also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] "System Check" malware - infected. Recovered... but I'm still crippled!

Discussion in 'Virus and Malware Removal' started by mark118, Jan 12, 2012.

Page 2 of 2

  1. mark118 Newcomer, in training

    Still deleted

    Files are still gone... below is the log file. It lookslike for some reason it tried to delete the folder again. (under other deletions)

    ComboFix 12-01-13.03 - Mark 01/13/2012 16:11:45.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.6174 [GMT -5:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    Command switches used :: c:\users\Mark\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\2076671ee5d0a5323570c92c74abac6f\Process.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\23fe5d76b9491fa255db2281ac7687d5\Service.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\7020d50af327e3fc94b98242c307fc81\Cwd.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\86351894c58e4804ca004825fea78bbb\Encode.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\f48694173221cfa9bad4275e2389b498\Win32.dll
    c:\users\Mark\AppData\Local\Temp\pdk-Mark-3144\perl510.dll
    c:\users\Mark\Media
    c:\users\Mark\Media\Music\desktop.ini
    c:\users\Mark\Media\Music\Sample Music.lnk
    c:\users\Mark\Media\Pictures\desktop.ini
    c:\users\Mark\Media\Pictures\Sample Pictures.lnk
    c:\users\Mark\Media\Videos\desktop.ini
    c:\users\Mark\Media\Videos\Sample Videos.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-13 21:21 . 2012-01-13 21:23 -------- d-----w- c:\users\Mark\AppData\Local\Temp
    2012-01-13 21:21 . 2012-01-13 21:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E7CF3A-5BF5-46D1-9B71-6B82253E160E}\offreg.dll
    2012-01-13 21:20 . 2012-01-13 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-13 07:28 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E7CF3A-5BF5-46D1-9B71-6B82253E160E}\mpengine.dll
    2012-01-12 14:11 . 2012-01-12 19:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-01-12 14:11 . 2012-01-12 19:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-01-12 01:59 . 2012-01-12 18:27 -------- d-----w- C:\sh4ldr
    2012-01-12 01:59 . 2012-01-12 01:59 -------- d-----w- c:\program files\Enigma Software Group
    2012-01-12 01:58 . 2012-01-12 18:27 -------- d-----w- c:\windows\89A072791DB3485AB1DF584DF86774B9.TMP
    2011-12-26 13:36 . 2011-12-26 13:36 -------- d-----w- c:\program files\iPod
    2011-12-26 13:36 . 2011-12-26 13:37 -------- d-----w- c:\program files\iTunes
    2011-12-26 13:32 . 2011-12-26 13:32 -------- d-----w- c:\program files (x86)\Bonjour
    2011-12-26 13:32 . 2011-12-26 13:32 -------- d-----w- c:\program files\Bonjour
    2011-12-26 13:29 . 2011-12-26 13:29 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-12-15 13:04 . 2011-12-15 13:04 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-03 17:52 . 2009-05-03 17:52 74737 ----a-w- c:\program files (x86)\Uninstal.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-13_20.38.46 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 03:20 . 2012-01-13 20:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-01-21 03:20 . 2012-01-13 21:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2012-01-13 20:38 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2012-01-13 21:22 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2012-01-13 21:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-01-21 03:20 . 2012-01-13 20:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2012-01-13 21:24 62090 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2012-01-13 21:24 75212 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-03 01:39 . 2012-01-13 21:24 13944 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3867335980-3509603360-33153671-1000_UserData.bin
    + 2010-02-22 22:37 . 2012-01-13 21:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-22 22:37 . 2012-01-12 22:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-22 22:37 . 2012-01-12 22:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-02-22 22:37 . 2012-01-13 21:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-22 22:37 . 2012-01-12 22:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-22 22:37 . 2012-01-13 21:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-10-07 23:05 . 2012-01-12 12:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-07 23:05 . 2012-01-13 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-10-07 23:05 . 2012-01-12 12:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-10-07 23:05 . 2012-01-13 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-01-13 20:37 . 2012-01-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-01-13 21:21 . 2012-01-13 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-13 20:37 . 2012-01-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-01-13 21:21 . 2012-01-13 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 12:46 . 2012-01-13 17:40 607168 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2012-01-13 20:45 607168 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2012-01-13 17:40 104808 c:\windows\system32\perfc009.dat
    + 2006-11-02 12:46 . 2012-01-13 20:45 104808 c:\windows\system32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    2010-12-30 14:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBit1.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBit1.dll" [2010-12-30 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-09-16 17601536]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-19 1041920]
    Squeezebox Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2011-2-6 2351191]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-13 c:\windows\Tasks\User_Feed_Synchronization-{BCD208F4-7D0F-4A27-9114-A79A3EC47B7A}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc64.dll" [2008-10-07 724512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 15934496]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 82464]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 134416]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.cnn.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: xmradio.com\player
    Trusted Zone: xmradio.com\www
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
    @Denied: (A 2) (Everyone)
    @="FlashProp Class"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe
    c:\progra~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
    c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe
    c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-13 16:32:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-13 21:32
    ComboFix2.txt 2012-01-13 20:49
    .
    Pre-Run: 217,487,691,776 bytes free
    Post-Run: 217,953,648,640 bytes free
    .
    - - End Of File - - 82D5CCB5152F7ADF0C0E836D670AB088
    mark118, Jan 13, 2012
    #21

  2. Broni Malware Annihilator

    Please pay attention.
    You didn't create script I posted in my previous reply.
    Redo.

    When DeQuarantine.txt log is created do NOT run Combofix anymore.
    Broni, Jan 13, 2012
    #22

  3. mark118 Newcomer, in training

    I will do it again. I did exactly as instructed before, copy and pasted the given code int notpad, saved it as CFScript.txt and drag and droppped onto the icon... and the Combofix ran again.



    I will do it again and let you know.
    mark118, Jan 13, 2012
    #23

  4. mark118 Newcomer, in training

    looks like it worked

    The last time i did it, the DeQuarantine.txt came up, and all my files were back. Thank you very much.

    Is there anything else I have to do?
    mark118, Jan 13, 2012
    #24

  5. Broni Malware Annihilator

    Yes.

    First of all....how is computer doing?

    Then....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Jan 13, 2012
    #25

  6. mark118 Newcomer, in training

    Logs

    Hey Broni,

    Everything seems to be back to normal. All program folders are back, so far no redirect in IE. I'm glad I came across this forum.... I was concidering formatting and starting over. :)

    Here are the logs as requested (split into 2 replies), let me know what I have to do next.

    OTL logfile created on: 1/14/2012 8:16:16 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 69.78% Memory free
    16.06 Gb Paging File | 13.77 Gb Available in Paging File | 85.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 156.30 Gb Free Space | 33.56% Space Free | Partition Type: NTFS

    Computer Name: THEGUNSHOW | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/14 08:13:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/24 07:33:04 | 002,351,191 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
    PRC - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () -- C:\Program Files (x86)\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
    PRC - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    PRC - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    PRC - [2008/07/23 20:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
    PRC - [2007/04/23 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/13 22:56:46 | 000,024,698 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\23fe5d76b9491fa255db2281ac7687d5\Service.dll
    MOD - [2012/01/13 22:56:45 | 000,073,825 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
    MOD - [2012/01/13 22:56:44 | 000,090,222 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
    MOD - [2012/01/13 22:56:44 | 000,024,673 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
    MOD - [2012/01/13 22:56:42 | 000,041,064 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\f48694173221cfa9bad4275e2389b498\Win32.dll
    MOD - [2012/01/13 22:56:42 | 000,020,587 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
    MOD - [2012/01/13 22:56:41 | 000,086,141 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
    MOD - [2012/01/13 22:56:41 | 000,020,573 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\7020d50af327e3fc94b98242c307fc81\Cwd.dll
    MOD - [2012/01/13 22:56:40 | 000,163,971 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
    MOD - [2012/01/13 22:56:37 | 000,024,671 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
    MOD - [2012/01/13 22:56:36 | 000,032,872 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
    MOD - [2012/01/13 22:56:36 | 000,028,794 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\2076671ee5d0a5323570c92c74abac6f\Process.dll
    MOD - [2012/01/13 22:56:35 | 000,036,963 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\86351894c58e4804ca004825fea78bbb\Encode.dll
    MOD - [2012/01/13 22:56:33 | 000,028,771 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/07/23 20:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
    MOD - [2008/04/15 13:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
    MOD - [2007/04/23 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    MOD - [2006/01/10 03:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2005/05/11 19:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\pngio.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/05/28 08:27:32 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/09/30 16:53:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
    SRV - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/05/28 08:27:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/04/03 12:01:08 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/02/23 08:57:04 | 000,280,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/02/23 08:57:01 | 000,505,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/02/23 08:55:53 | 000,053,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/02/23 08:55:13 | 000,031,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/02/23 08:55:05 | 000,064,344 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/02/23 08:54:58 | 000,022,360 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
    DRV:64bit: - [2010/12/02 22:30:36 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
    DRV:64bit: - [2008/09/07 22:11:58 | 001,018,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2008/08/06 03:26:08 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
    DRV:64bit: - [2007/04/11 15:35:30 | 000,056,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2007/04/11 15:35:22 | 000,053,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2007/04/11 15:34:58 | 000,035,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
    DRV:64bit: - [2006/11/01 18:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
    DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    O1 HOSTS File: ([2012/01/13 16:23:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
    O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([player] http in Trusted sites)
    O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([www] http in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22470FE-C567-4958-9D55-53AFAD0C300A}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Mark\Media\Pictures\Wallpapers\new\fresh_lime-1920x1080.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/01/11 21:00:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/14 08:13:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/01/13 17:55:32 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/01/13 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\Media
    [2012/01/13 16:23:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/13 16:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
    [2012/01/13 15:03:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/13 15:03:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/13 15:03:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/13 15:03:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/13 15:02:31 | 004,382,027 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/01/13 15:01:54 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\virus fix files
    [2012/01/12 09:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/01/12 09:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/01/11 20:59:31 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/01/11 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2011/12/26 08:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/26 08:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/26 08:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/12/26 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/12/26 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/12/26 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/14 08:16:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BCD208F4-7D0F-4A27-9114-A79A3EC47B7A}.job
    [2012/01/14 08:13:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/01/14 06:55:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/14 06:55:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/13 19:03:50 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/13 19:03:49 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/13 19:03:49 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/13 18:55:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/13 16:23:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/01/13 15:02:36 | 004,382,027 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/01/13 12:32:44 | 590,350,989 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/12 13:23:45 | 000,000,212 | ---- | M] () -- C:\Users\Mark\Desktop\system check malware-virus - Malwarebytes removed it, but Im still crippled... can you help - Malwarebytes Forum.url
    [2012/01/12 12:26:10 | 000,000,132 | ---- | M] () -- C:\Users\Mark\Desktop\System Check Malware partially removed, not completely gone - TechSpot OpenBoards.url
    [2012/01/12 12:19:56 | 000,000,329 | ---- | M] () -- C:\Users\Mark\Desktop\AVG Forums - System Check Virus - Need Help.url
    [2012/01/12 12:13:19 | 000,000,214 | ---- | M] () -- C:\Users\Mark\Desktop\program files emptied. NEED HELP PLEASE..url
    [2012/01/11 21:00:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2012/01/11 16:55:26 | 000,000,629 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/26 11:47:33 | 000,000,219 | ---- | M] () -- C:\Users\Mark\Desktop\Portal.url
    [2011/12/26 11:47:33 | 000,000,219 | ---- | M] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode Two.url
    [2011/12/26 11:47:33 | 000,000,219 | ---- | M] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode One.url
    [2011/12/26 08:37:17 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/17 08:21:37 | 000,000,206 | ---- | M] () -- C:\Users\Mark\Desktop\YouTube - nick jr intro.url
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/13 15:10:06 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/01/13 15:10:06 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    [2012/01/13 15:10:06 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
    [2012/01/13 15:10:00 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 6.0.lnk
    [2012/01/13 15:10:00 | 000,002,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
    [2012/01/13 15:10:00 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
    [2012/01/13 15:10:00 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
    [2012/01/13 15:10:00 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/01/13 15:10:00 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
    [2012/01/13 15:10:00 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
    [2012/01/13 15:10:00 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/01/13 15:10:00 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
    [2012/01/13 15:10:00 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/01/13 15:10:00 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
    [2012/01/13 15:10:00 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2012/01/13 15:10:00 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
    [2012/01/13 15:10:00 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/01/13 15:10:00 | 000,001,335 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
    [2012/01/13 15:10:00 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
    [2012/01/13 15:10:00 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
    [2012/01/13 15:10:00 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
    [2012/01/13 15:10:00 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk
    [2012/01/13 15:10:00 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
    [2012/01/13 15:10:00 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
    [2012/01/13 15:10:00 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
    [2012/01/13 15:10:00 | 000,000,968 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/13 15:10:00 | 000,000,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/01/13 15:10:00 | 000,000,780 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora.lnk
    [2012/01/13 15:10:00 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
    [2012/01/13 15:10:00 | 000,000,240 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/01/13 15:09:59 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/01/13 15:09:59 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2008.lnk
    [2012/01/13 15:09:59 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/13 15:09:59 | 000,000,973 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/13 15:09:59 | 000,000,968 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/01/13 15:09:59 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/01/13 15:09:59 | 000,000,258 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/01/13 15:03:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/13 15:03:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/13 15:03:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/13 15:03:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/13 15:03:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/12 13:01:12 | 000,000,212 | ---- | C] () -- C:\Users\Mark\Desktop\system check malware-virus - Malwarebytes removed it, but Im still crippled... can you help - Malwarebytes Forum.url
    [2012/01/12 12:26:10 | 000,000,132 | ---- | C] () -- C:\Users\Mark\Desktop\System Check Malware partially removed, not completely gone - TechSpot OpenBoards.url
    [2012/01/12 09:53:19 | 000,000,214 | ---- | C] () -- C:\Users\Mark\Desktop\program files emptied. NEED HELP PLEASE..url
    [2012/01/11 22:01:03 | 000,000,329 | ---- | C] () -- C:\Users\Mark\Desktop\AVG Forums - System Check Virus - Need Help.url
    [2012/01/11 21:00:13 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2012/01/11 16:55:26 | 000,000,629 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/26 11:47:33 | 000,000,219 | ---- | C] () -- C:\Users\Mark\Desktop\Portal.url
    [2011/12/26 11:47:33 | 000,000,219 | ---- | C] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode Two.url
    [2011/12/26 11:47:33 | 000,000,219 | ---- | C] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode One.url
    [2010/02/06 15:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll
    [2009/08/22 16:19:11 | 000,005,610 | ---- | C] () -- C:\Windows\unpsd.ini
    [2009/06/02 16:53:52 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2009/05/03 12:52:52 | 000,074,737 | ---- | C] () -- C:\Program Files (x86)\Uninstal.exe
    [2009/03/29 15:27:12 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/03/05 10:20:40 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/03/05 10:20:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2009/03/04 21:34:47 | 000,024,465 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2009/03/04 21:33:47 | 000,024,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009/03/04 19:45:31 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2009/03/04 19:45:31 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2009/03/04 19:45:27 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2009/03/04 19:45:27 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2009/03/02 21:19:25 | 000,019,968 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/02 20:42:14 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2009/03/02 20:38:16 | 000,001,460 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps64.dat
    [2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/06/11 12:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/06/11 12:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/06/11 12:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/06/05 11:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2007/12/28 02:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2009/04/09 15:47:32 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Autodesk
    [2012/01/06 08:05:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BitTorrent
    [2010/09/17 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
    [2010/02/07 09:38:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DNA
    [2010/10/07 11:56:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LaunchPad
    [2010/02/06 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\nCleaner
    [2011/12/04 09:20:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Spotify
    [2010/10/09 13:20:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TechWizard
    [2012/01/13 18:54:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/01/14 08:16:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BCD208F4-7D0F-4A27-9114-A79A3EC47B7A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/02/18 17:25:40 | 000,028,830 | ---- | M] () -- C:\aaw7boot.log
    [2012/01/11 21:00:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2009/03/03 09:19:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2009/09/17 14:52:36 | 000,000,131 | ---- | M] () -- C:\DeletePrintJobs.cmd
    [2012/01/13 18:38:15 | 001,859,091 | ---- | M] () -- C:\DeQuarantine.txt
    [2007/05/02 04:53:35 | 000,355,416 | ---- | M] (Hewlett-Packard) -- C:\hpzids40.dll
    [2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/01/13 18:55:45 | 312,602,622 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/04 19:48:17 | 000,000,046 | ---- | M] () -- C:\splash.idx
    [2008/09/22 18:54:48 | 000,005,632 | ---- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 10:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2004/12/01 11:30:31 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\motd.txt
    [2004/12/01 11:24:42 | 000,000,955 | ---- | M] () -- C:\Program Files (x86)\readme.txt
    [2009/05/03 12:52:52 | 000,074,737 | ---- | M] () -- C:\Program Files (x86)\Uninstal.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/13 15:02:36 | 004,382,027 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/01/14 08:13:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2009/03/04 20:09:52 | 000,721,912 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Mark\gotomypc_428.exe

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/03/02 20:38:28 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/13 15:58:38 | 000,002,889 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/10/06 15:52:53 | 000,000,008 | -H-- | M] ()(C:\S??l????.txt) -- C:\Şოϊłοժоռ.txt
    [2011/10/06 15:52:51 | 000,000,008 | -H-- | C] ()(C:\S??l????.txt) -- C:\Şოϊłοժоռ.txt

    < End of report >
    mark118, Jan 14, 2012
    #26

  7. mark118 Newcomer, in training

    extras

    OTL Extras logfile created on: 1/14/2012 8:16:16 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 69.78% Memory free
    16.06 Gb Paging File | 13.77 Gb Available in Paging File | 85.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 156.30 Gb Free Space | 33.56% Space Free | Partition Type: NTFS

    Computer Name: THEGUNSHOW | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Classes\<extension>]
    .scr [@ = AutoCADScriptFile] -- C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
    "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
    "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
    "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
    "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
    "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
    "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
    "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
    "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
    "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
    "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
    "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
    "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
    "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
    "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
    "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
    "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
    "9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
    "9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
    "9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
    "9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
    "9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
    "9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
    "9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
    "9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
    "9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
    "9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
    "9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
    "8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
    "10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
    "9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
    "3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
    "3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Users\Mark\BitTorrent\bittorrent.exe" = C:\Users\Mark\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
    "C:\Users\Mark\BitTorrent\bittorrent.exe" = C:\Users\Mark\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09EB798A-F799-4032-9058-01FBAF621237}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1464AFC2-4977-4F62-A3F3-4EA52ED736E4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{29211770-D225-46D8-A204-2A0FCEE1B482}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{3F87FF1C-0BD5-4D53-B0D1-0465CCE77E25}" = rport=445 | protocol=6 | dir=out | app=system |
    "{439BB7B4-CE61-4D9F-AF6C-B1AD4146A80F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5150B380-D604-42DA-BE4C-D63E7613F472}" = rport=138 | protocol=17 | dir=out | app=system |
    "{850E8AB6-1957-4EA8-90F4-3BBCB5BDCD98}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8EE6F3F0-3BB5-4554-BAE8-F32CCB91A87F}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A4DBA163-240E-4562-9796-AEF53E3CD943}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BF3563EA-E25C-4CED-853F-24050F3B70E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D5A63AF8-741E-40D7-88A7-AA802E88E975}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{F740F000-F64F-488D-BB6A-07A2C2E605F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{011B025D-5F19-490E-81ED-0A95C38B25D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{017162BB-4899-4EE4-A286-FB5412CAB176}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{02207E64-E373-40F1-98DE-FC26544565DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{03763B90-34BE-4E8A-8FE5-F8763BF52BE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{06A1CE33-B2CE-4377-802C-681704B7DF1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0B70425F-6D23-4CD7-BBBB-1461B5B63C99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0F9ADA8D-1AC3-41A3-AD95-593D37110D3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{10221D5D-C5E9-4A56-AD43-E94419BC0E57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{11B19A1E-D310-480D-A431-B5A163C76B58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1247C7C6-6EAA-42A6-9476-91E96B757775}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{180F40E6-B26D-41A1-AB97-C2C273947C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
    "{19507FA4-8486-4D22-BC2F-B32B9E88B5C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2C5EFEA9-0BD2-447B-ACEF-946CA9ED3E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{2DE4D49B-83A4-4F9A-83F3-F34E6072F563}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3151F735-6596-44EB-BD40-0A1E519A70DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{500BFE5F-42CF-4F73-A824-9017851194DF}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{503A8E75-E0C7-4C97-866C-7303E732DBB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{524B1457-2CE2-437B-AFA9-890306A63B23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{56EA1E61-65FC-4DA0-BFEC-F4E90D06407C}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{56FE03FE-F6BC-49B2-8C05-16655BAF3FAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{580E1DF3-AF13-4B6C-A8FD-E2DFA08B6C45}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5A4C30BD-AEA7-4E62-9035-52C1CD474F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{63065ED5-0AFF-40DA-BEAC-8C4C37C052DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{650C34E9-973C-41C3-BB4B-D438D066AFF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6567B540-69A5-4A6B-B097-900920FB0DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
    "{65DCE4BC-2702-430F-9875-27DE07F47480}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{6945E4F5-572C-4DC2-B358-83A4A9880395}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\fear perseus mandate\fearxp2.exe |
    "{6A33E333-BBCA-4A26-AE01-7E487D2FBFEE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{6A59BC20-221D-4830-A87A-A8487D49276A}" = protocol=17 | dir=in | app=c:\users\mark\bittorrent\bittorrent.exe |
    "{71E9B24D-841B-47ED-BF3F-567F9A2C6884}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{7C924257-F067-4271-B6BA-F79AA5255103}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8511AD74-5A47-49B0-A4AA-8B6CB4E68B21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8B5F92F1-57E2-4BC4-9E2D-4EB9002EE6F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{8EC83BDD-092B-44B4-9B26-2EE1AB69B490}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{8EE5071F-FC66-4CCD-8EFA-940E61B1926B}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
    "{8FB036CE-2EC6-4F8E-A3C1-8690F12B640E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{90506CB4-93D4-4513-9D34-E043D79DF11F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{96CF31B6-709C-4DFC-9A84-2EDD957CCB64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{97E3FB79-5FBA-4414-989E-6E1865E2C77B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{9E02DE32-912B-44A0-ABDE-97F9FE672D33}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{9E1E78D5-1351-4692-9FF3-1A01297C8637}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{A0A77E83-2BDB-486A-891F-E388239AA5EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{A4E90255-7A96-4FC3-A67A-8E4C0DEB16BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AFC623D5-19E1-4A6D-8E82-AD471E0CAB07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B11B9DB8-4524-4A4F-9716-78BF9D7A1027}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{B68B5F7A-B71E-47DD-A3B0-56FD994542F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B93144DF-B85C-4C50-AE0B-F79DEC6E6594}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B938D9C9-3A6B-4958-892D-48450ABCD035}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
    "{BB78357B-2695-4BDA-AF98-59A879552DB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C375BDCB-3BC5-4555-8B07-723814D699F9}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
    "{C4365814-BD06-4790-B68A-983085BA9963}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C5E5652D-B1A1-4938-88BE-C2F689B5097B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
    "{CA3F772D-D0B7-4601-8A83-C881B96C5781}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D2194848-8190-4F42-9B59-2F1628B18ACC}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
    "{D5EBEDAA-3CE7-44DD-88EE-6772350CE896}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{D8ECC807-FF32-4FF3-8F35-F660EB15A0CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
    "{DD27CAAF-E16C-4F6F-AAA0-21EAC8FCC1E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DEEB62F8-6DB3-4F89-B731-9DF5A40A7ED7}" = protocol=6 | dir=in | app=c:\users\mark\bittorrent\bittorrent.exe |
    "{DF8A28F6-C752-4D8E-8B69-F0D40C2097BA}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "{E07C6232-140E-405F-A012-0B58BE498EF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E9623858-715B-4A8C-89C6-76E848697C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
    "{E99E1EF3-D921-4B77-8D9C-E931EBA3D7F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EFB0C883-7D7F-433B-A584-3D39D864154C}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\fear perseus mandate\fearxp2.exe |
    "{F61D9218-54E8-4AD4-BCC9-0FE4F18287F6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{F676FDF5-ECD3-465F-96D0-A812F3A9923D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FC118827-BA1E-4F19-9E30-692E24E71FCF}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{812F5B09-D0BA-4036-A63E-69238EF22ECA}" = Microsoft Corporation
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}" = HP Officejet 6500 E710n-z Basic Device Software
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPOCR" = HP OCR Software 9.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
    "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
    "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
    "{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6916E491-8BBF-4E8A-AFAD-D01307C059E5}" = Vz In Home Agent
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
    "{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
    "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
    "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}" = Verizon Download Manager
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "AutoCAD 2008 - English" = AutoCAD 2008 - English
    "avast" = avast! Free Antivirus
    "BitTorrentBar Toolbar" = BitTorrentBar Toolbar
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Half-Life 2 Deathmatch Create Server Mod" = Half-Life 2 Deathmatch Create Server Mod
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "*******_3D_screensaver1" = *******_3D_screensaver1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "nCleaner" = nCleaner second 2.3.4.0
    "OpenAL" = OpenAL
    "PrintScreenDeluxe" = Print Screen Deluxe
    "SpeedFan" = SpeedFan (remove only)
    "Spotify" = Spotify
    "Squeezebox Server_is1" = Squeezebox Server 7.5.3
    "Steam App 13210" = Unreal Tournament 3: Black Edition
    "Steam App 16450" = F.E.A.R. 2: Project Origin
    "Steam App 220" = Half-Life 2
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 400" = Portal
    "Steam App 420" = Half-Life 2: Episode Two
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/30/2010 5:19:52 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 5:22:15 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 5:22:15 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 5:22:16 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 5:22:16 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 5:32:01 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 5:32:01 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 8:33:11 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 8:33:11 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    Error - 7/30/2010 8:33:23 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

    [ Media Center Events ]
    Error - 2/22/2010 6:35:37 PM | Computer Name = TheGunShow | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 4/2/2010 1:31:36 PM | Computer Name = TheGunShow | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/13/2012 4:59:56 PM | Computer Name = TheGunShow | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ OSession Events ]
    Error - 10/29/2011 6:04:08 AM | Computer Name = TheGunShow | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 721751
    seconds with 1560 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/13/2012 6:50:32 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/13/2012 6:50:32 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/13/2012 6:55:26 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7034
    Description =

    Error - 1/13/2012 6:55:26 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7034
    Description =

    Error - 1/13/2012 6:55:26 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7034
    Description =

    Error - 1/13/2012 7:55:59 PM | Computer Name = TheGunShow | Source = HTTP | ID = 15016
    Description =

    Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7009
    Description =

    Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
    mark118, Jan 14, 2012
    #27

  8. Broni Malware Annihilator

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([player] http in Trusted sites)
O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([www] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Jan 14, 2012
    #28

  9. mark118 Newcomer, in training

    excellent, thank you.

    Here is the OTL fix log

    I will new permorm the other tasks and post log when done.
    mark118, Jan 14, 2012
    #29

  10. mark118 Newcomer, in training

    Here are the last 2 logs... ESET found no problems.. so no log to report.

    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    nCleaner second 2.3.4.0
    Java(TM) 6 Update 30
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Alwil Software Avast5 AvastSvc.exe
    ``````````End of Log````````````






    Farbar Service Scanner
    Ran by Mark (administrator) on 14-01-2012 at 13:25:39
    Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll
    [2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\SysWOW64\dhcpcsvc.dll
    [2008-01-20 21:48] - [2008-01-20 21:48] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

    C:\Windows\System32\drivers\afd.sys
    [2011-06-16 03:35] - [2011-04-21 08:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A

    C:\Windows\System32\drivers\tdx.sys
    [2008-01-20 21:49] - [2008-01-20 21:49] - 0094208 ____A (Microsoft Corporation) 8C39C72E0E853DE04748C0337D9B9216

    C:\Windows\System32\Drivers\tcpip.sys
    [2010-08-11 21:09] - [2010-06-16 11:40] - 1420176 ____A (Microsoft Corporation) 7D86275FB640011B372FD566C0EAFA8D

    C:\Windows\System32\dnsrslvr.dll
    [2011-04-15 14:45] - [2011-03-02 10:10] - 0117760 ____A (Microsoft Corporation) DAF05293C1264E251D3A25E7E24B2DDF

    C:\Windows\System32\mpssvc.dll
    [2008-01-20 21:49] - [2008-01-20 21:49] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA

    C:\Windows\System32\bfe.dll
    [2008-01-20 21:50] - [2008-01-20 21:50] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

    C:\Windows\System32\vssvc.exe
    [2008-01-20 21:50] - [2008-01-20 21:50] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629

    C:\Windows\System32\wscsvc.dll
    [2008-01-20 21:47] - [2008-01-20 21:47] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8

    C:\Windows\System32\wbem\WMIsvc.dll
    [2008-01-20 21:50] - [2008-01-20 21:50] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C

    C:\Windows\System32\wuaueng.dll
    [2009-10-01 22:52] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

    C:\Windows\System32\qmgr.dll
    [2008-01-20 21:50] - [2008-01-20 21:50] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58

    C:\Windows\System32\es.dll
    [2009-03-04 22:18] - [2008-04-17 23:42] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66

    C:\Windows\System32\cryptsvc.dll
    [2008-01-20 21:49] - [2008-01-20 21:49] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-04-16 20:00] - [2009-03-02 23:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C



    **** End of log ****
    mark118, Jan 14, 2012
    #30

  11. Broni Malware Annihilator

    I don't see any log from OTL fix.
    Broni, Jan 14, 2012
    #31

  12. mark118 Newcomer, in training

    wrong log......
    mark118, Jan 14, 2012
    #32

  13. Broni Malware Annihilator

    That's incorrect.
    You clicked on "Scan" button instead of "Fix" button.
    Redo.
    Broni, Jan 14, 2012
    #33

  14. mark118 Newcomer, in training

    that was the wrong log sorry. Here is the correct one.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xmradio.com\player\ not found.
    Registry key HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xmradio.com\www\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 1804841 bytes
    ->Temporary Internet Files folder emptied: 16510062 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7024 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 18.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Mark
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01142012_154159

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1B47.tmp not found!
    File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1B4F.tmp not found!
    File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1BC7.tmp not found!
    File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1BCF.tmp not found!
    File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1C19.tmp not found!
    File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1C29.tmp not found!
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B43BEAAD-8C61-459D-BF20-5008B44B0012}.tmp moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\getAds[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\getForecast[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\grab[1].cur moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\like[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\map_iframe[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\showthread[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\like[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\map_iframe[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\qseg[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\site=cnn&cnn_pagetype=mmst&cnn_position=300x150_rgt&cnn_rollup=world&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\Type=click&FlightID=412577&AdID=599682&TargetID=112280&Values=1588&Redirect=;ord=tayKnq,bhrdyjNcnARab[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\xd_proxy[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPSTEXET\12[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPSTEXET\ping[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\ai[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\def[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\facebook_com[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\getForecast[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\index[1].html moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\MoreStoriesPagelet[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\pass[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\site=cnn&cnn_pagetype=mmst&cnn_position=336x850_rgt&cnn_rollup=world&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
    C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\site=cnn&cnn_pagetype=mmst&cnn_position=607x95_adlinks&cnn_rollup=world&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2I7FQ7E\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZEVYKBA\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IYFP1WC\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QRCKICF\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    mark118, Jan 14, 2012
    #34

  15. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Jan 14, 2012
    #35

  16. mark118 Newcomer, in training

    Ok, here is the last log... I will run throught the other tasks later today...
    mark118, Jan 15, 2012
    #36

  17. Broni Malware Annihilator

    I see no log.....
    Broni, Jan 15, 2012
    #37

  18. Broni Malware Annihilator

    The issue seems to be resolved.
    Broni, Jan 21, 2012
    #38
Page 2 of 2