Post-Run: 26,929,991,680 bytes free
    .
    - - End Of File - - 12388665E7E9F9D7810FEA36E994D6AA
     
  8. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    I assume, redirection is totally gone?

    Combofix log looks good now.

    If you want to reinstall AVG, fine.
    If you want to switch to something else, I suggest one of the following:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    We'll run couple more scans to make sure your computer is really clean.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    OTL Result (1 of 2)

    Redirect IS GONE!! Thanks.

    Reinstalled AVG (Read pros/cons of all the major freebies...they all have their shortcomings).

    OTL Result below.

    Don't forget to advise when to run vulnerability updates (SP2, Java, etc.)

    MZ




    OTL logfile created on:
    3/13/2011 11:35:14 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreita\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 28.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1800 3200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 68.77 Gb Total Space | 23.75 Gb Free Space | 34.53% Space Free | Partition Type: NTFS
    Drive D: | 68.56 Gb Total Space | 68.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

    Computer Name: ANDREITA-LAP | User Name: Andreita | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
    PRC - [2011/03/13 10:53:16 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Andreita\AppData\Local\temp\RtkBtMnt.exe
    PRC - [2011/03/13 10:34:56 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2011/03/13 10:34:56 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2011/03/13 10:34:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2011/03/13 10:34:50 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2011/03/13 10:34:33 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2011/03/13 10:34:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2011/03/13 10:34:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2011/02/02 12:12:34 | 001,215,216 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
    PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2007/06/28 23:16:58 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
    PRC - [2007/06/28 21:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/06/13 19:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/06/13 14:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/06/12 21:50:30 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/06/12 21:50:28 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/06/11 18:00:36 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
    PRC - [2007/05/28 04:29:00 | 004,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    PRC - [2007/04/23 12:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/01/14 17:31:30 | 000,046,592 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
    PRC - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
    MOD - [2011/03/13 10:36:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
    SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
    SRV - [2011/03/13 10:34:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2011/03/13 10:34:00 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2011/02/24 19:37:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/02/02 12:12:34 | 001,215,216 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
    SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2007/06/28 21:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/06/13 19:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/06/13 14:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2007/06/12 21:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/04/23 12:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/01/14 17:31:30 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
    SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/03/13 10:36:21 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/03/13 10:36:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/03/13 10:35:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2007/06/12 13:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/04/27 05:56:00 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/03/28 10:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/03/09 17:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
    DRV - [2006/11/02 19:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========



    [2011/03/02 10:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreita\AppData\Roaming\Mozilla\Extensions
    [2010/05/22 21:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreita\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
    [2008/01/12 20:59:51 | 000,000,000 | ---D | M] (WebMail) -- C:\USERS\ANDREITA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\F7JXI5MM.DEFAULT\EXTENSIONS\{3C8E8390-2CF6-11D9-9669-0800200C9A66}
    [2008/01/12 21:01:04 | 000,000,000 | ---D | M] (WebMail - Hotmail) -- C:\USERS\ANDREITA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\F7JXI5MM.DEFAULT\EXTENSIONS\{A6A33690-2C6A-11D9-9669-0800200C9A66}

    O1 HOSTS File: ([2011/03/12 22:32:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.182.32.146 65.182.32.35
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Andreita\Pictures\Crusero\P4050162.JPG
    O24 - Desktop BackupWallPaper: C:\Users\Andreita\Pictures\Crusero\P4050162.JPG
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/13 11:31:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
    [2011/03/13 10:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Free 9.0
    [2011/03/13 10:36:21 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2011/03/13 10:36:18 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2011/03/13 10:35:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2011/03/13 10:35:57 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2011/03/13 10:35:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
    [2011/03/13 10:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/03/13 10:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
    [2011/03/12 22:43:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/12 22:43:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/12 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\temp
    [2011/03/12 22:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/12 22:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/12 22:11:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/12 22:10:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/12 22:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/12 22:10:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/05 17:04:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
    [2011/03/04 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\AVG9
    [2011/03/03 15:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Setup Tool
    [2011/03/02 10:28:26 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\offsync
    [2011/03/02 10:24:21 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
    [2011/03/02 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\Starfield
    [2011/03/02 10:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
    [2011/02/25 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/02/25 09:25:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/02/24 19:39:15 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Documents\Updater5
    [2011/02/24 19:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
    [2011/02/24 19:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
    [2011/02/24 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Malwarebytes
    [2007/09/25 08:18:57 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2007/09/25 08:14:32 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2007/09/25 08:14:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [2007/08/13 00:40:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
    [2007/08/12 23:36:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
    [2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
    [2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
    [2011/03/13 11:00:28 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/13 11:00:28 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/13 10:52:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/13 10:52:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/13 10:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/13 10:52:40 | 1063,690,240 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/13 10:36:24 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
    [2011/03/13 10:36:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2011/03/13 10:36:21 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2011/03/13 10:36:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2011/03/13 10:35:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2011/03/13 10:35:57 | 072,497,289 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2011/03/13 10:35:57 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2011/03/12 22:32:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/10 16:30:06 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
    [2011/03/05 09:34:55 | 000,178,176 | ---- | M] () -- C:\Users\Andreita\Documents\LABALANZACONAUDIO.pps
    [2011/03/05 01:01:42 | 000,000,947 | ---- | M] () -- C:\Users\Andreita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/02/25 10:24:30 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
    [2011/02/25 10:24:29 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice.dll
    [2011/02/24 23:24:53 | 000,255,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/02/23 20:49:40 | 000,026,100 | ---- | M] () -- C:\Users\Andreita\Desktop\GreenCard.pdf
    [2011/02/23 11:38:43 | 000,027,012 | ---- | M] () -- C:\Users\Andreita\Documents\Real Estate Disclosure 4441 West White water Ave, Weston.pdf
    [2011/02/21 13:45:45 | 001,188,865 | ---- | M] () -- C:\Users\Andreita\Documents\Real E 4441 W Whitewater Ave.pdf
    [2011/02/19 16:17:16 | 000,010,230 | ---- | M] () -- C:\Users\Andreita\Documents\MARKETING REAL ESTATE&PARALEGAL SERVICES.odt
    [2011/02/19 14:40:02 | 000,000,119 | -H-- | M] () -- C:\Users\Andreita\Documents\.~lock.michelleq.odt#
    [2011/02/19 14:34:18 | 000,000,119 | -H-- | M] () -- C:\Users\Andreita\Documents\.~lock.Andreita carta Emmaus.odt#
    [2011/02/18 14:35:55 | 000,011,037 | ---- | M] () -- C:\Users\Andreita\Documents\michelleq.odt
    [2011/02/18 10:28:19 | 000,014,706 | ---- | M] () -- C:\Users\Andreita\Documents\Andreita carta Emmaus.odt
    [2011/02/15 13:52:44 | 000,015,267 | ---- | M] () -- C:\Users\Andreita\Desktop\3779Gardenia-LIST.pdf
    [2011/02/15 12:52:28 | 003,625,472 | ---- | M] () -- C:\Users\Andreita\Desktop\Mi_Filosofia_Favorita.pps
    [2011/02/14 14:31:49 | 000,102,148 | ---- | M] () -- C:\Users\Andreita\Desktop\Real E Andrea's reference.pdf
    [2011/02/14 14:17:18 | 004,898,406 | ---- | M] () -- C:\Users\Andreita\Desktop\Real E Andrea's offer Daniel reference.bmp
    [2011/02/14 14:16:41 | 006,710,538 | ---- | M] () -- C:\Users\Andreita\Desktop\Real E Andrea Offer's check.bmp

    ========== Files Created - No Company Name ==========

    [2011/03/13 10:36:24 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
    [2011/03/13 10:35:57 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2011/03/13 10:35:43 | 072,497,289 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2011/03/12 22:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/12 22:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/12 22:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/12 22:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/12 22:11:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/05 17:00:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
    [2011/03/05 17:00:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
    [2011/03/05 17:00:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
    [2011/03/05 09:34:14 | 000,178,176 | ---- | C] () -- C:\Users\Andreita\Documents\LABALANZACONAUDIO.pps
    [2011/03/05 00:52:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2011/03/05 00:42:14 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
    [2011/03/05 00:28:33 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
    [2011/03/05 00:28:32 | 000,002,449 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
    [2011/02/26 18:04:42 | 1063,690,240 | -HS- | C] () -- C:\hiberfil.sys
    [2011/02/25 10:24:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
    [2011/02/25 10:24:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
    [2011/02/24 19:31:30 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
    [2011/02/24 16:03:11 | 000,026,100 | ---- | C] () -- C:\Users\Andreita\Desktop\GreenCard.pdf
    [2011/02/23 11:38:43 | 000,027,012 | ---- | C] () -- C:\Users\Andreita\Documents\Real Estate Disclosure 4441 West White water Ave, Weston.pdf
    [2011/02/21 13:45:45 | 001,188,865 | ---- | C] () -- C:\Users\Andreita\Documents\Real E 4441 W Whitewater Ave.pdf
    [2011/02/19 16:03:03 | 000,010,230 | ---- | C] () -- C:\Users\Andreita\Documents\MARKETING REAL ESTATE&PARALEGAL SERVICES.odt
    [2011/02/19 14:40:02 | 000,000,119 | -H-- | C] () -- C:\Users\Andreita\Documents\.~lock.michelleq.odt#
    [2011/02/19 14:34:18 | 000,000,119 | -H-- | C] () -- C:\Users\Andreita\Documents\.~lock.Andreita carta Emmaus.odt#
    [2011/02/18 14:35:53 | 000,011,037 | ---- | C] () -- C:\Users\Andreita\Documents\michelleq.odt
    [2011/02/18 01:05:31 | 000,014,706 | ---- | C] () -- C:\Users\Andreita\Documents\Andreita carta Emmaus.odt
    [2011/02/15 13:52:39 | 000,015,267 | ---- | C] () -- C:\Users\Andreita\Desktop\3779Gardenia-LIST.pdf
    [2011/02/15 13:29:37 | 000,045,208 | ---- | C] () -- C:\Users\Andreita\Desktop\JennySM.jpg
    [2011/02/15 12:52:26 | 003,625,472 | ---- | C] () -- C:\Users\Andreita\Desktop\Mi_Filosofia_Favorita.pps
    [2011/02/14 14:31:48 | 000,102,148 | ---- | C] () -- C:\Users\Andreita\Desktop\Real E Andrea's reference.pdf
    [2011/02/14 14:17:18 | 004,898,406 | ---- | C] () -- C:\Users\Andreita\Desktop\Real E Andrea's offer Daniel reference.bmp
    [2011/02/14 14:16:41 | 006,710,538 | ---- | C] () -- C:\Users\Andreita\Desktop\Real E Andrea Offer's check.bmp
    [2010/09/05 15:17:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/05/22 19:39:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/05/22 19:39:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
    [2008/01/27 16:56:00 | 000,005,972 | ---- | C] () -- C:\Users\Andreita\AppData\Local\d3d9caps.dat
    [2008/01/12 19:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/12/26 02:30:55 | 000,036,352 | ---- | C] () -- C:\Users\Andreita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/11/13 16:01:44 | 003,395,343 | ---- | C] () -- C:\Program Files\openofficeorg4.cab
    [2007/11/13 16:00:51 | 067,695,863 | ---- | C] () -- C:\Program Files\openofficeorg3.cab
    [2007/11/13 15:49:19 | 017,646,967 | ---- | C] () -- C:\Program Files\openofficeorg2.cab
    [2007/11/13 15:48:24 | 018,827,152 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
    [2007/11/13 15:47:02 | 004,364,800 | ---- | C] () -- C:\Program Files\openofficeorg23.msi
    [2007/11/13 15:47:02 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
    [2007/09/25 09:04:01 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
    [2007/09/25 09:04:00 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
    [2007/09/25 08:18:57 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2007/08/14 03:30:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2007/08/13 00:47:50 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
    [2007/08/13 00:47:50 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2007/08/13 00:47:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2007/08/13 00:40:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
    [2007/08/13 00:00:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2007/08/12 23:58:20 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2007/08/12 23:37:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/08/12 23:36:23 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/08/12 23:36:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
    [2007/08/12 23:36:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2007/04/25 19:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
    [2007/04/25 19:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
    [2007/04/25 19:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
    [2007/04/25 19:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
    [2007/04/25 19:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
    [2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
    [2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,255,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,108,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2011/02/24 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer
    [2011/02/24 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
    [2011/02/24 16:28:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
    [2007/12/25 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Acer
    [2011/03/04 21:39:35 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\AVG9
    [2009/06/07 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\FloodLightGames
    [2009/10/27 00:00:32 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\GetRightToGo
    [2011/03/12 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\IObit
    [2010/09/18 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\IrfanView
    [2007/12/25 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Leadertech
    [2010/04/29 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\OpenOffice.org
    [2009/06/07 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\SpinTop
    [2008/01/12 19:51:10 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Thunderbird
    [2011/03/13 00:21:08 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  10. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    OTL (2 of 2)

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/08/13 00:44:54 | 000,003,380 | ---- | M] () -- C:\-20070812.log
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2007/08/13 00:17:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/03/12 22:43:07 | 000,009,434 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/03/13 10:52:40 | 1063,690,240 | -HS- | M] () -- C:\hiberfil.sys
    [2005/08/16 11:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
    [2006/11/30 02:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss
    [2011/03/13 10:52:38 | 1887,436,800 | -HS- | M] () -- C:\pagefile.sys
    [2007/08/12 23:59:05 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
    [2007/08/13 00:34:44 | 000,000,178 | ---- | M] () -- C:\setup.log
    [2010/05/17 22:36:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/05/19 23:16:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/07/21 01:44:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2009/11/04 04:20:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
    [2009/11/13 04:20:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
    [2009/11/25 00:39:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/04/23 21:41:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/04/26 10:52:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/04/26 11:19:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
    [2010/04/26 12:47:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/04/26 14:23:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/05/08 16:37:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/05/11 21:08:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/05/12 13:05:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/05/13 23:45:20 | 000,000,208 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/05/14 12:14:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/05/17 14:59:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/05/17 15:19:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/05/17 22:08:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/05/17 22:31:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/05/17 22:36:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/05/19 23:16:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/07/21 01:44:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2009/11/04 04:20:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2009/11/13 04:20:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2009/11/25 00:39:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/04/23 21:41:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/04/26 10:52:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/04/26 11:19:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2010/04/26 12:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/04/26 14:23:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/05/08 16:37:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/05/11 21:08:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/05/12 13:05:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/05/13 23:45:20 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/05/14 12:14:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/05/17 14:59:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/05/17 15:19:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/05/17 22:08:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/05/17 22:31:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2011/03/12 20:39:54 | 000,061,704 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_12.03.2011_19.37.08_log.txt
    [2007/08/13 00:44:26 | 001,718,938 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/05/20 01:03:42 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2002/03/11 04:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
    [2002/03/11 05:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
    [2007/11/13 15:48:24 | 018,827,152 | ---- | M] () -- C:\Program Files\openofficeorg1.cab
    [2007/11/13 15:49:19 | 017,646,967 | ---- | M] () -- C:\Program Files\openofficeorg2.cab
    [2007/11/13 15:47:02 | 004,364,800 | ---- | M] () -- C:\Program Files\openofficeorg23.msi
    [2007/11/13 16:00:51 | 067,695,863 | ---- | M] () -- C:\Program Files\openofficeorg3.cab
    [2007/11/13 16:01:44 | 003,395,343 | ---- | M] () -- C:\Program Files\openofficeorg4.cab
    [2007/11/13 15:47:02 | 000,000,217 | ---- | M] () -- C:\Program Files\setup.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/03/05 01:01:42 | 000,000,286 | -HS- | M] () -- C:\Users\Andreita\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/12/27 20:45:28 | 000,000,402 | -HS- | M] () -- C:\Users\Andreita\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0EEFE3F0
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F7DFDC37
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CDBFA5BD
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E73B14E2

    < End of report >
     
  11. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    OTL Extras

    OTL Extras logfile created on: 3/13/2011 11:35:14 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreita\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 28.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1800 3200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 68.77 Gb Total Space | 23.75 Gb Free Space | 34.53% Space Free | Partition Type: NTFS
    Drive D: | 68.56 Gb Total Space | 68.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

    Computer Name: ANDREITA-LAP | User Name: Andreita | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3BA69DD8-757D-45A9-87A9-6252E405DA11}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4665A4CA-C672-447B-A319-8D779FF717C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{57977C5B-4705-4277-93E1-0EA698C335C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7062EE33-1799-47F4-BB1C-1C3741908DE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{712E784F-28D6-483A-9C2E-DAC6E57DD5C2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{7EF18E0A-D3E8-4DAD-9888-70EF2BCC4280}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{842E124A-1007-4804-B426-669F911F0571}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{953706EB-F588-4541-9B60-67022F68B0E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A397464C-47C0-4851-8E5D-CFC1C36AFCAD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B803E97D-9624-42EA-A0F3-A3D0077DE7E9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C72D3329-92CF-433D-8A52-5CD26A34D0BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{D4DDB7E5-B3D1-4CD9-8C6C-5C51D8222141}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D814630F-B4CC-4A31-A5B1-7BDB76CDA214}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{FE02D7F0-9CA8-43EC-945F-F51A1B784FB1}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00C01E45-3E8B-4F94-8420-B7C746E829BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{06D10885-A32E-4A25-94F0-0F5E8287C26B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0E7916A2-0CD8-4F47-ADA0-BF0D1C2E9592}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1207D56E-70BA-4C13-B025-B53C4FBE744B}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
    "{16FBF7B4-F9D8-422B-A761-1486D18AF384}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
    "{185C8887-9E39-4D4A-B585-A42446C37900}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
    "{1AC9D904-ABBE-4FF6-B599-F33F4BD4A094}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1CC3B0B9-7C77-4212-8099-DA6A45A716D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{23B9A743-6D22-4B43-A0FC-0EE75414C0AB}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{28486F1B-2AA8-4968-8900-2EBFFAA50BCA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{298867A0-CACD-498E-96FE-E27CF0E66909}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
    "{300CD55A-D5A3-4DB3-A672-08086CF14848}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{34CA6A16-D92E-4350-A4FF-57A0C15CBE75}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{3583BF20-806A-4CCB-B6E0-EC2FC6AB2609}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3EDF0D51-5A8B-4C46-8AF6-7EF81BB6F577}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{417C437B-8AB8-46C7-8754-F8482783FAF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{474618F5-6314-4BA0-9CCA-B65C86C2B8A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{49EB82E5-6835-4298-9650-63EA762D603D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4A414F5E-8523-4F4E-9C1E-D7417B9535EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4DF10A23-29BC-41AF-882D-C3AE9F6BD68B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{586B9503-2ABD-4863-9A9E-5D3507001A13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5FE21CC9-F01A-4AEC-9D72-681D4ACF6628}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6076E25B-9AE6-422E-818A-3E9E5BD6B923}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{61A0211C-87DC-4DDD-8C7F-F1EE135E2A36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6517F41F-39DB-417A-8606-471F1A442DD5}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
    "{65730939-F6B1-469D-97FC-20CC9010CE18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{69276D00-DA23-4CF0-890A-2C32502640AB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{6C1A3E95-30DF-4944-9B7D-E2F4515A37F7}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
    "{6CD27DA6-1D92-4A1E-90E5-7E747C7A81A1}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
    "{71EA8A52-3E36-4C1C-B1E1-A8645CD97C6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{74BF34BD-345A-498F-BB4E-8245963E6DF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7B58169F-08E0-442F-A158-A15EA0E3A75F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7B63B487-F39B-40F3-A14C-78BEC9B6AA38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7B9DE3AE-3434-45F9-AA43-EF82B322A637}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7C4543F9-B7E1-4263-AAC3-16D5BC41E692}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
    "{7D15C13B-462F-4052-AD0A-9FE22196473C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7E5E74B8-A755-44D0-AB0C-CAB0146586B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{80B25419-4BAC-49B0-AF09-69D8EFB10D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{80EBEFE7-D621-4270-9CA8-EEC21B080475}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{82823B15-BCB9-44E3-838F-D0D3CAB62D24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{831F03DE-D6E1-482F-97F5-565591AC9FD2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8C462618-678C-4586-9FA2-B537C04CA58D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8D320AE6-A6C4-4F81-8DF6-644E90A30DCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8E1DDA0C-7504-4BB8-9288-62559CED0E80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8EF8EB30-56A0-4C01-AA7E-B3FAD1C522D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{95AC8EBD-C858-44AD-9637-F0716B8E0CFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{96D9BD63-E13B-455F-A95B-F0797043A3D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9781B8D8-B8D1-4DD7-B8F9-8D8B3736F056}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9CB25009-E086-4FAD-BD97-FCF0429A64E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9E18173E-3FC8-4EDD-81AB-FBEDA66DCE60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{A045CBAD-8B7C-4777-8545-ABD18B057D30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A07538E1-D4A4-44A1-9A5B-7C5D8B3B8DC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{A31E10E6-ADFF-43BC-A4AA-E3D61849FFF1}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{A9169034-2B51-4E61-8468-DDC3C12534A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ABCCF96E-64C4-47B3-A490-D98A32B6AA83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ADB4C707-02F8-48BA-94CC-F6CD17BDCFD1}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{B655E342-8AEA-4310-9C58-CC4C6920DA23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B688D972-9E51-4765-B7E0-527B22A22F0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BA608D37-2F30-46E1-8610-DD5B54996D40}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
    "{BB4D6E1D-C524-439F-B6F1-D651516B0B75}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{BB540B8A-D7B6-484A-A733-75D0FECE3502}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{C2459E70-33A3-4FF2-A323-9EA1089BDCBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C4A58528-0122-46F3-A349-F0F4ED4FDF97}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{C547E6D9-9D52-4107-BA50-332D951BDB06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C767D646-243B-463D-8AAC-C72B3B62CE9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D0076934-FBCD-4D9E-B496-8789D7B88A63}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
    "{D65570B2-E3BD-443F-ABD6-1AA483C613C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D68057BE-2152-42EF-BB52-4DC50333837A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D768E6CE-FCF7-46CB-9615-3F3F49272CE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D7C4C1C7-3FFD-4B75-AC78-0945A3A61D28}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{D955F72E-A88D-4F86-A41A-C03C8CCCDFC6}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
    "{D980ABA4-BD83-4D40-96ED-E23DBF4FDF21}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{DB893D5C-DB29-4085-8610-7C70D08F5193}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{DC44E388-CC92-447E-9989-EE90E20D6CB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E8DA877D-F23E-44E0-A1DD-F370433272C7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E964EA77-9F92-4D95-8F07-FA63A26C73DA}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
    "{E98FA1B7-B9ED-4B84-A91B-1E405F52CBDD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E9AB2733-7031-447F-873E-C010FC179B26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F3E269EF-C3A9-451A-9748-7D6C4D547467}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F691A8B2-7379-442D-8420-09BC84FE53D0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
    "{FB858BB7-64FA-44CF-A9DE-0299EE260BB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FD739D09-1085-4AB0-848B-75F94BA1049B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FE868B63-E0F2-43A4-A66E-424DE16F9987}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{BB0E080C-C422-4E3F-8270-AAF0803AEDA3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{D88A0962-1E4E-495B-95EE-C1508C4D915D}C:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{E2371FDB-A86F-449E-A0DB-C5D2B590D30A}C:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{6C3491AB-6AD6-47F7-859E-6839997BE7BF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{BA6A6DDF-C770-49B4-A7DA-09B2A146ADAC}C:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{E2536ADE-0041-4BE3-8243-11B83DBD8F16}C:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\andreita\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
    "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AVG9Uninstall" = AVG Free 9.0
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "doPDF 5 printer_is1" = doPDF 5.3 printer
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "IrfanView" = IrfanView (remove only)
    "LManager" = Launch Manager
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "outlookset" = Outlook Setup Tool
    "Picasa 3" = Picasa 3
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
    "workspacedesktop" = Workspace Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/13/2010 2:19:50 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description =

    Error - 10/13/2010 2:27:53 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/16/2010 9:29:45 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/17/2010 10:19:04 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/17/2010 11:22:00 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/17/2010 11:48:45 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 10/18/2010 11:13:03 AM | Computer Name = Andreita-Lap | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/18/2010 11:13:03 AM | Computer Name = Andreita-Lap | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/19/2010 3:59:50 PM | Computer Name = Andreita-Lap | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description =

    Error - 10/19/2010 11:17:34 PM | Computer Name = Andreita-Lap | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description =

    [ Media Center Events ]
    Error - 5/17/2009 10:06:33 PM | Computer Name = Andreita-Lap | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 6/10/2009 1:39:51 PM | Computer Name = Andreita-Lap | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/19/2010 11:49:37 PM | Computer Name = Andreita-Lap | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/3/2010 7:34:47 PM | Computer Name = Andreita-Lap | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 12/23/2010 11:15:39 AM | Computer Name = Andreita-Lap | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 3/12/2011 11:10:18 PM | Computer Name = Andreita-Lap | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.5 for the Network Card with network
    address 001DD912B7E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 3/12/2011 11:27:22 PM | Computer Name = Andreita-Lap | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.102 for the Network Card with network
    address 001DD912B7E1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 3/12/2011 11:48:33 PM | Computer Name = Andreita-Lap | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.2.5 for the Network Card with network
    address 001DD912B7E1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 3/13/2011 10:52:30 AM | Computer Name = Andreita-Lap | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 3/13/2011 10:52:38 AM | Computer Name = Andreita-Lap | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 3/13/2011 10:52:48 AM | Computer Name = Andreita-Lap | Source = HTTP | ID = 15016
    Description =

    Error - 3/13/2011 10:54:03 AM | Computer Name = Andreita-Lap | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.102 for the Network Card with network
    address 001DD912B7E1 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 3/13/2011 10:54:25 AM | Computer Name = Andreita-Lap | Source = Service Control Manager | ID = 7000
    Description =

    Error - 3/13/2011 10:54:25 AM | Computer Name = Andreita-Lap | Source = Service Control Manager | ID = 7009
    Description =

    Error - 3/13/2011 10:38:22 AM | Computer Name = Andreita-Lap | Source = iaStor | ID = 262153
    Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
    period.


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Good news :)

    Your Vista will run much better, if you add another 1GB of RAM.

    ========================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
      SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
      SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0EEFE3F0
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F7DFDC37
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CDBFA5BD
      @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E73B14E2
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    Java update, removal scans


    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sun Mar 13 12:48:20 2011

    Found and removed: C:\Program Files\Java\jre-6u3-windows-i586-p.exe

    Found and removed: C:\Program Files\Java\jre1.6.0_03

    Found and removed: C:\Program Files\Java\jre1.6.0_16

    Found and removed: C:\Users\Andreita\AppData\LocalLow\Sun\Java\jre1.6.0_03

    Found and removed: C:\Users\Andreita\AppData\LocalLow\Sun\Java\jre1.6.0_16

    Found and removed: C:\Users\Andreita\AppData\LocalLow\Sun\Java\jre1.6.0_20

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.160_03

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_16

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_16

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_16

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_16

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_16\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\JRE\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062F00

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062F00

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5








    All processes killed
    ========== OTL ==========

    Service LiveUpdate Notice Ex stopped successfully!
    Service LiveUpdate Notice Ex deleted successfully!
    Service CLTNetCnService stopped successfully!
    Service CLTNetCnService deleted successfully!
    Service LiveUpdate Notice Service stopped successfully!
    Service LiveUpdate Notice Service deleted successfully!
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\ProgramData\TEMP:0EEFE3F0 deleted successfully.
    ADS C:\ProgramData\TEMP:F7DFDC37 deleted successfully.
    ADS C:\ProgramData\TEMP:CDBFA5BD deleted successfully.
    ADS C:\ProgramData\TEMP:E73B14E2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Andreita
    ->Temp folder emptied: 117749262 bytes
    ->Temporary Internet Files folder emptied: 14624846 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 775 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4790 bytes
    RecycleBin emptied: 618 bytes

    Total Files Cleaned = 126.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Andreita
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03132011_125151

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  14. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    Security Check Complete

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 1 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG Free 9.0
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 8.2.1
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Empowering Technology eSettings Service capuserv.exe
    ``````````End of Log````````````
     
  15. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Uninstall:
    Java(TM) 6 Update 16
    Java(TM) 6 Update 3

    ==================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    =====================================================================

    Service Pack 2 installation will be due, but I need Eset scan first.
     
  16. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    ESET Scan

    Java update 16 is being stubbourn with Windows Add/Remove.

    Any other suggestions?

    Here is ESET result (Outlook setup tool file was an application from a GoDaddy desktop app for accessing webmail.)

    C:\Program Files\Starfield\Outlook Setup Tool\outlookset.exe probably a variant of Win32/Genetik trojan.


    Also...Windows updated snuck in while scan was running and forced updates. The result was detection of the following with "partial removal" by Windows Malicious Software Remover update (KB890830):


    Trojan:DOS/Alureon.A (?)

    Encyclopedia entry
    Updated: Dec 08, 2010 | Published: Aug 27, 2010

    Aliases
    Not available

    Alert Level (?)
    Severe

    Antimalware protection details
    Microsoft recommends that you download the latest definitions to get protected.
    Detection last updated:
    Definition: 1.95.141.0
    Released: Nov 18, 2010 Detection initially created:
    Definition: 1.87.1229.0
    Released: Aug 04, 2010


    --------------------------------------------------------------------------------

    On this page
    Summary|Symptoms|Technical Information|Prevention|Recovery




    --------------------------------------------------------------------------------


    Summary
    Trojan:DOS/Alureon.A is the detection for a variant of the Alureon malware family that infects the Master Boot Record (MBR).



    --------------------------------------------------------------------------------


    Symptoms
    Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.



    --------------------------------------------------------------------------------


    Technical Information (Analysis)
    Trojan:DOS/Alureon.A is the detection for a variant of the Alureon malware family that infects the Master Boot Record (MBR). It attempts to decrypt and execute the contents of a file named "ldr16".

    The file is stored on the encrypted virtual file system (VFS) created by Trojan:Win32/Alureon.DX.



    Are we there yet?

    MZ
     
  17. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Starfield\Outlook Setup Tool\outlookset.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  18. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    OTL (Outlooksetuptool)

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Starfield\Outlook Setup Tool\outlookset.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Andreita
    ->Temp folder emptied: 260729 bytes
    ->Temporary Internet Files folder emptied: 14674364 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 14.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Andreita
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03132011_180052

    Files\Folders moved on Reboot...
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLMEK4XR\crosspixel-dest[2].htm moved successfully.
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLMEK4XR\topic162398[2].html moved successfully.
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7CHNZ55\sh33[1].html moved successfully.
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  19. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    JavaRa Rerun

    Here is the log from rerunning JavaRa to try and remove update 16

    I noticed in Windows Add/Remove looks like just a shortcut remnant as it has no icon

    JavaRa 1.16 Removal Log.
    The JavaRa removal process was started on Sun Mar 13 18:16:54 2011

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

    There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

    ------------------------------------

    Finished reporting.
     
  20. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Whenever ready.
     
  21. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    Restore Point, final tasks...Squeeky Clean :)

    Thanks Dude....things are screaming along now.

    Now we just need to fix my other laptop from crashing during bootup....off to my other thread

    TechSpot is THE BEST!!

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Andreita
    ->Temp folder emptied: 240786 bytes
    ->Temporary Internet Files folder emptied: 3371436 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 106537 bytes

    Total Files Cleaned = 4.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Andreita
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.22.3 log created on 03132011_182934

    Files\Folders moved on Reboot...
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBM5EQAN\crosspixel-dest[1].htm moved successfully.
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF3KSFOX\sh33[1].html moved successfully.
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IBRCSF6\topic162398[1].html moved successfully.
    C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  23. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    COMPLETELY Screwed it up

    Broni...

    Not sure you can help but perhaps point me elsewhere...

    Updated everything without incident. Running SP2 now. Launched my real estate MLS system which is ActiveX and JS dependent and it would not perform searches. Kept creating an error:

    Log : JS Exception caught in http://sef.mlxchange.com/5.2.06.12571/Search/Listing/ListingSearchFrame.asp - Window.OnError: JS Exception caught in SearchFrame.js - searchCheckAndShow: JS Exception caught in SearchFrame.js - searchSaveCheck: JS Exception caught in ClientListMS.htc - GetValue (-2146827850): Object doesn't support this property or method in line 510 Call Stack: searchSubmit(sTarget,p_bEnforceLimit,p_bDisplay,p_bWithResults)
    Date : Sun Mar 13 2011 - 23:32:43 EDT

    In spite of the Redirect Virus...the system was functional before our "scrubbing" over the weekend.

    Spent 4 hours on phone with the service's tech support to no avail. We loaded and reloaded all the ActiveX controls but it still didnt work. I thought (my first problem) it might be remnants of the Java registry entries and did an uninstall of ALL Java and had the Advanced System Care's uninstaller remove all the registry stuff.

    I now cannot download or fix JRE...won't even download from java.com page (IE crashes)

    Java control panel is present (icon) but unreponsive.

    Any ideas?

    Mark
     
  24. Broni

    Broni Malware Annihilator Posts: 48,011   +271

    Well, I'm surely not familiar with your program, so I doubt I can help there, but....did you try different browser, like Firefox?
     
  25. MarkZaff

    MarkZaff TS Rookie Topic Starter Posts: 45

    Firefox....No can do

    The system is ONLY compatable with IE
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.