TechSpot

Search redirecting

By bcrens7
May 19, 2011
  1. my searches keep being redirected and was playing ads with nuthing open

    Malwarebytes
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6613

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    5/19/2011 8:00:18 PM
    mbam-log-2011-05-19 (20-00-18).txt

    Scan type: Quick scan
    Objects scanned: 161912
    Time elapsed: 4 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER
    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-19 20:14:55
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 Hitachi_HTS543225L9A300 rev.FBEOC44C
    Running: 015f7plo.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwryrfoc.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort1 85DDA1ED
    Device \Driver\atapi \Device\Ide\IdePort2 85DDA1ED
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 85DDA1ED

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:308] 85DDEE7A
    Thread System [4:312] 85DE1008

    ---- EOF - GMER 1.0.15 ----

    DDS
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.19019
    Run by Owner at 20:27:08 on 2011-05-19
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.588 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKslc0205903;MpKslc0205903;c:\programdata\microsoft\microsoft antimalware\definition updates\{d6b71497-b6d0-45b5-a4a4-cee70b01aa56}\MpKslc0205903.sys [2011-5-19 28752]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-05-20 02:59:09 -------- d-----w- c:\users\owner\appdata\local\Adobe
    2011-05-20 02:01:28 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d6b71497-b6d0-45b5-a4a4-cee70b01aa56}\MpKslc0205903.sys
    2011-05-19 04:40:52 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2011-05-19 04:40:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-19 04:40:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-19 04:40:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-19 03:39:24 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-05-19 03:38:42 7071056 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-05-19 03:37:55 7071056 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d6b71497-b6d0-45b5-a4a4-cee70b01aa56}\mpengine.dll
    2011-05-18 03:06:57 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c9fa5c9e-2621-4805-a400-e2f0b92133c4}\gapaengine.dll
    2011-05-18 03:03:05 -------- d-----w- c:\program files\Microsoft Security Client
    2011-05-18 02:44:37 -------- d-----w- c:\program files\Startup Optimizer
    2011-05-17 03:06:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-17 03:06:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-17 01:39:31 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-05-16 00:11:44 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d716964a-06af-4bf6-91a7-b5a9c15d9d54}\mpengine.dll
    2011-05-13 01:50:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-04-27 01:06:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 01:06:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 01:06:39 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    .
    ==================== Find3M ====================
    .
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-05 04:01:04 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-03-05 04:01:04 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-22 13:24:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-22 13:24:02 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-22 13:23:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-22 13:23:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    .
    ============= FINISH: 20:27:41.92 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/3/2008 7:22:05 AM
    System Uptime: 5/19/2011 7:00:16 PM (1 hours ago)
    .
    Motherboard: Wistron | | 303C
    Processor: AMD Athlon Dual-Core QL-62 | Socket A | 2000/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 126.614 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.578 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP535: 3/11/2011 4:26:07 PM - Windows Update
    RP536: 3/15/2011 8:14:59 PM - Windows Update
    RP537: 3/18/2011 8:48:04 PM - Windows Update
    RP538: 3/22/2011 7:53:22 PM - Windows Update
    RP539: 3/23/2011 5:30:52 PM - Windows Update
    RP540: 3/24/2011 5:19:55 PM - Windows Update
    RP541: 3/26/2011 12:23:54 PM - Windows Modules Installer
    RP542: 3/26/2011 12:42:49 PM - Windows Update
    RP543: 3/29/2011 5:56:31 PM - Windows Update
    RP544: 4/1/2011 10:17:53 PM - Windows Update
    RP545: 4/2/2011 10:31:23 PM - Installed Adobe Reader X.
    RP546: 4/5/2011 5:38:13 PM - Windows Update
    RP547: 4/9/2011 2:35:34 PM - Windows Update
    RP548: 4/13/2011 7:16:21 PM - Windows Update
    RP549: 4/14/2011 7:27:30 PM - Windows Update
    RP550: 4/16/2011 10:39:49 PM - Windows Update
    RP551: 4/17/2011 9:52:33 PM - Removed EasyTether
    RP552: 4/19/2011 6:31:05 PM - Windows Update
    RP553: 4/22/2011 6:52:00 PM - Windows Update
    RP554: 4/22/2011 6:57:10 PM - Windows Update
    RP555: 4/26/2011 6:02:15 PM - Windows Update
    RP556: 4/27/2011 8:09:12 PM - Windows Update
    RP557: 4/29/2011 9:00:02 PM - Windows Update
    RP558: 5/4/2011 5:51:28 AM - Windows Update
    RP559: 5/6/2011 9:57:34 PM - Windows Update
    RP560: 5/11/2011 6:36:21 PM - Windows Update
    RP561: 5/12/2011 6:43:34 PM - Windows Update
    RP562: 5/13/2011 6:18:55 AM - Windows Update
    RP563: 5/15/2011 5:11:08 PM - Windows Update
    RP564: 5/16/2011 6:38:38 PM - Windows Update
    RP565: 5/16/2011 6:47:08 PM - Windows Update
    RP566: 5/17/2011 7:38:59 PM - Windows Update
    RP567: 5/17/2011 8:04:11 PM - Windows Update
    RP568: 5/18/2011 8:33:48 AM - Windows Backup
    RP569: 5/18/2011 8:37:25 PM - Windows Update
    RP570: 5/18/2011 10:31:20 PM - Removed Password Resetter
    RP571: 5/18/2011 10:33:41 PM - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    A Gypsy's Tale: Tower of Secrets
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player
    Affair Bureau
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Funhouse II
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Prints
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Atheros Driver Installation Program
    Audible Download Manager
    AudibleManager
    Barnyard's Sherlock's Hooves
    Big Fish Games: Game Manager
    Bigfoot: Chasing Shadows
    Bonjour
    Canon Easy-WebPrint EX
    Canon MP Navigator EX 3.1
    Canon MX340 series MP Drivers
    Canon MX340 series User Registration
    Canon Speed Dial Utility
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Cards
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink DVD Suite
    Dream Chronicles - The Book of Air Collector's Edition
    Dream Day Wedding - Bella Italia
    Enlightenus
    Epic Adventures - La Jangada
    Escape from Frankenstein's Castle
    ESU for Microsoft Vista
    Gardenscapes
    Google Chrome
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Games
    HP Help and Support
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPTCSSetup
    iTunes
    Jade Rousseau The Secret Revelations
    Java(TM) 6 Update 7
    Juno Preloader
    King's Legacy
    Lost Fortunes
    Malwarebytes' Anti-Malware
    Masquerade Mysteries - Case of the Copycat Curator
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Midnight Mysteries- Salem Witch Trials
    Millionaire Manor: The Hidden Object Show 3
    MobileMe Control Panel
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Mystery of Mortlake Mansion
    NetWaiting
    NetZero Preloader
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenAL
    PANTECH UM175 Driver
    Phantasmat
    Power2Go
    PowerDirector
    PVSonyDll
    QuickTime
    Realtek USB 2.0 Card Reader
    Robinson Crusoe and the Cursed Pirates
    Royal Trouble
    Safari
    Scrapbook
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shutter Island
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Star Crossed Love
    Startup Optimizer 1.6
    Synaptics Pointing Device Driver
    The Magician's Handbook 2: BlackLore
    Three Cards to Midnight
    Time Riddles: The Mansion
    Unlikely Suspects
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Update Installer for WildTangent Games App
    Vampire Saga - Pandora's Box
    VZAccess Manager
    WildTangent Games App (HP Games)
    Yahoo! Toolbar
    Youda Survivor
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/19/2011 7:02:17 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/19/2011 6:53:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    5/19/2011 6:52:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/19/2011 6:52:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/19/2011 6:52:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    5/19/2011 6:52:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/19/2011 6:52:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/19/2011 6:22:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
    5/19/2011 6:21:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/19/2011 6:21:29 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    5/18/2011 9:48:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/18/2011 8:38:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1952.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    5/18/2011 8:29:41 AM, Error: EventLog [6008] - The previous system shutdown at 11:18:10 PM on 5/17/2011 was unexpected.
    5/18/2011 10:49:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    5/18/2011 10:38:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    5/17/2011 8:42:51 PM, Error: EventLog [6008] - The previous system shutdown at 8:28:11 PM on 5/17/2011 was unexpected.
    5/17/2011 7:46:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1845.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    5/17/2011 7:46:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1845.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    5/16/2011 9:59:17 PM, Error: EventLog [6008] - The previous system shutdown at 9:55:59 PM on 5/16/2011 was unexpected.
    5/16/2011 6:53:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    5/16/2011 6:33:45 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00234E5EB72E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    5/16/2011 6:18:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    5/16/2011 6:17:24 PM, Error: EventLog [6008] - The previous system shutdown at 6:13:11 PM on 5/16/2011 was unexpected.
    5/16/2011 6:11:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
    5/16/2011 6:11:06 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/16/2011 6:10:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    5/16/2011 6:10:36 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/16/2011 6:10:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    5/16/2011 6:09:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    5/16/2011 6:09:14 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/16/2011 6:09:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    5/16/2011 5:49:58 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    5/16/2011 5:07:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    5/16/2011 4:31:45 PM, Error: EventLog [6008] - The previous system shutdown at 1:26:00 PM on 5/16/2011 was unexpected.
    5/15/2011 5:16:32 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2011 5:16:00 PM, Error: EventLog [6008] - The previous system shutdown at 5:11:52 PM on 5/15/2011 was unexpected.
    5/12/2011 6:55:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    5/12/2011 6:55:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/12/2011 6:47:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ====================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  3. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-19 20:44:57
    -----------------------------
    20:44:57.874 OS Version: Windows 6.0.6002 Service Pack 2
    20:44:57.874 Number of processors: 2 586 0x301
    20:44:57.874 ComputerName: ARJSRB650Z UserName: Owner
    20:45:00.177 Initialize success
    20:45:02.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
    20:45:02.460 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC44C Size: 238475MB BusType: 3
    20:45:04.467 Disk 0 MBR read successfully
    20:45:04.472 Disk 0 MBR scan
    20:45:04.477 Disk 0 unknown MBR code
    20:45:06.484 Disk 0 scanning sectors +488390656
    20:45:06.540 Disk 0 scanning C:\Windows\system32\drivers
    20:45:14.989 Service scanning
    20:45:16.526 Disk 0 trace - called modules:
    20:45:16.543 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85dda1ed]<<
    20:45:16.548 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856bdac8]
    20:45:16.553 3 CLASSPNP.SYS[877658b3] -> nt!IofCallDriver -> [0x84ca58d8]
    20:45:16.559 5 acpi.sys[875d36bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x84c875a8]
    20:45:16.567 \Driver\atapi[0x84c71490] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85dda1ed
    20:45:16.574 Scan finished successfully
    20:45:51.017 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    20:45:51.028 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6002 (Service Pack 2)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8C80F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9793536 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.44 )
    0x82004000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
    0x82004000 PnpManager 3846144 bytes
    0x82004000 RAW 3846144 bytes
    0x82004000 WMIxWDM 3846144 bytes
    0x97400000 Win32k 2113536 bytes
    0x97400000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x87CDF000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
    0x88283000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
    0x8800A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8E003000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x8BD4C000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1036288 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
    0x8817B000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8D214000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
    0x8746C000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0x9CEF2000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x87C02000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
    0x8E106000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x9CC0F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
    0x8780B000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
    0x8D168000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x87A9F000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
    0x8BCA1000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x87789000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x8754C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x9CD16000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x87942000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
    0x87E17000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
    0x9CE87000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x97650000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x879AC000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
    0x8769F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8E2E2000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x875CB000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x8742B000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x878EC000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8BF1C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0x8BC54000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8E393000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x87EB0000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver)
    0x8BE8F000 C:\Windows\system32\drivers\CHDRT32.sys 241664 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
    0x88140000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x9CE0E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x8839B000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8BE49000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x823AF000 ACPI_HAL 208896 bytes
    0x823AF000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x87F5A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8E32A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8BC01000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
    0x8D2F8000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x8BECA000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x87F0D000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers)
    0x88115000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8D3C1000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x9CCCF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x9CE5F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x87F9C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x8E212000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0x87622000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x87A39000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
    0x87A13000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x8BEF7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x8D354000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x87760000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x9CDCE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x87EEC000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003)
    0x8E265000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x87F39000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
    0x9CDEF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x878B4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9CD83000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0x87658000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
    0x879F8000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86))
    0x88268000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x8BF73000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x87745000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
    0x87B65000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort))
    0x878D2000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort))
    0x8772B000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module)
    0x9CDA0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8BFA4000 C:\Users\Owner\AppData\Local\Temp\kwryrfoc.sys 102400 bytes
    0x8BD2E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x87B7F000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort))
    0x9CE47000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8E3D9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x8D332000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x87A73000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
    0x87A89000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
    0x8BF8E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8E35C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x8E2B8000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9CDB9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8D39A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x883DC000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
    0x87E79000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
    0x87A5F000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
    0x8D386000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x8E1D6000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
    0x8E2CE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x87BC2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x9CD03000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8E380000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x87FC3000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x8BE7E000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x87412000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x87F8C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x8E1F3000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x87B3D000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
    0x9CCBF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8771B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x8D3AF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x87649000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0x8BF64000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x883F1000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x87674000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x87BAA000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
    0x8D377000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8BC92000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x87690000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x97640000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8E372000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x87CC4000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
    0x8E2A1000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x8E1C8000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
    0x876F0000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x875BD000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x8E3F0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8E1BB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x87CD2000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
    0x87E6C000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver)
    0x8C800000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x87B4D000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
    0x87B59000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport)
    0x87E8E000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver)
    0x9CFDA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8E259000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8D208000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
    0x9CC00000 C:\Users\Owner\AppData\Local\Temp\aswMBR.sys 45056 bytes
    0x8D3F5000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x87937000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver)
    0x87BDA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8BC33000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x87CB9000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86)
    0x8E296000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8D349000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x87E9A000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver)
    0x87EA5000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver)
    0x8D327000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x87FF4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x87686000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8BF5A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x87B33000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver)
    0x87B97000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86)
    0x9CFEE000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
    0x8792D000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
    0x8D3EB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x9CCF9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8E3CF000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x9CFD0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x8BC4A000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0x88000000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x8E239000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8E1EA000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x8BFCF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x8E2AF000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x97620000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x87BA1000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x87BB9000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x87611000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x878AC000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x87423000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x87713000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
    0x8E250000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
    0x8E20A000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8761A000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8BC42000 C:\Windows\system32\DRIVERS\nvsmu.sys 32768 bytes (NVIDIA Corporation, NVIDIA nForce(TM) SMU Microcontroller Driver)
    0x8E286000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8E28E000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x883D4000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x87781000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
    0x88393000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
    0x9CFE6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
    0x87705000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
    0x8770C000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
    0x8E249000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x8E203000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x876E9000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0x8740B000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x9CEE4000 C:\Users\Owner\AppData\Local\Temp\mbr.sys 28672 bytes
    0x8E242000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x876FE000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8BD46000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x9CED6000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6B71497-B6D0-45B5-A4A4-CEE70B01AA56}\MpKslc0205903.sys 24576 bytes (Microsoft Corporation, KSLDriver)
    0x87BD5000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
    0x8BC3E000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x9CEEE000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0x87683000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x8D166000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.44 )
    0x8D3BF000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8BC31000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0x00990000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x8449E720 ] PID: 3864, 110592 bytes
    0x85DDBA91 Unknown page with executable code, 1391 bytes
    0x85DDE860 Unknown page with executable code, 1952 bytes
    0x85DDE781 Unknown page with executable code, 2175 bytes
    0x85DE0718 Unknown page with executable code, 2280 bytes
    0x85DE05B1 Unknown page with executable code, 2639 bytes
    0x85DDA288 Unknown page with executable code, 3448 bytes
    0x85DDC191 Unknown page with executable code, 3695 bytes
    0x85DDEE7A Unknown thread object [ ETHREAD 0x86013020 ] TID: 308, 600 bytes
    0x85DE1008 Unknown thread object [ ETHREAD 0x86016020 ] TID: 312, 600 bytes
    0x85DE00DE Unknown thread object [ ETHREAD 0x860155D0 ] , 600 bytes
    0x85DDEB45 Unknown thread object [ ETHREAD 0x86018538 ] , 600 bytes
    0x85DE0CDC Unknown page with executable code, 804 bytes
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    I try to run it an nothing happins
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Rename TDSSKiller.exe to broni.com and try again.
     
  7. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    still nothing it asks for permission to continue then i click continue then nothing happins
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Run aswMBR.exe again...

    • Click the Scan button as before.
    • Once the scan has completed, the Fix button should become active - click it.
    • If FixMBR becomes active instead, click that one.
    • The tool will decide which option to give you, but take Fix first, if it's offered.
    • Once complete, click Save log as before, save it to your desktop and post in your next reply.
     
  9. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-19 21:11:35
    -----------------------------
    21:11:35.717 OS Version: Windows 6.0.6002 Service Pack 2
    21:11:35.717 Number of processors: 2 586 0x301
    21:11:35.733 ComputerName: ARJSRB650Z UserName: Owner
    21:11:37.184 Initialize success
    21:11:47.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
    21:11:47.651 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC44C Size: 238475MB BusType: 3
    21:11:49.679 Disk 0 MBR read successfully
    21:11:49.679 Disk 0 MBR scan
    21:11:49.679 Disk 0 unknown MBR code
    21:11:51.707 Disk 0 scanning sectors +488390656
    21:11:51.738 Disk 0 scanning C:\Windows\system32\drivers
    21:11:58.509 Service scanning
    21:11:59.897 Disk 0 trace - called modules:
    21:11:59.913 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85dda1ed]<<
    21:11:59.928 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856bdac8]
    21:11:59.928 3 CLASSPNP.SYS[877658b3] -> nt!IofCallDriver -> [0x84ca58d8]
    21:11:59.944 5 acpi.sys[875d36bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x84c875a8]
    21:11:59.944 \Driver\atapi[0x84c71490] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x85dda1ed
    21:11:59.960 Scan finished successfully
    21:12:20.115 Disk 0 Windows 600 MBR fixed successfully
    21:12:28.851 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
    21:12:28.867 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Did you actually click on Fix button, or Fix MBR button?
     
  11. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    i clicked fixmbr
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OK, see if broni.com will run now.

    Also....

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  13. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    it still wont run


    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    main(): CreateFile() ERROR 5
    ERROR: Can't open volume device \\.\C:

    Done;
    Press any key to quit...
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    ComboFix 11-05-18.04 - Owner 05/19/2011 21:51:42.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1124 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\dfinstall.log
    C:\Install.exe
    .
    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-20 04:27 . 2011-05-20 04:27 -------- d-----w- c:\program files\7-Zip
    2011-05-20 02:59 . 2011-05-20 02:59 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
    2011-05-19 04:40 . 2011-05-19 04:40 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2011-05-19 04:40 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-19 04:40 . 2011-05-19 04:40 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-19 04:40 . 2011-05-19 04:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-19 03:39 . 2011-05-19 03:39 -------- d-----w- c:\windows\system32\MpEngineStore
    2011-05-19 03:38 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-05-19 03:37 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6B71497-B6D0-45B5-A4A4-CEE70B01AA56}\mpengine.dll
    2011-05-18 03:06 . 2011-05-18 03:06 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9FA5C9E-2621-4805-A400-E2F0B92133C4}\gapaengine.dll
    2011-05-18 03:03 . 2011-05-18 03:03 -------- d-----w- c:\program files\Microsoft Security Client
    2011-05-18 02:44 . 2011-05-18 02:46 -------- d-----w- c:\program files\Startup Optimizer
    2011-05-17 03:06 . 2011-05-19 03:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-17 03:06 . 2011-05-17 03:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-05-17 01:39 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-05-16 00:11 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D716964A-06AF-4BF6-91A7-B5A9C15D9D54}\mpengine.dll
    2011-05-13 01:50 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-27 01:06 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-27 01:06 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 01:06 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 17:03 . 2011-04-14 02:25 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03 . 2011-04-14 02:25 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-05 04:01 . 2011-03-05 04:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2011-03-05 04:01 . 2011-03-05 04:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-03-03 15:42 . 2011-04-14 02:25 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40 . 2011-04-27 01:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-27 01:06 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-27 01:06 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-27 01:06 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:25 . 2011-04-14 02:25 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44 . 2011-04-14 02:25 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 14:13 . 2011-03-23 02:58 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-03-23 02:58 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-03-23 02:58 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-22 13:24 . 2011-04-14 02:25 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-02-22 13:24 . 2011-04-14 02:25 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-02-22 13:23 . 2011-04-14 02:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-22 13:23 . 2011-04-14 02:25 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 MpKsl38beb9ab;MpKsl38beb9ab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C358436C-9E52-4FBC-8BFD-DC180309B088}\MpKsl38beb9ab.sys [x]
    R1 MpKsld6135393;MpKsld6135393;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C358436C-9E52-4FBC-8BFD-DC180309B088}\MpKsld6135393.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [x]
    R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [x]
    R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [x]
    R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [x]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287658305-3274667073-239356186-1001Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 07:18]
    .
    2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287658305-3274667073-239356186-1001UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 07:18]
    .
    2009-05-09 c:\windows\Tasks\HPCeeScheduleForBBY.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-25 18:34]
    .
    2011-05-18 c:\windows\Tasks\HPCeeScheduleForOwner.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-25 18:34]
    .
    2011-05-20 c:\windows\Tasks\User_Feed_Synchronization-{E460A85A-CFCD-4196-9C52-674F5B4C539C}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-12 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-WT067419 - c:\program files\HP Games\G.H.O.S.T. Hunters
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-19 22:03
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\Owner\AppData\Local\Temp\catchme.dll 53248 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-05-19 22:19:34
    ComboFix-quarantined-files.txt 2011-05-20 05:19
    .
    Pre-Run: 135,471,202,304 bytes free
    Post-Run: 136,394,235,904 bytes free
    .
    - - End Of File - - 10DB5E1996FB375D3C99A6F86E4FDCDD
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    That looks good :)

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    OTL logfile created on: 5/20/2011 8:12:14 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.01 Gb Total Space | 126.62 Gb Free Space | 57.04% Space Free | Partition Type: NTFS
    Drive D: | 10.88 Gb Total Space | 1.46 Gb Free Space | 13.42% Space Free | Partition Type: NTFS

    Computer Name: ARJSRB650Z | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/20 20:10:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/04/10 23:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/20 20:10:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/06/05 09:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/05/09 12:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/04/27 12:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/01/29 06:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    O1 HOSTS File: ([2011/05/19 22:03:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\Pictures\2010-03-18\080.JPG
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\2010-03-18\080.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/20 20:10:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/05/19 22:19:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/19 22:19:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/19 22:19:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2011/05/19 21:44:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/19 21:44:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/19 21:44:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/19 21:40:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/19 21:39:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/19 21:39:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/19 21:28:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\bootkit_remover
    [2011/05/19 21:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/05/19 21:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/05/19 21:06:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
    [2011/05/19 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\broni.com
    [2011/05/19 20:44:12 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2011/05/19 19:59:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
    [2011/05/19 19:53:39 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
    [2011/05/19 18:16:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Simply Super Software
    [2011/05/19 18:14:08 | 010,905,616 | ---- | C] (Simply Super Software ) -- C:\Users\Owner\Desktop\trjsetup682.exe
    [2011/05/18 21:40:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2011/05/18 21:40:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/18 21:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/18 21:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/18 21:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/18 20:39:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
    [2011/05/17 20:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/05/17 19:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Optimizer
    [2011/05/16 20:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/16 20:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/05/16 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/05/15 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
    [2011/05/13 13:21:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\broni.com.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/20 20:11:54 | 000,609,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/20 20:11:54 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/20 20:10:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/05/20 20:08:52 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E460A85A-CFCD-4196-9C52-674F5B4C539C}.job
    [2011/05/20 20:03:55 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/05/20 20:03:55 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/05/20 20:03:45 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/20 20:03:44 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/20 20:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/20 20:03:13 | 1877,344,256 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/19 22:23:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1287658305-3274667073-239356186-1001UA.job
    [2011/05/19 22:03:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/19 21:39:19 | 004,351,992 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/05/19 21:27:23 | 001,110,476 | ---- | M] () -- C:\Users\Owner\Desktop\7z920.exe
    [2011/05/19 21:26:26 | 000,039,605 | ---- | M] () -- C:\Users\Owner\Desktop\bootkit_remover.rar
    [2011/05/19 21:12:28 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
    [2011/05/19 20:58:22 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\broni.com.exe
    [2011/05/19 20:58:10 | 001,280,208 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2011/05/19 20:44:28 | 000,133,632 | ---- | M] () -- C:\Users\Owner\Desktop\RKUnhookerLE.EXE
    [2011/05/19 20:44:17 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2011/05/19 19:53:44 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
    [2011/05/19 19:53:02 | 000,302,080 | ---- | M] () -- C:\Users\Owner\Desktop\015f7plo.exe
    [2011/05/19 19:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1287658305-3274667073-239356186-1001Core.job
    [2011/05/19 19:01:16 | 000,389,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/05/19 18:14:25 | 010,905,616 | ---- | M] (Simply Super Software ) -- C:\Users\Owner\Desktop\trjsetup682.exe
    [2011/05/18 21:47:38 | 121,973,726 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/05/18 21:40:46 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/18 20:45:53 | 000,434,545 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110518-211027.backup
    [2011/05/18 20:35:03 | 000,434,545 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110518-204553.backup
    [2011/05/18 20:32:28 | 000,434,037 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110518-203503.backup
    [2011/05/18 09:49:17 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
    [2011/05/17 20:03:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/05/17 19:44:38 | 000,000,757 | ---- | M] () -- C:\Users\Owner\Desktop\Startup Optimizer.lnk
    [2011/05/17 19:37:21 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2011/05/16 16:43:43 | 000,008,484 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2011/05/15 20:48:16 | 000,000,474 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2011/05/15 20:47:56 | 000,018,432 | ---- | M] () -- C:\Users\Owner\Documents\chap 9-20.wps
    [2011/05/12 19:21:47 | 000,003,980 | ---- | M] () -- C:\Users\Owner\Documents\baseball2.rtf
    [2011/05/08 14:18:21 | 000,014,336 | ---- | M] () -- C:\Users\Owner\Documents\motrohome.wps
    [2011/05/08 13:05:45 | 000,007,381 | ---- | M] () -- C:\Users\Owner\Documents\in his steps.rtf
    [2011/05/08 12:28:05 | 000,007,559 | ---- | M] () -- C:\Users\Owner\Documents\baseball.rtf
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/19 21:44:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/19 21:44:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/19 21:44:20 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/19 21:44:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/19 21:44:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/19 21:39:06 | 004,351,992 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/05/19 21:27:18 | 001,110,476 | ---- | C] () -- C:\Users\Owner\Desktop\7z920.exe
    [2011/05/19 21:26:25 | 000,039,605 | ---- | C] () -- C:\Users\Owner\Desktop\bootkit_remover.rar
    [2011/05/19 20:58:07 | 001,280,208 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2011/05/19 20:45:51 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
    [2011/05/19 20:44:28 | 000,133,632 | ---- | C] () -- C:\Users\Owner\Desktop\RKUnhookerLE.EXE
    [2011/05/19 19:52:46 | 000,302,080 | ---- | C] () -- C:\Users\Owner\Desktop\015f7plo.exe
    [2011/05/19 19:00:36 | 1877,344,256 | -HS- | C] () -- C:\hiberfil.sys
    [2011/05/19 18:12:45 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{E460A85A-CFCD-4196-9C52-674F5B4C539C}.job
    [2011/05/18 21:47:38 | 121,973,726 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/05/18 21:40:46 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/17 20:03:10 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/05/17 19:44:38 | 000,000,757 | ---- | C] () -- C:\Users\Owner\Desktop\Startup Optimizer.lnk
    [2011/05/16 19:18:34 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2011/05/16 19:16:26 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/05/16 18:32:15 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2011/05/16 18:31:03 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2011/05/15 20:47:56 | 000,018,432 | ---- | C] () -- C:\Users\Owner\Documents\chap 9-20.wps
    [2011/05/12 19:21:47 | 000,003,980 | ---- | C] () -- C:\Users\Owner\Documents\baseball2.rtf
    [2011/05/08 14:18:21 | 000,014,336 | ---- | C] () -- C:\Users\Owner\Documents\motrohome.wps
    [2011/05/08 13:05:45 | 000,007,381 | ---- | C] () -- C:\Users\Owner\Documents\in his steps.rtf
    [2011/05/08 12:28:05 | 000,007,559 | ---- | C] () -- C:\Users\Owner\Documents\baseball.rtf
    [2010/08/21 08:29:29 | 000,000,474 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2010/02/20 12:57:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2010/02/06 23:41:51 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/02/06 23:38:09 | 000,077,376 | ---- | C] () -- C:\Windows\hpqins05.dat
    [2009/10/22 22:34:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/10/22 22:34:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/21 19:48:37 | 000,008,484 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/06/27 22:46:47 | 000,007,168 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/03 08:28:15 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2008/10/25 15:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:47:37 | 000,389,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:33:01 | 000,609,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2011/01/29 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
    [2010/04/27 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Absolutist
    [2010/10/28 19:33:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aerohills
    [2010/09/10 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aisle 5 Games, Inc
    [2009/12/23 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
    [2011/03/11 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Artogon
    [2010/08/20 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Azuaz Games
    [2010/11/01 20:18:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AzuazGames
    [2011/01/10 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Big Fish Games
    [2011/02/01 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Boomzap
    [2010/10/27 19:54:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
    [2010/11/23 21:29:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Casual Mechanics
    [2009/06/29 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\cerasus.media
    [2010/09/23 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/06/08 20:56:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DarkParablesBriarRoseSE_BFG
    [2010/10/31 01:09:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DayTerium
    [2011/04/11 21:15:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DGform
    [2010/10/18 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Elephant Games
    [2010/07/25 21:31:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Enlightenus_iWin
    [2011/02/28 20:02:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ERS Game Studios
    [2010/03/08 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EscapeTheMuseum2
    [2010/08/14 00:57:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flood Light Games
    [2010/03/04 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames
    [2010/11/04 21:41:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FlyWheelGames
    [2010/06/23 19:56:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreezeTag
    [2011/02/17 21:03:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Friday's games
    [2010/05/21 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fugazo
    [2010/03/26 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\funkitron
    [2010/04/20 21:18:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameInvest
    [2009/04/25 18:49:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gamelab
    [2009/12/24 22:29:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GOA
    [2010/12/29 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gogii
    [2011/05/08 19:41:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HdO Adventure
    [2010/05/28 11:37:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iktsoft
    [2011/01/26 20:11:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Islands
    [2010/10/29 18:39:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\JoyBits
    [2010/08/02 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LaJangada
    [2010/02/17 21:52:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Little Games Company
    [2009/07/10 22:40:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ludia
    [2010/10/24 20:03:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MagicIndie
    [2011/03/05 20:28:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\margrave3_full
    [2011/04/11 20:54:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mariaglorum
    [2011/04/17 22:39:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Merscom
    [2011/02/21 20:18:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mystery of Mortlake Mansion
    [2011/01/30 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Namco
    [2011/03/04 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nucleosys
    [2010/08/19 20:17:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Orneon
    [2010/04/14 20:31:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OtherSide Realm of Eons
    [2011/03/18 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Phantasmat_wildgames_se
    [2010/10/31 20:33:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
    [2010/10/23 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayPond
    [2011/03/05 21:45:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Playrix Entertainment
    [2010/04/06 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PoBros
    [2010/07/29 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Quirky Games
    [2010/10/01 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SerpentOfIsis
    [2010/04/05 20:25:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Settlement. Colossus
    [2010/11/07 19:38:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ShinyTales
    [2010/03/27 11:55:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Silverback Productions
    [2010/04/24 21:42:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
    [2010/04/14 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SPORE Creature Creator
    [2009/12/31 21:09:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tandem Games
    [2010/08/21 08:33:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
    [2010/11/13 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TitanicMystery
    [2011/04/09 18:15:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TOMI3
    [2010/06/12 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\V-Games
    [2010/09/02 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VampireSaga
    [2010/09/30 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vogat Interactive
    [2011/03/05 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WendigoStudios
    [2010/06/30 20:03:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangentv1000
    [2010/10/05 12:51:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\World-Loom
    [2011/04/22 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YoudaGames
    [2011/05/19 21:42:33 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/05/20 20:08:52 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E460A85A-CFCD-4196-9C52-674F5B4C539C}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/05/19 22:19:35 | 000,010,081 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/05/20 20:03:13 | 1877,344,256 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/05/20 20:03:12 | 2191,200,256 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/12/12 20:29:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/05 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8O.DLL
    [2010/05/16 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA5.DLL
    [2006/11/05 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8O.DLL
    [2010/05/16 06:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA5.DLL
    [2008/10/06 15:37:30 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp083.dll
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/19 19:53:02 | 000,302,080 | ---- | M] () -- C:\Users\Owner\Desktop\015f7plo.exe
    [2011/05/19 21:27:23 | 001,110,476 | ---- | M] () -- C:\Users\Owner\Desktop\7z920.exe
    [2011/05/19 20:44:17 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2011/05/19 18:47:33 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Owner\Desktop\ATF-Cleaner.exe
    [2011/05/19 20:58:22 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\broni.com.exe
    [2011/05/19 21:39:19 | 004,351,992 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
    [2010/01/07 23:43:31 | 001,924,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Owner\Desktop\install_flash_player.exe
    [2011/05/20 20:10:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/05/19 20:44:28 | 000,133,632 | ---- | M] () -- C:\Users\Owner\Desktop\RKUnhookerLE.EXE
    [2011/05/19 18:14:25 | 010,905,616 | ---- | M] (Simply Super Software ) -- C:\Users\Owner\Desktop\trjsetup682.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/30 21:09:42 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini
    [2011/03/26 12:36:29 | 000,001,152 | ---- | M] () -- C:\Users\Owner\Favorites\HP Games.lnk
    [2011/04/01 22:17:27 | 000,000,104 | ---- | M] () -- C:\Users\Owner\Favorites\Recycle Bin - Shortcut.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/13 20:52:51 | 000,003,391 | ---- | M] () -- C:\ProgramData\dscrane_save.log
    [2011/05/17 19:37:21 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2011/03/13 14:44:09 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
    [2010/10/28 18:34:53 | 000,007,822 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/05/20 20:03:55 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2008/12/03 09:05:53 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2008/10/25 17:10:32 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2008/12/03 09:04:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2008/10/25 17:03:43 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2008/12/03 09:02:53 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2008/12/03 09:05:29 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2008/10/25 17:01:47 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2008/10/25 17:10:00 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2008/12/03 09:06:02 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAutoUpdate" = 0

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:7BFAAE70
    @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:0E22C5DB
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:9BAC4211
    @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:AECF4772
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:8DD20B4A
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:D48500F8
    @Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:D29191BC
    @Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:5A27D490
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E8C44CB4
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:A4AF8D0D
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EE7AAC75
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BF6C81B2
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:981456CB
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:627153F1
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:29C0641D
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A88BE334
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:159A493A
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BF640EE5
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:46A2F27B
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C186F20B
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A8DFD30C
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A4E7D25F
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:48977386
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:BF6A2C54
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3086B95F
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:35629AE6
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:193CB03B
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:CB299F13
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:961B84C5
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:518C333F
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A5241382
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F94BD29B
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B54E4B5A
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:65B8AF94
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:569CEE83
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:3DB6F365
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E2CFA9CD
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E9FAC3AB
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8B4B9596
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E83EE313
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4EEC7800
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C9B05C4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E8117B1
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BDCD0530
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2DF54B62
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C0893153
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6FD3C973
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:512E1728
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CB0AACC9
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:751D6870
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:701B92FB
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:63C29481
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:1D6B18F1
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:8BE7A048
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:F9E10A82
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:28CDD861

    < End of report >
     
  18. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    OTL Extras logfile created on: 5/20/2011 8:12:14 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.01 Gb Total Space | 126.62 Gb Free Space | 57.04% Space Free | Partition Type: NTFS
    Drive D: | 10.88 Gb Total Space | 1.46 Gb Free Space | 13.42% Space Free | Partition Type: NTFS

    Computer Name: ARJSRB650Z | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1287658305-3274667073-239356186-1002]
    "EnableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1287658305-3274667073-239356186-1005]
    "EnableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2AB87DD6-8C11-49FA-932B-5DC53ACB3E42}" = rport=137 | protocol=17 | dir=out | app=system |
    "{467B7373-B948-448E-B58E-6DE30E4A0684}" = rport=138 | protocol=17 | dir=out | app=system |
    "{566D766C-BA9E-465A-B0A4-DF5FF5755C54}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6CC52491-6298-41E3-9DD7-44ED00CEF903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7081CEAA-6E54-489E-A8E5-F52451F82478}" = lport=139 | protocol=6 | dir=in | app=system |
    "{724F52AD-73E1-4D57-9C23-71E6A6E5FBD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{86AC3158-F942-458E-91B1-C0D2688C89D1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{8B372636-C051-45F9-A310-5C9F2C912A55}" = rport=445 | protocol=6 | dir=out | app=system |
    "{BC188FE0-C254-4DB5-B2F9-4724A16DB6CB}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BD73CF99-9567-4B57-95C4-37182A555450}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{C29B1063-4994-435F-AB26-C86221A10EDE}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01C4E269-9612-42E0-80E8-6D986FC38894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{043A46BD-F9FB-4863-BBC3-19B644BAACF0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{0478865C-4CB5-4101-9803-21499C167250}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{0D394DFD-7F91-4BF0-85BB-0A8680A75304}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{116E4D05-1782-4CEC-B486-8C0E36EF5903}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1D67AE23-DD89-4D09-8FF3-DC8F664C2F6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{1D73FA46-5265-4749-8A80-E841FB7A8093}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{1FF9B5FA-F576-4093-AFC7-0A218C7D27C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{3425BE1E-E2DA-401D-BD89-58D9C6833C9C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{3A2131B3-E653-4B42-85FD-9B836B49A831}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{4902CBA3-3773-4B14-B6C8-7E215919B83C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{5E8A85A8-E801-4855-AE90-FDB65B323568}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{6011081E-8FD4-4421-8C58-B43384A01E0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{6342507B-6394-4852-AE6F-1938DC5C17C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{659A3BD9-78A0-487E-ACF2-788121E90E1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{703AED5A-6D8E-4220-82AC-48D09CEDF847}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{71707BC2-742E-4197-B6C0-69381F231D65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{72FF8076-F007-4C96-84E5-075B01AC64CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{8607CA85-5CFE-4E74-8E17-78BDF920BF02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9109620B-2544-43CB-BF38-3E91DC51BDEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{95C3AFDE-8B80-465A-ADF8-B5F90CD85DAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{95D21CA6-8513-4F2F-90F6-0652108752DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{9D5E23FB-B9DF-479C-AF57-032BF7327076}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{9FE8A005-C986-4FDD-8E6F-D0593B9E9570}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{A908DFAB-E50D-4A76-9A52-4E347E51B830}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{A9D9BD6A-D521-4969-9CEA-7FA86370F506}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B1968F4D-1615-42ED-B24E-3898880306CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{C09988B9-1801-45C1-BFC2-C1BAC599F660}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{C34057F0-B14F-4D5C-8D5A-9557B82094E9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{C59A665B-596F-477A-B6BA-C62F08B81E16}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{CD8DF97F-4F89-4C48-B615-E598D26DA689}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{CDD5F31E-EC06-42BC-A460-6F07DD0C04DD}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{D4595DCC-2DE7-42D8-8BEF-BFCBEF6D4A6C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{E3616828-91D7-48F6-BE16-A8A78A7CBC20}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FDFF43C9-337A-4EA6-B76F-B75CD4F61318}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{F557F0B2-5C2C-42EF-805C-048C48960A2F}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "UDP Query User{7BF9904F-7621-4AE5-9569-B4B03A307325}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{71310D9B-7555-44FE-914C-A1B55CB7BC5D}" = Scrapbook
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8780F4A9-3234-42CB-B444-517F314444B1}" = ArcSoft Print Creations
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
    "{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C867F57B-39C1-4341-A164-F569839BCCBF}" = Cards
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AudibleDownloadManager" = Audible Download Manager
    "AudibleManager" = AudibleManager
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Gardenscapes" = Gardenscapes
    "BFG-Royal Trouble" = Royal Trouble
    "Canon MX340 series User Registration" = Canon MX340 series User Registration
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpenAL" = OpenAL
    "Speed Dial Utility" = Canon Speed Dial Utility
    "Startup Optimizer_is1" = Startup Optimizer 1.6
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WildTangent hp Master Uninstall" = HP Games
    "WT083769" = Three Cards to Midnight
    "WT087233" = Shutter Island
    "WT089125" = Epic Adventures - La Jangada
    "WTA-07b716d9-c82e-42e4-93e0-b23cd9e15cd2" = Jade Rousseau The Secret Revelations
    "WTA-1591f2e6-efc4-4e91-907e-c3f16fde6c30" = A Gypsy's Tale: Tower of Secrets
    "WTA-22ffe539-c423-48e5-9920-f1b73bae5223" = Escape from Frankenstein's Castle
    "WTA-37001eb1-76a3-45ac-be03-b6a200e93674" = Unlikely Suspects
    "WTA-3958628d-2329-4699-a727-aec2055e75a6" = Youda Survivor
    "WTA-46e22a83-7c82-4859-9809-c56709871cf8" = Time Riddles: The Mansion
    "WTA-568c5bf5-19f6-497c-98af-13df7748cf70" = Robinson Crusoe and the Cursed Pirates
    "WTA-61437622-e192-40a6-995d-0fc668109c8f" = Enlightenus
    "WTA-74bdbe6b-09f0-4dc3-ad30-68f87f4cc3a0" = Dream Day Wedding - Bella Italia
    "WTA-849c39ca-acfe-4cc6-908e-c5b6e10a1776" = Bigfoot: Chasing Shadows
    "WTA-97ed868c-02c7-4ef4-82f4-6f96dce4c717" = Masquerade Mysteries - Case of the Copycat Curator
    "WTA-98795867-5edd-428d-9c8c-06cbf4a75a30" = The Magician's Handbook 2: BlackLore
    "WTA-9b9ffc42-93ed-4295-ab17-a3207f7f4630" = Mystery of Mortlake Mansion
    "WTA-a5fd0356-725b-4346-b76f-e9afda311872" = Vampire Saga - Pandora's Box
    "WTA-b23d4829-6887-4b69-a52a-3b4720518302" = Star Crossed Love
    "WTA-b8546b95-e90f-43a2-9b02-176d552cc78c" = Barnyard's Sherlock's Hooves
    "WTA-ba3adbe8-6fc8-462a-8aa9-0fc546d9fd4e" = King's Legacy
    "WTA-be39c508-91a6-44e4-a8ea-aa8f57b105dd" = Lost Fortunes
    "WTA-c976ab08-8422-4b43-9110-cf3b3c021329" = Millionaire Manor: The Hidden Object Show 3
    "WTA-d1e395e4-fa11-4432-984c-4224c47a5c5c" = Dream Chronicles - The Book of Air Collector's Edition
    "WTA-d67f8e3e-66d0-428a-9015-37adc7386fa1" = Affair Bureau
    "WTA-f111e05b-e500-467b-a987-b4a41349c2e3" = Phantasmat
    "WTA-f60eb17e-e0d6-4bd4-bdeb-fcdd7c5649aa" = Midnight Mysteries- Salem Witch Trials
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/14/2011 10:32:07 PM | Computer Name = ARJSRB650Z | Source = Windows Search Service | ID = 3026
    Description =

    Error - 4/15/2011 9:37:25 AM | Computer Name = ARJSRB650Z | Source = WinMgmt | ID = 10
    Description =

    Error - 4/17/2011 1:31:38 AM | Computer Name = ARJSRB650Z | Source = WinMgmt | ID = 10
    Description =

    Error - 4/17/2011 1:53:33 PM | Computer Name = ARJSRB650Z | Source = WinMgmt | ID = 10
    Description =

    Error - 4/18/2011 12:46:43 AM | Computer Name = ARJSRB650Z | Source = WinMgmt | ID = 10
    Description =

    Error - 4/18/2011 12:13:54 PM | Computer Name = ARJSRB650Z | Source = WinMgmt | ID = 10
    Description =

    Error - 4/18/2011 11:53:36 PM | Computer Name = ARJSRB650Z | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 4/18/2011 11:53:37 PM | Computer Name = ARJSRB650Z | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 34912992

    Error - 4/18/2011 11:53:37 PM | Computer Name = ARJSRB650Z | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 34912992

    Error - 4/19/2011 9:24:58 PM | Computer Name = ARJSRB650Z | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 2/7/2010 2:39:52 AM | Computer Name = ARJSRB650Z | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 5/19/2011 9:53:28 PM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7001
    Description =

    Error - 5/19/2011 10:02:17 PM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/20/2011 12:45:21 AM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/20/2011 12:50:14 AM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7034
    Description =

    Error - 5/20/2011 12:50:52 AM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7030
    Description =

    Error - 5/20/2011 12:56:11 AM | Computer Name = ARJSRB650Z | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.103.2031.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 5/20/2011 12:59:22 AM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7030
    Description =

    Error - 5/20/2011 1:03:20 AM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7030
    Description =

    Error - 5/20/2011 11:03:25 PM | Computer Name = ARJSRB650Z | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:13:35 PM on 5/19/2011 was unexpected.

    Error - 5/20/2011 11:04:55 PM | Computer Name = ARJSRB650Z | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You didn't say:
     
  20. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    I think its ok so far nothing
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Very well :)

    I'll check your OTL logs now....
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-1287658305-3274667073-239356186-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:7BFAAE70
      @Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:0E22C5DB
      @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:9BAC4211
      @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:AECF4772
      @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:8DD20B4A
      @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:D48500F8
      @Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:D29191BC
      @Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:5A27D490
      @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E8C44CB4
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:A4AF8D0D
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EE7AAC75
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BF6C81B2
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:981456CB
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:627153F1
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:29C0641D
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A88BE334
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:159A493A
      @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BF640EE5
      @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:46A2F27B
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C186F20B
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A8DFD30C
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A4E7D25F
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:48977386
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:BF6A2C54
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3086B95F
      @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:35629AE6
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A02025CE
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:193CB03B
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:CB299F13
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:961B84C5
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:518C333F
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A5241382
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F94BD29B
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B54E4B5A
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:65B8AF94
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:569CEE83
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:3DB6F365
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E2CFA9CD
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E9FAC3AB
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8B4B9596
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E83EE313
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4EEC7800
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3C9B05C4
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0E8117B1
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BDCD0530
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2DF54B62
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C0893153
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6FD3C973
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:512E1728
      @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CB0AACC9
      @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:751D6870
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:701B92FB
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:63C29481
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:1D6B18F1
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:8BE7A048
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:F9E10A82
      @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:28CDD861
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-21-1287658305-3274667073-239356186-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP\WiseCustomCalla.exe deleted successfully.
    C:\Windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP folder deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    ADS C:\ProgramData\Temp:7BFAAE70 deleted successfully.
    ADS C:\ProgramData\Temp:0E22C5DB deleted successfully.
    ADS C:\ProgramData\Temp:9BAC4211 deleted successfully.
    ADS C:\ProgramData\Temp:AECF4772 deleted successfully.
    ADS C:\ProgramData\Temp:8DD20B4A deleted successfully.
    ADS C:\ProgramData\Temp:D48500F8 deleted successfully.
    ADS C:\ProgramData\Temp:D29191BC deleted successfully.
    ADS C:\ProgramData\Temp:5A27D490 deleted successfully.
    ADS C:\ProgramData\Temp:E8C44CB4 deleted successfully.
    ADS C:\ProgramData\Temp:A4AF8D0D deleted successfully.
    ADS C:\ProgramData\Temp:79875988 deleted successfully.
    ADS C:\ProgramData\Temp:EE7AAC75 deleted successfully.
    ADS C:\ProgramData\Temp:BF6C81B2 deleted successfully.
    ADS C:\ProgramData\Temp:981456CB deleted successfully.
    ADS C:\ProgramData\Temp:627153F1 deleted successfully.
    ADS C:\ProgramData\Temp:29C0641D deleted successfully.
    ADS C:\ProgramData\Temp:A88BE334 deleted successfully.
    ADS C:\ProgramData\Temp:159A493A deleted successfully.
    ADS C:\ProgramData\Temp:BF640EE5 deleted successfully.
    ADS C:\ProgramData\Temp:46A2F27B deleted successfully.
    ADS C:\ProgramData\Temp:C186F20B deleted successfully.
    ADS C:\ProgramData\Temp:A8DFD30C deleted successfully.
    ADS C:\ProgramData\Temp:A4E7D25F deleted successfully.
    ADS C:\ProgramData\Temp:48977386 deleted successfully.
    ADS C:\ProgramData\Temp:BF6A2C54 deleted successfully.
    ADS C:\ProgramData\Temp:3086B95F deleted successfully.
    ADS C:\ProgramData\Temp:35629AE6 deleted successfully.
    ADS C:\ProgramData\Temp:A02025CE deleted successfully.
    ADS C:\ProgramData\Temp:193CB03B deleted successfully.
    ADS C:\ProgramData\Temp:CB299F13 deleted successfully.
    ADS C:\ProgramData\Temp:961B84C5 deleted successfully.
    ADS C:\ProgramData\Temp:518C333F deleted successfully.
    ADS C:\ProgramData\Temp:A5241382 deleted successfully.
    ADS C:\ProgramData\Temp:F94BD29B deleted successfully.
    ADS C:\ProgramData\Temp:B54E4B5A deleted successfully.
    ADS C:\ProgramData\Temp:65B8AF94 deleted successfully.
    ADS C:\ProgramData\Temp:569CEE83 deleted successfully.
    ADS C:\ProgramData\Temp:852F2262 deleted successfully.
    ADS C:\ProgramData\Temp:3DB6F365 deleted successfully.
    ADS C:\ProgramData\Temp:E2CFA9CD deleted successfully.
    ADS C:\ProgramData\Temp:E9FAC3AB deleted successfully.
    ADS C:\ProgramData\Temp:8B4B9596 deleted successfully.
    ADS C:\ProgramData\Temp:E83EE313 deleted successfully.
    ADS C:\ProgramData\Temp:4EEC7800 deleted successfully.
    ADS C:\ProgramData\Temp:3C9B05C4 deleted successfully.
    ADS C:\ProgramData\Temp:0E8117B1 deleted successfully.
    ADS C:\ProgramData\Temp:BDCD0530 deleted successfully.
    ADS C:\ProgramData\Temp:2DF54B62 deleted successfully.
    ADS C:\ProgramData\Temp:C0893153 deleted successfully.
    ADS C:\ProgramData\Temp:6FD3C973 deleted successfully.
    ADS C:\ProgramData\Temp:512E1728 deleted successfully.
    ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
    ADS C:\ProgramData\Temp:751D6870 deleted successfully.
    ADS C:\ProgramData\Temp:701B92FB deleted successfully.
    ADS C:\ProgramData\Temp:63C29481 deleted successfully.
    ADS C:\ProgramData\Temp:1D6B18F1 deleted successfully.
    ADS C:\ProgramData\Temp:8BE7A048 deleted successfully.
    ADS C:\ProgramData\Temp:F9E10A82 deleted successfully.
    ADS C:\ProgramData\Temp:28CDD861 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Experience
    ->Temp folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 812 bytes
    ->Temporary Internet Files folder emptied: 438528510 bytes
    ->Java cache emptied: 828507 bytes
    ->Google Chrome cache emptied: 35883712 bytes
    ->Flash cache emptied: 198787 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3804 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 453.00 mb


    [EMPTYFLASH]

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Experience

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05202011_223550

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  24. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.0.42.34
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
  25. bcrens7

    bcrens7 TS Rookie Topic Starter Posts: 40

    im still scaning with ect
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...