Solved Cannot install Malwarebytes Anti-Malware: Access is denied

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FireFox::
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.defau lt\
FF - prefs.js: network.proxy.http_port - 55192

Folder::
c:\users\Kristopher\AppData\Roaming\LkkkIVVrlON
c:\users\Kristopher\AppData\Roaming\h222iibD3pnG
c:\users\Kristopher\AppData\Roaming\zhhYYXwkUVelOtP
c:\users\Kristopher\AppData\Roaming\OYYYXwwkUVeOBzP
c:\users\Kristopher\AppData\Roaming\akkUUVrrlOtxP
c:\users\Kristopher\AppData\Roaming\KaaaQHH6dWKfRLg
c:\users\Kristopher\AppData\Roaming\mCCeekIBBrONyA0
c:\users\Kristopher\AppData\Roaming\j11uuvSS2oF3pG5
c:\users\Kristopher\AppData\Roaming\ElllIBBrzPNyA1v
c:\users\Kristopher\AppData\Roaming\ONNNyxxA1u
c:\users\Kristopher\AppData\Roaming\RooonFF4pmH5QJd
c:\users\Kristopher\AppData\Roaming\dmmHH5ssWJ7ELgR
c:\users\Kristopher\AppData\Roaming\TCwwwkUVrlOBtPy
c:\users\Kristopher\AppData\Roaming\Y11iibDD3oG4aH6
c:\users\Kristopher\AppData\Roaming\JQQQH66sWK7EL9T
c:\users\Kristopher\AppData\Roaming\iuuccS22ib3pn4a
c:\users\Kristopher\AppData\Roaming\kGGG5aaQH6dK7f
c:\users\Kristopher\AppData\Roaming\rTTXXwjjUClIBzP
c:\users\Kristopher\AppData\Roaming\klllOOBtzP0yA1v
c:\users\Kristopher\AppData\Roaming\wFF44ammH5sJ7EL
c:\users\Kristopher\AppData\Roaming\lxxPP0uucSib
c:\users\Kristopher\AppData\Roaming\CKKK7ffEL9gZqYC
c:\users\Kristopher\AppData\Roaming\LuuucSS1ibD3nGa
c:\users\Kristopher\AppData\Roaming\yIIVrllONtx0uc1
c:\users\Kristopher\AppData\Roaming\HKK77fEEL9g
c:\users\Kristopher\AppData\Roaming\tTTXXqjYYCkIVzN
c:\users\Kristopher\AppData\Roaming\kS22iibF3pn
c:\users\Kristopher\AppData\Roaming\d5sssQJ6d
c:\users\Kristopher\AppData\Roaming\ZUVVeelIBtzP
c:\users\Kristopher\AppData\Roaming\X77ddEKK8gZ9hXw
c:\users\Kristopher\AppData\Roaming\zyyycAA1ivDon
c:\users\Kristopher\AppData\Roaming\f55ssQJ7dE
c:\users\Kristopher\AppData\Roaming\BYCCeekIVrzONx0
c:\users\Kristopher\AppData\Roaming\x333pnnG4aQ6sK
c:\users\Kristopher\AppData\Roaming\cYCCwwkIVrlONx0
c:\users\Kristopher\AppData\Roaming\i666sWWK7fE9gZq
c:\users\Kristopher\AppData\Roaming\zRRRZqqhYXwUVlO
c:\users\Kristopher\AppData\Roaming\jH55sWWJ7dELgRq
c:\users\Kristopher\AppData\Roaming\BkkUUVrrlOBxPyc
c:\users\Kristopher\AppData\Roaming\o00uucS11iD3oG4
c:\users\Kristopher\AppData\Roaming\gaaQQH66sWKfE9g
c:\users\Kristopher\AppData\Roaming\oqqqjjYCwkIVlOt
c:\users\Kristopher\AppData\Roaming\SbbbF33pnG5aH6W
c:\users\Kristopher\AppData\Roaming\ySS22ibFF3nG5Q6
c:\users\Kristopher\AppData\Roaming\DfRRLL9hTXq
c:\users\Kristopher\AppData\Roaming\qxxAA1uvv2obFpG
c:\users\Kristopher\AppData\Roaming\gEKK88fRZ9hTwjC
c:\users\Kristopher\AppData\Roaming\kQQQJ66dEK8fZ9T
c:\users\Kristopher\AppData\Roaming\EddE8gRZ9h
c:\users\Kristopher\AppData\Roaming\gellOOBtzP0
c:\users\Kristopher\AppData\Roaming\FsWWJJ7dEL8gRqY
c:\users\Kristopher\AppData\Roaming\kOOBBtxxP0yS1vD
c:\users\Kristopher\AppData\Roaming\zG44aamH6s
c:\users\Kristopher\AppData\Roaming\CwwkkIVVrlNtx0
c:\users\Kristopher\AppData\Roaming\appnnG44aQHsW7f
c:\users\Kristopher\AppData\Roaming\ISSS2iibF3pG5QH
c:\users\Kristopher\AppData\Roaming\c222ibbD3pnGaQ6
c:\users\Kristopher\AppData\Roaming\ljjjYCCwkIVlOtx


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Sorry, was having hangups with Combofix completing ;

ComboFix 11-10-30.03 - Kristopher 10/31/2011 9:59.5.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.2130 [GMT -7:00]
Running from: c:\users\Kristopher\Desktop\ComboFix.exe
Command switches used :: c:\users\Kristopher\Desktop\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
.
---- Previous Run -------
.
c:\users\Kristopher\AppData\Roaming\akkUUVrrlOtxP
c:\users\Kristopher\AppData\Roaming\appnnG44aQHsW7f
c:\users\Kristopher\AppData\Roaming\BkkUUVrrlOBxPyc
c:\users\Kristopher\AppData\Roaming\BYCCeekIVrzONx0
c:\users\Kristopher\AppData\Roaming\c222ibbD3pnGaQ6
c:\users\Kristopher\AppData\Roaming\CKKK7ffEL9gZqYC
c:\users\Kristopher\AppData\Roaming\CwwkkIVVrlNtx0
c:\users\Kristopher\AppData\Roaming\cYCCwwkIVrlONx0
c:\users\Kristopher\AppData\Roaming\d5sssQJ6d
c:\users\Kristopher\AppData\Roaming\DfRRLL9hTXq
c:\users\Kristopher\AppData\Roaming\dmmHH5ssWJ7ELgR
c:\users\Kristopher\AppData\Roaming\EddE8gRZ9h
c:\users\Kristopher\AppData\Roaming\ElllIBBrzPNyA1v
c:\users\Kristopher\AppData\Roaming\f55ssQJ7dE
c:\users\Kristopher\AppData\Roaming\FsWWJJ7dEL8gRqY
c:\users\Kristopher\AppData\Roaming\gaaQQH66sWKfE9g
c:\users\Kristopher\AppData\Roaming\gEKK88fRZ9hTwjC
c:\users\Kristopher\AppData\Roaming\gellOOBtzP0
c:\users\Kristopher\AppData\Roaming\h222iibD3pnG
c:\users\Kristopher\AppData\Roaming\HKK77fEEL9g
c:\users\Kristopher\AppData\Roaming\i666sWWK7fE9gZq
c:\users\Kristopher\AppData\Roaming\ISSS2iibF3pG5QH
c:\users\Kristopher\AppData\Roaming\iuuccS22ib3pn4a
c:\users\Kristopher\AppData\Roaming\j11uuvSS2oF3pG5
c:\users\Kristopher\AppData\Roaming\jH55sWWJ7dELgRq
c:\users\Kristopher\AppData\Roaming\JQQQH66sWK7EL9T
c:\users\Kristopher\AppData\Roaming\KaaaQHH6dWKfRLg
c:\users\Kristopher\AppData\Roaming\kGGG5aaQH6dK7f
c:\users\Kristopher\AppData\Roaming\klllOOBtzP0yA1v
c:\users\Kristopher\AppData\Roaming\kOOBBtxxP0yS1vD
c:\users\Kristopher\AppData\Roaming\kQQQJ66dEK8fZ9T
c:\users\Kristopher\AppData\Roaming\kS22iibF3pn
c:\users\Kristopher\AppData\Roaming\ljjjYCCwkIVlOtx
c:\users\Kristopher\AppData\Roaming\LkkkIVVrlON
c:\users\Kristopher\AppData\Roaming\LuuucSS1ibD3nGa
c:\users\Kristopher\AppData\Roaming\lxxPP0uucSib
c:\users\Kristopher\AppData\Roaming\mCCeekIBBrONyA0
c:\users\Kristopher\AppData\Roaming\o00uucS11iD3oG4
c:\users\Kristopher\AppData\Roaming\ONNNyxxA1u
c:\users\Kristopher\AppData\Roaming\oqqqjjYCwkIVlOt
c:\users\Kristopher\AppData\Roaming\OYYYXwwkUVeOBzP
c:\users\Kristopher\AppData\Roaming\qxxAA1uvv2obFpG
c:\users\Kristopher\AppData\Roaming\RooonFF4pmH5QJd
c:\users\Kristopher\AppData\Roaming\rTTXXwjjUClIBzP
c:\users\Kristopher\AppData\Roaming\SbbbF33pnG5aH6W
c:\users\Kristopher\AppData\Roaming\TCwwwkUVrlOBtPy
c:\users\Kristopher\AppData\Roaming\tTTXXqjYYCkIVzN
c:\users\Kristopher\AppData\Roaming\wFF44ammH5sJ7EL
c:\users\Kristopher\AppData\Roaming\x333pnnG4aQ6sK
c:\users\Kristopher\AppData\Roaming\X77ddEKK8gZ9hXw
c:\users\Kristopher\AppData\Roaming\Y11iibDD3oG4aH6
c:\users\Kristopher\AppData\Roaming\yIIVrllONtx0uc1
c:\users\Kristopher\AppData\Roaming\ySS22ibFF3nG5Q6
c:\users\Kristopher\AppData\Roaming\zG44aamH6s
c:\users\Kristopher\AppData\Roaming\zhhYYXwkUVelOtP
c:\users\Kristopher\AppData\Roaming\zRRRZqqhYXwUVlO
c:\users\Kristopher\AppData\Roaming\ZUVVeelIBtzP
c:\users\Kristopher\AppData\Roaming\zyyycAA1ivDon
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 17:08 . 2011-10-31 17:08 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-10-31 17:08 . 2011-10-31 17:08 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-10-31 17:08 . 2011-10-31 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 17:38 . 2011-10-31 17:08 -------- d-----w- c:\users\Kristopher\AppData\Local\temp
2011-10-26 21:20 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 21:10 . 2011-10-26 21:10 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 18:34 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-26 18:34 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 18:34 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-26 18:34 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-26 18:34 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-26 18:34 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-26 18:34 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-26 18:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-26 18:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\programdata\AVAST Software
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\program files\AVAST Software
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Local\assembly
2011-10-26 07:28 . 2011-10-26 07:28 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 06:47 . 2011-10-26 18:11 -------- d-----w- c:\program files (x86)\7D37E
2011-10-26 06:46 . 2011-10-26 06:46 -------- d-----w- c:\program files (x86)\LP
2011-10-26 05:43 . 2011-10-26 05:44 315702 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-21 08:52 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-05 00:39 . 2011-10-05 00:39 -------- d-----w- c:\windows\Sun
2011-10-03 22:40 . 2011-10-03 22:40 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\UIVVrrzONtxAuc
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\TKKLhjerzOyxAuS
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BPPPNxAA1uS2bFp
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\GJJ66dWK8fRLh
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\d99hhTXqjUCekBz
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\YrrrzzONyxA0vSi
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\QnnnG44aQH6
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\NKKK7fEE9gTqjC
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\RVrrllONtxP0cSi
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\XYYCCwkUVr
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\VFFF4aamH5sJ7dL
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\wEEEL88gRZ
2011-10-03 22:35 . 2011-10-03 22:35 -------- d-----w- c:\users\Kristopher\AppData\Roaming\qeellOBBtzPyc1i
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\uBttzzP0ycA1vDo
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\btttzPP0ycA1vDo
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\a777dEEK8gRZhYw
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\xIIIBttzPNy
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CmmGG5sQQ6dEKfZ
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\vjjUUCekIBrzN
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\xaaaQHH6dWK
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\I555aQQJ6dWK
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\WrrzzPNNyxAu
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Q888fRRL9hT
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CsssQJJ6dEKfRZh
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\dJJJ6ddEK8fR9hX
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\wiibbF3ppG5aQ6W
2011-10-03 22:27 . 2011-10-03 22:27 -------- d-----w- c:\users\Kristopher\AppData\Roaming\UffRRL99gTqjYe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-31_01.28.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-10-31 00:31 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-10-31 16:25 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-10 23:39 . 2011-10-31 16:22 367138 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-01-21 03:20 . 2011-10-31 16:25 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-10-31 16:25 5357568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 5357568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 466944 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll" [2010-08-16 466944]
.
[HKEY_CLASSES_ROOT\clsid\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2010-06-29 1776640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-08-19 77824]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-15 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bart Station"="c:\program files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" [2010-07-15 25936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll" [2011-10-05 132608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R2 MBAMService;MBAMService;c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 16:11 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-09-21 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-09-18 139808]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-10-30 c:\windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 664576 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll" [2010-08-16 664576]
.
[HKEY_CLASSES_ROOT\CLSID\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6453760]
"Skytel"="Skytel.exe" [2008-09-18 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-19 152576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-31 10:10:14
ComboFix-quarantined-files.txt 2011-10-31 17:10
ComboFix2.txt 2011-10-31 01:29
ComboFix3.txt 2011-10-28 17:38
ComboFix4.txt 2011-10-27 21:55
.
Pre-Run: 64,148,852,736 bytes free
Post-Run: 64,091,963,392 bytes free
.
- - End Of File - - 82065FC3D5AF89723D8F5B098259931B
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\users\Kristopher\AppData\Roaming\UffRRL99gTqjYe
c:\users\Kristopher\AppData\Roaming\wiibbF3ppG5aQ6W
c:\users\Kristopher\AppData\Roaming\dJJJ6ddEK8fR9hX
c:\users\Kristopher\AppData\Roaming\CsssQJJ6dEKfRZh
c:\users\Kristopher\AppData\Roaming\Q888fRRL9hT
c:\users\Kristopher\AppData\Roaming\WrrzzPNNyxAu
c:\users\Kristopher\AppData\Roaming\I555aQQJ6dWK
c:\users\Kristopher\AppData\Roaming\xaaaQHH6dWK
c:\users\Kristopher\AppData\Roaming\vjjUUCekIBrzN
c:\users\Kristopher\AppData\Roaming\CmmGG5sQQ6dEKfZ
c:\users\Kristopher\AppData\Roaming\xIIIBttzPNy
c:\users\Kristopher\AppData\Roaming\a777dEEK8gRZhYw
c:\users\Kristopher\AppData\Roaming\btttzPP0ycA1vDo
c:\users\Kristopher\AppData\Roaming\uBttzzP0ycA1vDo
c:\users\Kristopher\AppData\Roaming\qeellOBBtzPyc1i
c:\users\Kristopher\AppData\Roaming\wEEEL88gRZ
c:\users\Kristopher\AppData\Roaming\VFFF4aamH5sJ7dL
c:\users\Kristopher\AppData\Roaming\XYYCCwkUVr
c:\users\Kristopher\AppData\Roaming\RVrrllONtxP0cSi
c:\users\Kristopher\AppData\Roaming\NKKK7fEE9gTqjC
c:\users\Kristopher\AppData\Roaming\QnnnG44aQH6
c:\users\Kristopher\AppData\Roaming\YrrrzzONyxA0vSi
c:\users\Kristopher\AppData\Roaming\d99hhTXqjUCekBz
c:\users\Kristopher\AppData\Roaming\GJJ66dWK8fRLh
c:\users\Kristopher\AppData\Roaming\BPPPNxAA1uS2bFp
c:\users\Kristopher\AppData\Roaming\TKKLhjerzOyxAuS
c:\users\Kristopher\AppData\Roaming\UIVVrrzONtxAuc


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-10-30.04 - Kristopher 10/31/2011 21:03:13.6.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.2018 [GMT -7:00]
Running from: c:\users\Kristopher\Desktop\ComboFix.exe
Command switches used :: c:\users\Kristopher\Desktop\CFscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\04AC\22EE.tmp
c:\program files (x86)\LP\04AC\275D.tmp
c:\program files (x86)\LP\04AC\3754.tmp
c:\program files (x86)\LP\04AC\4DC2.tmp
c:\program files (x86)\LP\04AC\93A8.tmp
c:\program files (x86)\LP\04AC\9E81.tmp
c:\program files (x86)\LP\04AC\B885.tmp
c:\program files (x86)\LP\04AC\BCEA.tmp
c:\program files (x86)\LP\04AC\F430.tmp
c:\users\Kristopher\AppData\Roaming\a777dEEK8gRZhYw
c:\users\Kristopher\AppData\Roaming\BPPPNxAA1uS2bFp
c:\users\Kristopher\AppData\Roaming\btttzPP0ycA1vDo
c:\users\Kristopher\AppData\Roaming\CmmGG5sQQ6dEKfZ
c:\users\Kristopher\AppData\Roaming\CsssQJJ6dEKfRZh
c:\users\Kristopher\AppData\Roaming\d99hhTXqjUCekBz
c:\users\Kristopher\AppData\Roaming\dJJJ6ddEK8fR9hX
c:\users\Kristopher\AppData\Roaming\GJJ66dWK8fRLh
c:\users\Kristopher\AppData\Roaming\I555aQQJ6dWK
c:\users\Kristopher\AppData\Roaming\NKKK7fEE9gTqjC
c:\users\Kristopher\AppData\Roaming\Q888fRRL9hT
c:\users\Kristopher\AppData\Roaming\qeellOBBtzPyc1i
c:\users\Kristopher\AppData\Roaming\QnnnG44aQH6
c:\users\Kristopher\AppData\Roaming\RVrrllONtxP0cSi
c:\users\Kristopher\AppData\Roaming\TKKLhjerzOyxAuS
c:\users\Kristopher\AppData\Roaming\uBttzzP0ycA1vDo
c:\users\Kristopher\AppData\Roaming\UffRRL99gTqjYe
c:\users\Kristopher\AppData\Roaming\UIVVrrzONtxAuc
c:\users\Kristopher\AppData\Roaming\VFFF4aamH5sJ7dL
c:\users\Kristopher\AppData\Roaming\vjjUUCekIBrzN
c:\users\Kristopher\AppData\Roaming\wEEEL88gRZ
c:\users\Kristopher\AppData\Roaming\wiibbF3ppG5aQ6W
c:\users\Kristopher\AppData\Roaming\WrrzzPNNyxAu
c:\users\Kristopher\AppData\Roaming\xaaaQHH6dWK
c:\users\Kristopher\AppData\Roaming\xIIIBttzPNy
c:\users\Kristopher\AppData\Roaming\XYYCCwkUVr
c:\users\Kristopher\AppData\Roaming\YrrrzzONyxA0vSi
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-11-01 04:16 . 2011-11-01 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 17:38 . 2011-11-01 04:17 -------- d-----w- c:\users\Kristopher\AppData\Local\temp
2011-10-26 21:20 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 21:10 . 2011-10-26 21:10 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 18:34 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-26 18:34 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 18:34 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-26 18:34 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-26 18:34 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-26 18:34 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-26 18:34 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-26 18:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-26 18:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\programdata\AVAST Software
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\program files\AVAST Software
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Local\assembly
2011-10-26 07:28 . 2011-10-26 07:28 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 06:47 . 2011-10-26 18:11 -------- d-----w- c:\program files (x86)\7D37E
2011-10-26 05:43 . 2011-10-26 05:44 315702 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-21 08:52 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-05 00:39 . 2011-10-05 00:39 -------- d-----w- c:\windows\Sun
2011-10-03 22:40 . 2011-10-03 22:40 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\dFF44pmmH
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\IA11uuvS2obF
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\LddWWK88fRLhTqj
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\RdddWWK8fRL9TXj
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\immGG5aaQJ
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\EvvSS2iibFpnG
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\iWWWK77fRL9gXqY
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\RtttxxA0ucS2bD
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\I333onnG4am6sJ7
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\WOOOBBtxP0yc1iD
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\y888gRRZqhYXkUe
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\XmmHH5ssQJ7EKgR
2011-10-03 22:32 . 2011-10-03 22:32 -------- d-----w- c:\users\Kristopher\AppData\Roaming\VIIIBttzPNyA1vD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-31_01.28.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-01 07:12 . 2011-10-15 08:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 07:12 . 2011-10-31 00:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-01 07:12 . 2011-10-15 08:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 07:12 . 2011-10-31 00:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-01 03:59 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-10 23:39 . 2011-11-01 03:57 369134 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2011-10-31 18:47 330648 c:\windows\system32\perfc009.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-01 03:59 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 5357568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-01 03:59 5357568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:46 . 2011-10-31 18:47 1242736 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 466944 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll" [2010-08-16 466944]
.
[HKEY_CLASSES_ROOT\clsid\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2010-06-29 1776640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-08-19 77824]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-15 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bart Station"="c:\program files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" [2010-07-15 25936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll" [2011-10-05 132608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R2 MBAMService;MBAMService;c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 16:11 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-09-21 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-09-18 139808]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-11-01 c:\windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 664576 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll" [2010-08-16 664576]
.
[HKEY_CLASSES_ROOT\CLSID\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6453760]
"Skytel"="Skytel.exe" [2008-09-18 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-19 152576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-31 21:30:14
ComboFix-quarantined-files.txt 2011-11-01 04:30
ComboFix2.txt 2011-10-31 17:10
ComboFix3.txt 2011-10-31 01:29
ComboFix4.txt 2011-10-28 17:38
ComboFix5.txt 2011-11-01 04:01
.
Pre-Run: 64,044,769,280 bytes free
Post-Run: 64,011,276,288 bytes free
.
- - End Of File - - BED95C9E713CDD3737D7F2B729F3789D
 
Still more folders to remove....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\users\Kristopher\AppData\Roaming\VIIIBttzPNyA1vD
c:\users\Kristopher\AppData\Roaming\XmmHH5ssQJ7EKgR
c:\users\Kristopher\AppData\Roaming\y888gRRZqhYXkUe
c:\users\Kristopher\AppData\Roaming\WOOOBBtxP0yc1iD
c:\users\Kristopher\AppData\Roaming\I333onnG4am6sJ7
c:\users\Kristopher\AppData\Roaming\RtttxxA0ucS2bD
c:\users\Kristopher\AppData\Roaming\iWWWK77fRL9gXqY
c:\users\Kristopher\AppData\Roaming\EvvSS2iibFpnG
c:\users\Kristopher\AppData\Roaming\immGG5aaQJ
c:\users\Kristopher\AppData\Roaming\RdddWWK8fRL9TXj
c:\users\Kristopher\AppData\Roaming\LddWWK88fRLhTqj
c:\users\Kristopher\AppData\Roaming\IA11uuvS2obF
c:\users\Kristopher\AppData\Roaming\dFF44pmmH


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-11-01.01 - Kristopher 10/31/2011 22:10:01.7.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4062.2014 [GMT -7:00]
Running from: c:\users\Kristopher\Desktop\ComboFix.exe
Command switches used :: c:\users\Kristopher\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kristopher\AppData\Roaming\dFF44pmmH
c:\users\Kristopher\AppData\Roaming\EvvSS2iibFpnG
c:\users\Kristopher\AppData\Roaming\I333onnG4am6sJ7
c:\users\Kristopher\AppData\Roaming\IA11uuvS2obF
c:\users\Kristopher\AppData\Roaming\immGG5aaQJ
c:\users\Kristopher\AppData\Roaming\iWWWK77fRL9gXqY
c:\users\Kristopher\AppData\Roaming\LddWWK88fRLhTqj
c:\users\Kristopher\AppData\Roaming\RdddWWK8fRL9TXj
c:\users\Kristopher\AppData\Roaming\RtttxxA0ucS2bD
c:\users\Kristopher\AppData\Roaming\VIIIBttzPNyA1vD
c:\users\Kristopher\AppData\Roaming\WOOOBBtxP0yc1iD
c:\users\Kristopher\AppData\Roaming\XmmHH5ssQJ7EKgR
c:\users\Kristopher\AppData\Roaming\y888gRRZqhYXkUe
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 05:19 . 2011-11-01 05:19 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-11-01 05:19 . 2011-11-01 05:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-11-01 05:19 . 2011-11-01 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 17:38 . 2011-11-01 05:19 -------- d-----w- c:\users\Kristopher\AppData\Local\temp
2011-10-26 21:20 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-26 21:10 . 2011-10-26 21:10 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp
2011-10-26 18:34 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-26 18:34 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 18:34 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-26 18:34 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-26 18:34 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-26 18:34 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-26 18:34 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-26 18:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-26 18:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\programdata\AVAST Software
2011-10-26 18:34 . 2011-10-26 18:34 -------- d-----w- c:\program files\AVAST Software
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Microsoft Corporation
2011-10-26 17:08 . 2011-10-26 17:08 -------- d-----w- c:\users\Kristopher\AppData\Local\assembly
2011-10-26 07:28 . 2011-10-26 07:28 107520 ----a-w- c:\users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp
2011-10-26 06:47 . 2011-10-26 18:11 -------- d-----w- c:\program files (x86)\7D37E
2011-10-26 05:43 . 2011-10-26 05:44 315702 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-21 08:52 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A70A73D3-083E-47D6-8392-6F3D616B15C8}\mpengine.dll
2011-10-05 00:39 . 2011-10-05 00:39 -------- d-----w- c:\windows\Sun
2011-10-03 22:40 . 2011-10-03 22:40 -------- d-----w- c:\users\Kristopher\AppData\Roaming\Malwarebytes
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\PBttzzPNycA
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\K11uuvDD2oF4p
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\yqqqjjUCekI
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\h666dWWK7fR9
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\WqjjYYCwk
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\dNNyycA11vD2
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v
2011-10-03 22:29 . 2011-10-03 22:29 -------- d-----w- c:\users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-31_01.28.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-01 07:12 . 2011-10-15 08:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 07:12 . 2011-10-31 00:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-01 07:12 . 2011-10-15 08:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 07:12 . 2011-10-31 00:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-01 03:59 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-10 23:39 . 2011-11-01 05:05 369414 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2011-10-31 18:47 330648 c:\windows\system32\perfc009.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-01 03:59 3751936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-31 00:31 5357568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-01 03:59 5357568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:46 . 2011-10-31 18:47 1242736 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 466944 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll" [2010-08-16 466944]
.
[HKEY_CLASSES_ROOT\clsid\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2010-06-29 1776640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-08-19 77824]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-15 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Bart Station"="c:\program files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe" [2010-07-15 25936]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Motive Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll" [2011-10-05 132608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R2 MBAMService;MBAMService;c:\users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/07 08:26];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 16:11 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-09-21 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-09-18 139808]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 23:34]
.
2011-11-01 c:\windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e0173e2-c764-490f-8035-d4c8091774a8}]
2010-08-16 20:12 664576 ----a-w- c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{596de2ef-c6de-400f-9f8d-288fed8e323d}"= "c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll" [2010-08-16 664576]
.
[HKEY_CLASSES_ROOT\CLSID\{596de2ef-c6de-400f-9f8d-288fed8e323d}]
[HKEY_CLASSES_ROOT\ShopShieldCompanion.ToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6453760]
"Skytel"="Skytel.exe" [2008-09-18 1826816]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-19 152576]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.my.yahoo.com/
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Display All Images with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files (x86)\NetZero\qsacc\appres.dll/227"
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{89D719AD-0468-4539-BC75-8E59699E7912} - {89D719AD-0468-4539-BC75-8E59699E7912} - c:\program files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 55192
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-31 22:21:32
ComboFix-quarantined-files.txt 2011-11-01 05:21
ComboFix2.txt 2011-11-01 04:30
ComboFix3.txt 2011-10-31 17:10
ComboFix4.txt 2011-10-31 01:29
ComboFix5.txt 2011-11-01 05:08
.
Pre-Run: 64,061,468,672 bytes free
Post-Run: 64,007,102,464 bytes free
.
- - End Of File - - 9FD9E5738D3E5AF25EB5C3AB04E94365
 
How is computer doing at the moment?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 11/1/2011 8:41:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kristopher\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 46.36% Memory free
8.15 Gb Paging File | 5.91 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.00 Gb Total Space | 59.68 Gb Free Space | 20.03% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 0.85 Gb Free Space | 45.00% Space Free | Partition Type: FAT

Computer Name: KRISTOPHER-PC | User Name: Kristopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 20:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kristopher\Desktop\OTL.exe
PRC - [2011/10/19 15:23:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/10 09:35:48 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/09/03 10:02:26 | 000,171,856 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Browser\BartShel.exe
PRC - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2010/07/27 02:47:12 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/07/15 14:09:34 | 000,095,056 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Browser\PPShared.exe
PRC - [2010/06/29 14:41:40 | 001,776,640 | ---- | M] (NetZero, Inc.) -- C:\Program Files (x86)\NetZero\exec.exe
PRC - [2010/04/02 09:11:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009/11/25 15:20:02 | 000,091,392 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/25 15:19:58 | 000,277,760 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/08/27 11:00:18 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2008/08/26 15:02:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
PRC - [2008/08/26 14:56:34 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2008/08/26 14:56:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2008/08/26 14:56:32 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2008/04/01 02:39:48 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/19 15:23:37 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/30 13:01:32 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/30 13:01:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/29 23:42:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/29 23:42:22 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/29 23:42:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/29 23:41:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011/06/29 23:41:46 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011/06/29 23:41:27 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011/06/29 23:41:12 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011/06/29 23:41:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/29 23:39:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 03:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/01/19 03:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/09/15 16:55:52 | 000,292,176 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Bin\PPCInstall.dll
MOD - [2010/09/03 10:02:26 | 000,171,856 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Browser\BartShel.exe
MOD - [2010/07/26 14:16:40 | 000,030,032 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Bin\PPCResEnglish.dll
MOD - [2010/07/15 14:09:34 | 000,095,056 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Browser\PPShared.exe
MOD - [2010/07/15 14:09:18 | 000,099,664 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Bin\PaceSync.dll
MOD - [2010/07/15 14:08:56 | 000,101,200 | ---- | M] () -- C:\Program Files (x86)\PeoplePC\ISP8330\Bin\ISPUtil8.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/17 20:21:00 | 003,883,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2008/10/13 15:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/08/26 15:02:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
MOD - [2008/08/26 14:56:34 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
MOD - [2008/08/26 14:56:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
MOD - [2008/08/26 14:56:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2008/08/26 14:56:32 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2008/08/26 14:56:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2008/08/26 14:56:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2008/08/26 14:56:30 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2008/08/26 14:56:28 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWSET.dll
MOD - [2008/08/26 14:56:28 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWDEV.dll
MOD - [2008/08/26 14:56:26 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWTSK.dll
MOD - [2008/08/26 14:56:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2008/08/26 14:56:20 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWCommon.dll
MOD - [2008/08/26 14:56:20 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2008/08/26 14:56:20 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2008/08/26 14:56:18 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2008/08/26 14:56:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
MOD - [2008/08/25 21:59:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2008/08/25 21:58:58 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2008/07/27 11:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2008/04/17 01:00:02 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
MOD - [2008/04/17 00:59:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2008/04/17 00:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
MOD - [2008/04/17 00:59:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
MOD - [2008/04/17 00:59:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2008/04/01 02:39:26 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2007/11/09 03:39:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Lite\Plugins\Images\bw5mount.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/14 22:21:22 | 000,949,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/04/30 21:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 20:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/17 15:01:49 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/25 15:20:02 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/09/18 15:43:38 | 000,139,808 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 13:38:18 | 000,601,944 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 13:38:16 | 000,301,912 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 13:36:41 | 000,058,200 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 13:36:41 | 000,042,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 13:36:30 | 000,065,368 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 13:36:14 | 000,024,408 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/27 02:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 02:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/06/14 19:42:24 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/27 13:11:20 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2009/10/27 13:10:18 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2009/10/27 13:10:18 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/06/19 18:07:44 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/15 01:58:32 | 005,172,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/06 20:14:20 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/03/04 13:00:26 | 005,430,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/09/19 10:47:50 | 000,132,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/09/19 10:47:50 | 000,095,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/09/19 10:47:50 | 000,021,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/09/19 10:47:38 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/09/18 19:31:20 | 000,193,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/18 16:25:52 | 000,176,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/07/09 10:47:28 | 000,011,576 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:47:27 | 000,903,168 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/09/10 11:19:24 | 000,103,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/04/02 09:11:16 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/07 08:26:23] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009/06/24 19:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2008/07/11 17:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58081


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58081



IE - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?utm_source=en-ha-na-us-sk&utm_medium=ha&referrer=ign_n"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: shopshield@kemesa.net:2.0.4997
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 55192
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Users\Kristopher\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Users\Kristopher\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/13 07:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/26 11:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/19 15:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/06 12:06:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/13 07:34:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{45222F64-B4F8-4C23-A032-719D109E314C}: C:\Users\Kristopher\AppData\Local\{45222F64-B4F8-4C23-A032-719D109E314C}
 
part 2

[2009/12/11 12:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Extensions
[2011/10/17 11:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\extensions
[2010/07/27 12:19:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 11:15:10 | 000,000,000 | ---D | M] (Shop Shield) -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\extensions\shopshield@kemesa.net
[2010/10/03 13:22:28 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\extensions\vshare@toolbar
[2010/01/24 19:14:05 | 000,002,184 | ---- | M] () -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\searchplugins\bing.xml
[2010/10/03 13:22:32 | 000,001,583 | ---- | M] () -- C:\Users\Kristopher\AppData\Roaming\Mozilla\Firefox\Profiles\4un0vwqr.default\searchplugins\web-search.xml
[2010/11/03 13:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/03 13:33:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/26 11:34:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/10/19 15:23:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/03 13:32:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/19 15:23:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: NeuLion Adaptive Plugin (Enabled) = C:\Users\Kristopher\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Kristopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/10/31 22:19:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ShopShieldCompanion) - {6e0173e2-c764-490f-8035-d4c8091774a8} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll ()
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files (x86)\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (ShopShieldCompanion) - {6e0173e2-c764-490f-8035-d4c8091774a8} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files (x86)\NetZero\UCReg.dll (NetZero, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Shop Shield) - {596de2ef-c6de-400f-9f8d-288fed8e323d} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll ()
O3 - HKLM\..\Toolbar: (Shop Shield) - {596de2ef-c6de-400f-9f8d-288fed8e323d} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll (NetZero, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bart Station] C:\Program Files (x86)\PeoplePC\ISP8330\BIN\PPCOLink.exe ()
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [Motive Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Motive Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000..\Run: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe (NetZero, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Display All Images with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8:64bit: - Extra context menu item: Display Image with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files (x86)\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: ShopShield - {89D719AD-0468-4539-BC75-8E59699E7912} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader64.dll ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ShopShield - {89D719AD-0468-4539-BC75-8E59699E7912} - C:\Program Files (x86)\Kemesa, LLC\Shop Shield Internet Explorer Companion\adxloader.dll ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2E5C1C7-AC38-419F-A30F-6745348862BC}: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4FC6294-5DDA-496C-91A9-D4B43772E63C}: DhcpNameServer = 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\CF67D\8A804.exe) -C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\CF67D\8A804.exe ()
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\CF67D\8A804.exe) -C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\CF67D\8A804.exe ()
O24 - Desktop WallPaper: C:\Users\Kristopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kristopher\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 20:39:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kristopher\Desktop\OTL.exe
[2011/10/31 22:08:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/30 14:58:32 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kristopher\Desktop\tdsskiller.exe
[2011/10/30 09:45:35 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Kristopher\Desktop\boot_cleaner.exe
[2011/10/28 10:38:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/28 10:38:21 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Local\temp
[2011/10/26 22:01:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/26 22:01:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/26 22:01:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/26 22:01:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/26 22:00:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/26 21:56:47 | 004,279,489 | R--- | C] (Swearware) -- C:\Users\Kristopher\Desktop\ComboFix.exe
[2011/10/26 14:20:17 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\Desktop\Malwarebytes' Anti-Malware
[2011/10/26 14:18:02 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kristopher\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/26 11:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/26 11:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/26 11:34:09 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/10/26 11:34:09 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/26 11:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/26 11:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/26 11:12:35 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kristopher\Desktop\aswMBR.exe
[2011/10/26 10:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/26 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\Microsoft Corporation
[2011/10/26 10:08:31 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Local\assembly
[2011/10/25 23:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7D37E
[2011/10/04 17:39:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/03 15:40:08 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\Malwarebytes
[2011/10/03 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\wFF44pmmG5QJ6EK
[2011/10/03 15:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/03 15:39:53 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\qwwjjUVVelBtzNy
[2011/10/03 15:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/03 15:39:48 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\D444pmmG5sQJdE
[2011/10/03 15:39:44 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\jzzzPNNyxA1uS
[2011/10/03 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\dxxxAA1uvS2o
[2011/10/03 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\G22iF33naQ6K7
[2011/10/03 15:39:30 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\jnnGG5aaQH6WK
[2011/10/03 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\SpnnGG5aQH
[2011/10/03 15:39:21 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\iuccSS2ibD3pn
[2011/10/03 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\wCwwkkIVrlONx
[2011/10/03 15:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\Q777fEEL8gTZhY
[2011/10/03 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\pSS11ivvD3nF
[2011/10/03 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\EHHH5ssQJ7dE8gZ
[2011/10/03 15:29:55 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw
[2011/10/03 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\PBttzzPNycA
[2011/10/03 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\K11uuvDD2oF4p
[2011/10/03 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\yqqqjjUCekI
[2011/10/03 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\h666dWWK7fR9
[2011/10/03 15:29:33 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c
[2011/10/03 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\WqjjYYCwk
[2011/10/03 15:29:24 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ
[2011/10/03 15:29:19 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt
[2011/10/03 15:29:15 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R
[2011/10/03 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\dNNyycA11vD2
[2011/10/03 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v
[2011/10/03 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/01 20:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kristopher\Desktop\OTL.exe
[2011/11/01 20:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/31 22:19:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/31 22:15:28 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/31 22:07:52 | 004,279,489 | R--- | M] (Swearware) -- C:\Users\Kristopher\Desktop\ComboFix.exe
[2011/10/31 22:06:14 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job
[2011/10/31 11:47:51 | 001,242,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/31 11:47:51 | 000,344,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/31 11:47:51 | 000,330,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 11:17:34 | 000,003,712 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 11:17:34 | 000,003,712 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 17:38:42 | 000,165,376 | ---- | M] () -- C:\Users\Kristopher\Desktop\SystemLook_x64.exe
[2011/10/30 17:28:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 17:28:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/10/30 17:28:30 | 565,098,596 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 14:58:37 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kristopher\Desktop\tdsskiller.exe
[2011/10/30 09:48:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/30 09:45:17 | 000,044,607 | ---- | M] () -- C:\Users\Kristopher\Desktop\bootkit_remover.zip
[2011/10/27 14:33:57 | 001,008,092 | ---- | M] () -- C:\Users\Kristopher\Desktop\iExplore(1).exe
[2011/10/26 18:01:45 | 000,000,448 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/26 14:18:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kristopher\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/26 11:34:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/10/26 11:12:38 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kristopher\Desktop\aswMBR.exe
[2011/10/26 10:55:39 | 000,000,150 | ---- | M] () -- C:\Users\Kristopher\Desktop\rk-proxy.reg
[2011/10/25 22:26:18 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/25 22:25:40 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/25 22:25:40 | 000,000,112 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/25 22:25:11 | 000,000,643 | ---- | M] () -- C:\Users\Kristopher\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 22:17:21 | 000,000,619 | ---- | M] () -- C:\Users\Kristopher\Desktop\System Restore.lnk
[2011/10/11 10:47:57 | 000,001,356 | ---- | M] () -- C:\Users\Kristopher\AppData\Local\d3d9caps.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/30 17:38:42 | 000,165,376 | ---- | C] () -- C:\Users\Kristopher\Desktop\SystemLook_x64.exe
[2011/10/30 09:45:16 | 000,044,607 | ---- | C] () -- C:\Users\Kristopher\Desktop\bootkit_remover.zip
[2011/10/27 14:33:54 | 001,008,092 | ---- | C] () -- C:\Users\Kristopher\Desktop\iExplore(1).exe
[2011/10/26 22:01:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/26 22:01:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/26 22:01:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/26 22:01:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/26 22:01:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/26 18:00:16 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/26 14:20:17 | 000,025,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/26 11:34:28 | 000,301,912 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/10/26 11:34:28 | 000,024,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/10/26 11:34:24 | 000,042,328 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/10/26 11:34:23 | 000,601,944 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/10/26 11:34:23 | 000,058,200 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/10/26 11:34:21 | 000,065,368 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/10/26 11:34:20 | 000,254,400 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2011/10/26 11:34:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/10/26 10:55:39 | 000,000,150 | ---- | C] () -- C:\Users\Kristopher\Desktop\rk-proxy.reg
[2011/10/25 22:25:11 | 000,000,643 | ---- | C] () -- C:\Users\Kristopher\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 22:18:22 | 000,000,232 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/25 22:18:22 | 000,000,112 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/25 22:17:21 | 000,000,619 | ---- | C] () -- C:\Users\Kristopher\Desktop\System Restore.lnk
[2011/10/25 22:17:17 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/06/12 09:02:12 | 000,000,120 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\Jkuzamodet.dat
[2011/06/12 09:02:12 | 000,000,000 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\Pzuyit.bin
[2011/05/24 18:56:53 | 000,000,000 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\{56412E52-CDCB-4042-ABE4-59FC2E3C07DA}
[2011/05/24 18:55:10 | 000,000,000 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\{9E6176C7-4EB4-46BF-B48E-FC4169ABD37F}
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/28 13:54:06 | 000,048,640 | ---- | C] () -- C:\Windows\fsViewer_acm.exe
[2011/01/28 13:53:52 | 000,051,200 | ---- | C] () -- C:\Windows\fsViewer_h.dll
[2010/11/12 08:42:28 | 000,255,312 | ---- | C] () -- C:\Windows\SysWow64\PPCInfo.exe
[2010/11/12 08:42:28 | 000,069,456 | ---- | C] () -- C:\Windows\SysWow64\unPPC6000.exe
[2010/11/12 08:42:28 | 000,057,168 | ---- | C] () -- C:\Windows\SysWow64\PPCOUNIN.exe
[2010/11/12 08:42:28 | 000,040,616 | ---- | C] () -- C:\Windows\SysWow64\PPCClean.exe
[2010/11/12 08:42:28 | 000,029,008 | ---- | C] () -- C:\Windows\SysWow64\PopWait.exe
[2010/09/02 12:29:29 | 000,739,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/13 07:24:13 | 000,205,917 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/06/30 12:34:37 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/06/30 12:34:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2010/06/25 20:32:31 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/25 20:32:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/25 20:32:30 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/25 20:32:30 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/25 20:32:29 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/06/15 12:16:24 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/15 12:16:24 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F099734AD.sys
[2010/06/09 14:18:25 | 000,001,356 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\d3d9caps.dat
[2010/06/06 18:02:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\CLDShowX.ini
[2010/01/29 14:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/12/24 20:38:46 | 000,073,216 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/12 00:31:17 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/12 00:31:17 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/12/10 15:15:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/10 14:56:26 | 000,008,540 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\d3d9caps64.dat
[2009/12/10 14:46:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/03 04:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/01/17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

========== LOP Check ==========

[2011/03/30 09:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\Add-in Express Ltd
[2011/10/03 15:29:33 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c
[2011/10/10 00:48:38 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\Azureus
[2011/10/03 15:29:24 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ
[2011/10/03 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v
[2011/10/03 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB
[2011/10/03 15:39:48 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\D444pmmG5sQJdE
[2010/06/14 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\DAEMON Tools
[2011/10/03 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\dNNyycA11vD2
[2011/10/03 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\dxxxAA1uvS2o
[2011/10/03 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\EHHH5ssQJ7dE8gZ
[2011/10/03 15:39:35 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\G22iF33naQ6K7
[2010/01/05 14:29:43 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\GetRightToGo
[2011/10/03 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\h666dWWK7fR9
[2011/10/03 15:39:21 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\iuccSS2ibD3pn
[2011/10/03 15:39:30 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\jnnGG5aaQH6WK
[2011/10/03 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\jzzzPNNyxA1uS
[2011/10/03 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\K11uuvDD2oF4p
[2011/10/03 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw
[2010/09/18 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\NeuLion
[2011/10/03 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R
[2011/10/03 15:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\PBttzzPNycA
[2010/11/12 08:48:49 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\PeoplePC Online
[2011/10/03 15:39:08 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\pSS11ivvD3nF
[2011/10/03 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\Q777fEEL8gTZhY
[2011/10/03 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\qwwjjUVVelBtzNy
[2011/09/07 11:28:34 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\redsn0w
[2010/12/02 19:51:35 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\SoftGrid Client
[2011/10/03 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\SpnnGG5aQH
[2010/12/02 19:19:35 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\TP
[2011/10/29 10:52:32 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\TuneUpMedia
[2011/10/03 15:39:17 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\wCwwkkIVrlONx
[2011/10/03 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\wFF44pmmG5QJ6EK
[2011/10/03 15:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\WqjjYYCwk
[2011/10/03 15:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt
[2011/10/03 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\yqqqjjUCekI
[2010/10/02 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Mcx2\AppData\Roaming\TuneUpMedia
[2011/10/30 09:48:22 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/31 22:06:14 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C3CEC2E4-8A50-4FE7-AD63-91F66B08230C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/10/26 20:55:37 | 000,003,446 | ---- | M] () -- C:\aswBoot.log
[2008/01/20 19:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/12/10 14:41:45 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/12/20 14:13:06 | 000,000,775 | ---- | M] () -- C:\cleanup.bat
[2011/10/31 22:21:32 | 000,019,773 | ---- | M] () -- C:\ComboFix.txt
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/10/30 17:28:30 | 279,044,095 | -HS- | M] () -- C:\pagefile.sys
[2009/12/10 15:26:04 | 000,000,607 | ---- | M] () -- C:\RHDSetup.log
[2011/10/27 14:34:26 | 000,003,169 | ---- | M] () -- C:\rkill.log
[2011/10/30 17:27:16 | 000,079,606 | ---- | M] () -- C:\TDSSKiller.2.6.14.0_30.10.2011_14.59.04_log.txt
[2010/06/15 12:10:42 | 000,474,750 | ---- | M] () -- C:\vcredist_x86.log
[2010/02/17 18:14:28 | 000,007,015 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 13:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/10/26 11:12:38 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kristopher\Desktop\aswMBR.exe
[2010/04/25 13:49:06 | 000,608,256 | ---- | M] () -- C:\Users\Kristopher\Desktop\blackra1n-fixed.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kristopher\Desktop\boot_cleaner.exe
[2011/10/31 22:07:52 | 004,279,489 | R--- | M] (Swearware) -- C:\Users\Kristopher\Desktop\ComboFix.exe
[2011/02/12 22:58:56 | 005,298,620 | ---- | M] () -- C:\Users\Kristopher\Desktop\greenpois0n.exe
[2011/10/27 14:33:57 | 001,008,092 | ---- | M] () -- C:\Users\Kristopher\Desktop\iExplore(1).exe
[2010/12/20 11:13:59 | 000,325,120 | ---- | M] () -- C:\Users\Kristopher\Desktop\limera1n(3).exe
[2011/10/26 14:18:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kristopher\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/01 20:40:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kristopher\Desktop\OTL.exe
[2010/11/23 02:46:04 | 015,240,704 | ---- | M] () -- C:\Users\Kristopher\Desktop\redsn0w (2).exe
[2011/09/05 22:11:42 | 019,488,256 | ---- | M] () -- C:\Users\Kristopher\Desktop\redsn0w.exe
[2011/10/30 17:38:42 | 000,165,376 | ---- | M] () -- C:\Users\Kristopher\Desktop\SystemLook_x64.exe
[2011/10/30 14:58:37 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kristopher\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/12/10 14:56:41 | 000,000,402 | -HS- | M] () -- C:\Users\Kristopher\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/26 18:01:45 | 000,000,448 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2010/06/15 13:23:05 | 000,000,088 | RHS- | M] () -- C:\ProgramData\5F099734AD.sys
[2011/10/25 22:26:18 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2010/06/06 18:20:06 | 000,000,000 | ---- | M] () -- C:\ProgramData\CLDShowX.ini
[2010/07/13 07:45:19 | 000,000,774 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/06/15 13:23:45 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/10/25 22:25:40 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/25 22:25:40 | 000,000,112 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

< End of report >
 
EXTRAS.TXT

OTL Extras logfile created on: 11/1/2011 8:41:45 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kristopher\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 46.36% Memory free
8.15 Gb Paging File | 5.91 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.00 Gb Total Space | 59.68 Gb Free Space | 20.03% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 0.85 Gb Free Space | 45.00% Space Free | Partition Type: FAT

Computer Name: KRISTOPHER-PC | User Name: Kristopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011AE2A6-D71A-44D1-8FDE-7FAFA7903BB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{01686FF8-E595-4F27-B49F-F3B0900300C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0834AA44-4D0A-46BF-805F-FADF903A7FC1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{095CE7BB-09A4-45F8-9059-27D01C005BF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A5C60CE-6B15-4FC7-BE39-561839B32206}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EC5ADBC-0BE7-401E-AD44-00D8064702A9}" = lport=5004 | protocol=17 | dir=in | name=local subnet 6 |
"{12075659-19CA-4E73-901F-AC426A8CAB06}" = rport=10243 | protocol=6 | dir=out | app=system |
"{137E1199-2C09-47DC-A89D-4654773CDB0D}" = lport=5005 | protocol=17 | dir=in | name=local subnet 7 |
"{1E3118C7-9D3D-4172-9074-E21ACBACCEDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FCE491E-78E9-4AB5-81F4-CA68F723E7B3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{30890937-E5E7-42E6-9A48-2F30D5BB9895}" = lport=138 | protocol=17 | dir=in | app=system |
"{331E9B0E-EAFF-4E32-A8E2-375EFB1ED65E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{372267F2-55EA-46B5-934C-137EA6A82315}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{37AC206E-9A41-4490-81F8-B1FD99DB0E8B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39985874-804F-42F2-B143-2F64E66F2D14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42DD5A36-B697-40B4-BD80-9F6F3B96DEAC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44364E1C-FB05-4BE3-9DDA-58283509F4BE}" = lport=2177 | protocol=6 | dir=in | name=local subnet 3 |
"{47FDA7D8-5C3C-40BD-B0AE-7DFC1B178672}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{499D3AB5-9854-4EAC-9636-B6B2E298096D}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C5629BB-CCA2-4659-A114-51252AAD733C}" = lport=2177 | protocol=17 | dir=in | name=local subnet 4 |
"{4F404967-DDAD-4B42-A069-93B4631206D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FF7044E-EDFC-4537-945D-6BCA67400C31}" = lport=10243 | protocol=6 | dir=in | app=system |
"{55348798-4AAE-4630-A935-B7927A0284DD}" = rport=10244 | protocol=6 | dir=out | app=system |
"{60C47A6B-94B8-4230-AD23-46C14D613A71}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{63E54234-EF7C-406D-B593-FDA8BC52EB85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6675A0EF-ABBB-4DB3-8F72-F5311FEEB1E1}" = lport=10243 | protocol=6 | dir=in | name=local subnet 8 |
"{6D3142A8-209F-44B3-8656-D3CFE7BC3531}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7233D6C5-87AF-4FA2-91A0-9314B9AA662F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7979B57C-6EA7-45BD-BB77-9D82D91BF066}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A89BB58-15D4-4A2E-BBA4-9FC9282B2DDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82B7A280-4E62-40B2-BEB2-32D79A08C368}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8465CD99-D76D-4659-8FFE-2E31CF1219A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84DA5E03-E48C-456B-9DD8-3AFD0C0D221F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8A105C1B-DDE6-431D-A448-4A7CC87899D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A725DA7-2A5C-42B5-BE20-D648C988ECA1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8AC58901-9A19-4824-B88C-A02B7C022AB5}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8CF47481-10A1-4E13-91F4-0A04D811B602}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EE79D7A-AA46-4ECF-891B-E2224F844E86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92F134A7-CB7F-4BD8-975E-F69ACE831EF4}" = lport=1900 | protocol=17 | dir=in | name=local subnet 2 |
"{AFC12D49-D908-4AEA-9CE8-519960328B0C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B31BFC43-3E51-4CB9-9649-BDAFD0D41336}" = lport=2869 | protocol=6 | dir=in | name=local subnet 5 |
"{B3BAD0CA-3F6D-4CCA-833B-6346D3853CE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{B61E707F-595B-4315-A4B7-87A9EDC76FF8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BA05DF5D-0867-4414-84D9-5D5EBDE6FD40}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BEC2BD7F-E922-4061-800A-2842ECAE0C1E}" = lport=10284 | protocol=17 | dir=in | name=local subnet 10 |
"{C064A09E-604B-4564-A657-1ADAFE445432}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C073939D-CF33-46E5-970A-F0C832849AF7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C711FC90-EB3F-49BD-8177-9BCD015521C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7FAC7D5-77D1-47F1-9B63-A9AE1EE9EEAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC99E97A-0ABA-4483-BA9A-6AA529E70B32}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CE698183-63BB-454A-87ED-0B517A1CE3C4}" = lport=57506 | protocol=6 | dir=in | name=akamai netsession interface |
"{D3F3F3C3-5078-4077-8AC4-277CF33BC824}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9D6C040-6D03-47D1-A607-5E621F524857}" = lport=554 | protocol=6 | dir=in | name=local subnet |
"{DC874A20-8B85-4FBB-ABBA-C3D35086062C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE7A3EAE-2D04-44F5-9C07-AFE60EDB17AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{E0ACC39A-729F-4EC5-88B0-6AAB815308B2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E7215C08-6C27-468B-ACD9-87F725B01003}" = lport=10280 | protocol=17 | dir=in | name=local subnet 9 |
"{E7502840-8B0D-4D9C-8E29-EC77C6FF167A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ECB7B76D-2785-4153-B664-355FA3C3F0D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED9F1251-E91A-4E0B-A93B-F29357ADB165}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EEAA93F0-7C3D-4B6C-8005-3FE0F9AC14F0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EEBF0F75-28CC-4805-8934-42910BCF461D}" = lport=57053 | protocol=6 | dir=in | name=akamai netsession interface |
"{F136BCB0-0A3D-4BFB-88C7-014ED3B00A8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{F3432624-C7A2-45AF-BDB6-56EB6CC26E4A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FA09A351-20DD-4033-8914-6623C2A2A180}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033B59FA-3ED1-46D7-B1C1-B52362A4DBB6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{058B850D-3B63-42C3-A8D3-349E218AB25F}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{0B38BA9E-1944-438B-B972-6F1A67C77629}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{0B76D453-097E-45CB-B4AD-7D0CAB1DED38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{0BEB291E-176E-4D2A-9D81-3A04F98D1A9B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{0EA82B5A-1B9E-4426-B001-1B3CD01BF742}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14CB6D8D-B10F-48AE-860A-1282ECDE7385}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{14E5529F-D708-4C41-9D66-B04AD5799219}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{174F6221-E020-4DDB-B371-56C855D3EA39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A3C726A-9E37-49B3-A024-57D24A9E0655}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DA38FF9-2070-43B6-9A45-9B9B0E8ED2D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{219D4B85-C5BA-41DF-9AFD-1E9F7BA1AFA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{241A98A0-C9D3-446B-91FD-322DA3DD3B35}" = dir=in | app=d:\setup\hpznui40.exe |
"{241C8EE5-02D6-4565-B55A-2E88A08BF256}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
"{24CF6E47-FDC0-46FA-897C-78361D05572C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C810F6B-DCE4-4EEB-9245-15BB03325251}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{2E919D78-DFF2-4A3F-B779-D02C2B87E937}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{316035B6-1A22-4F63-A822-7F4646671ADF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3827B394-D267-46BD-82D2-C1D6A81E038F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3F94A0D5-0D7A-4C3D-866B-D7922EBC26F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4090D982-FBDB-496F-8165-4F980A067CFB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40A277F2-74AD-438F-B647-0AA1A8580363}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\mcciservicehost.exe |
"{42E19B32-FBA3-43A8-B400-299AF59E3344}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{452A997A-663B-4F3C-A3A9-17A232232C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45867FAC-2440-4F21-92DE-C6B15568E4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
"{4756B554-2702-4DDF-A66D-D26F2F8567B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{49EE83AF-F14C-4ECC-BCB8-2A39141E2E25}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{50BF1DC5-02D7-431A-BF6D-BD1B4695FA0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A6E3E53-BDDA-4539-945B-90E36364707A}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5B28C339-EF9D-40E5-B0F9-9492C1D6A8E6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{5B4AEE9B-0A4C-4512-95BD-C8E35268CFBE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\mcciservicehost.exe |
"{5D668EE2-FE50-464A-BE94-3ED16DA81E93}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5E66E24D-DBEB-4801-B2DE-56632F99D34B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5EDA2A74-7E64-4980-84F1-D6832322384D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{606C7E4D-8C2F-4AB2-AE81-8A8C6298D983}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6635C064-048D-482C-BC82-71EE4BE74321}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6BA378E2-D08D-4762-869A-3C80B8D47562}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{76BD7D3F-0ED9-42A9-A39B-89637E8615A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{84AFC9AB-A5C3-4D27-9D72-1321010DD126}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{8A94CA9C-38D1-405C-B189-889B33D85872}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{900F2E07-A6D0-429A-8168-B2B794021787}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{91C4F255-F731-4096-8BF9-86403BD48534}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9E2BF844-9651-4D20-83CE-FF58E9F86DC4}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{9F427D1C-6612-4B71-978F-A2F584AAABEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A3162694-A0C8-4530-ACF4-11E9B13AD452}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFB1D321-234E-4DAF-8A3E-2035BF10335B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2E391D3-75CC-42B6-8D22-48E1BCB30CE8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B43C5E65-107B-411B-B6B0-F60078D6A44C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B77718B1-EDDC-4C91-835C-1189F5399604}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA0DD41B-B0BC-43E5-8CAF-1A74D7CBC693}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C25C4581-E01F-4962-BA1A-5F2A8471CEE6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C48FFBA8-AA07-4CA8-B590-A978A35C7120}" = protocol=6 | dir=out | app=system |
"{C80FD2F3-14BD-4167-8C6F-CDCAF4038CFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D64B23A0-7251-4EA3-9CF2-504174FDF3C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{DB050F05-6D77-4F77-95FA-EB57C6400C7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC643D93-57D2-4401-BC8B-2044FFF2167B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DC8FA930-8038-4292-B3AF-69E40B6AD329}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{DF77C736-7A6F-41D5-889C-E8E5AE89E650}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{E370FFEE-B5B8-4DB8-A2F0-D85239259D9B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7C1CEA9-DDFD-49AE-9E72-83A9757C28F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA81E2A0-8F47-4611-9D44-130B9ECE99CF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EC547DAE-1A8D-4125-8319-5402C33A4034}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{EF0DEEDE-5380-446C-8A76-02B7BC3F74D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{EFD23985-9E88-49B3-B753-A8D6026CF4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F11F6E9D-8493-4854-9606-A4CCF3FDFFAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F70560A7-3ACD-4771-B443-600F9B7DFA3C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FA7F45A9-B056-4846-B053-989B51529EF3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FE8B23AF-E3F8-47CF-91EC-3295C9DBB4F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{04332EDD-8A36-4796-ABA4-6132BB3D4868}C:\users\kristopher\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.21.01.exe |
"TCP Query User{3AD3072E-C704-45B2-AE70-F7F02C8C1113}C:\program files (x86)\corel\corelwindvd2010\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\corelwindvd2010\windvd.exe |
"TCP Query User{3D8537AA-3D5C-4892-83C9-E7B4550B7C91}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{3E0259A2-FF55-4882-BF64-C31CACAA83F2}C:\program files (x86)\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icall\icall.exe |
"TCP Query User{7559B60C-D76B-444C-8D81-489AB7CB71A3}C:\users\kristopher\downloads\umbrella-4.1.5.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.5.exe |
"TCP Query User{757790D4-4745-4EEC-884A-BC9AF0D3B88A}C:\users\kristopher\downloads\umbrella-4.1.4.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.4.exe |
"TCP Query User{78D28779-EC75-4B88-ADF8-21ECA8FE300F}C:\users\kristopher\downloads\tinyumbrella-4.33.02.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.33.02.exe |
"TCP Query User{8B0D246A-1FCF-42B2-9707-E80E3A42EEAD}C:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"TCP Query User{9BA47F9F-D217-4375-BCB4-770E6074AAC6}C:\users\kristopher\downloads\umbrella-4.1.5.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.5.exe |
"TCP Query User{B619B0BA-63D3-4BFC-8D2A-C31240ADB326}C:\users\kristopher\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.21.01.exe |
"TCP Query User{B8C702CC-377F-48C1-AE1D-4CB87DEE1421}C:\users\kristopher\downloads\tinyumbrella-4.33.00.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.33.00.exe |
"TCP Query User{D1C8DE23-3893-4485-82E1-B56BB418377E}C:\users\kristopher\downloads\tinyumbrella-5.00.06.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-5.00.06.exe |
"TCP Query User{E9AFA935-DDA5-4049-A667-FB51AB49877C}C:\program files (x86)\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icall\icall.exe |
"TCP Query User{F2386E1D-1B53-4FBE-BD40-1EB35BEE0C84}C:\users\kristopher\downloads\umbrella-4.1.4.exe" = protocol=6 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.4.exe |
"TCP Query User{FAE6F1D1-C87F-4B17-8CF9-C325831EC60A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{09E6BD15-B7BD-4367-BFBB-37B63C4B2E44}C:\program files (x86)\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icall\icall.exe |
"UDP Query User{204B27E6-C83F-444C-9C72-A668EC54DE9C}C:\users\kristopher\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.21.01.exe |
"UDP Query User{2D71B312-08B7-4D41-97A6-8BBA8BB511F3}C:\users\kristopher\downloads\tinyumbrella-4.33.00.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.33.00.exe |
"UDP Query User{2DF210C1-5043-4B31-9E06-7D1F4A3DC84E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{4F0BCD97-E503-4381-AABF-4954F1AC3BF1}C:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"UDP Query User{5B468F06-386A-4DD3-B248-6C5DC0BDE9DD}C:\users\kristopher\downloads\umbrella-4.1.5.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.5.exe |
"UDP Query User{6793A6CF-27D4-4A29-9519-557E38AD75E9}C:\program files (x86)\corel\corelwindvd2010\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\corelwindvd2010\windvd.exe |
"UDP Query User{6FAAD0FA-811B-4151-AB82-DC677584BD8D}C:\users\kristopher\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.21.01.exe |
"UDP Query User{7E3E16A5-8B15-4DA0-81A9-C585967E9CFC}C:\users\kristopher\downloads\umbrella-4.1.4.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.4.exe |
"UDP Query User{83DC4397-70A3-45DF-9E13-8A075C314D94}C:\users\kristopher\downloads\umbrella-4.1.5.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.5.exe |
"UDP Query User{B14AF0A5-6464-490D-9564-B4B2807CF16C}C:\users\kristopher\downloads\tinyumbrella-4.33.02.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-4.33.02.exe |
"UDP Query User{C37A28E8-FC8E-4FE9-A9F7-D60A8323AFE8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{D1B1A594-4AE8-4642-9743-FE469F2CE058}C:\users\kristopher\downloads\tinyumbrella-5.00.06.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\tinyumbrella-5.00.06.exe |
"UDP Query User{DD837B1A-AF06-40DF-8D55-C7CB91464647}C:\users\kristopher\downloads\umbrella-4.1.4.exe" = protocol=17 | dir=in | app=c:\users\kristopher\downloads\umbrella-4.1.4.exe |
"UDP Query User{E410678C-2A68-4658-B1ED-6C1C22272EBB}C:\program files (x86)\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icall\icall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{42CC891B-454A-AB88-3E31-5703A4CAA5C5}" = ATI Catalyst Install Manager
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95D11240-5C27-4FEF-855E-57AF99C1A538}" = Motorola Driver Installation 4.2.0
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{DD6A6B0A-7F7D-7748-43B4-BF42CC779F0B}" = ccc-utility64
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4500
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16383452-0658-44A4-992E-23B44364370A}" = Shop Shield Internet Explorer Companion
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB50770-2731-4BE8-8BFF-6FEA45D3E30D}_is1" = GT Invoice Maker v3.02
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C939B88E-E23C-4952-B1CD-11638664CE12}" = MotoConnect
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD86D586-D504-4B44-BF7F-D5234117ABE8}" = File Secure Pro Viewer
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ATT" = AT&T U-verse Setup
"ATT-SST" = AT&T Service & Support Tool
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"Halo 2" = Halo 2 for Windows Vista
"HP Photo Creations" = HP Photo Creations
"iCall_is1" = iCall 7.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"ISPSimpleSwitch" = PeoplePC Simple Switch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NeuLion Adaptive Plugin" = NeuLion Adaptive Plugin
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PeoplePC Online" = PeoplePC Online
"PokerStars" = PokerStars
"TuneUpMedia" = TuneUp Companion 1.7.1
"Veetle TV" = Veetle TV 0.9.17
"Yahoo! Mail" = att.net Internet Mail

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/30/2011 5:52:50 PM | Computer Name = Kristopher-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 5:54:52 PM | Computer Name = Kristopher-PC | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.6001.7000, time stamp
0x47919df8, faulting module MF.dll, version 6.0.6001.18538, time stamp 0x4cb73957,
exception code 0xc0000135, fault offset 0x00000000000b1b48, process id 0xd38, application
start time 0x01cc974e8ce4c3a4.

Error - 10/30/2011 5:59:26 PM | Computer Name = Kristopher-PC | Source = LoadPerf | ID = 3012
Description =

Error - 10/30/2011 5:59:26 PM | Computer Name = Kristopher-PC | Source = LoadPerf | ID = 3011
Description =

Error - 10/30/2011 8:29:14 PM | Computer Name = Kristopher-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/30/2011 8:30:22 PM | Computer Name = Kristopher-PC | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.6001.7000, time stamp
0x47919df8, faulting module MF.dll, version 6.0.6001.18538, time stamp 0x4cb73957,
exception code 0xc0000135, fault offset 0x00000000000b1b48, process id 0x1278, application
start time 0x01cc9764462c1480.

Error - 10/30/2011 8:36:20 PM | Computer Name = Kristopher-PC | Source = LoadPerf | ID = 3012
Description =

Error - 10/30/2011 8:36:20 PM | Computer Name = Kristopher-PC | Source = LoadPerf | ID = 3011
Description =

Error - 10/31/2011 2:47:47 PM | Computer Name = Kristopher-PC | Source = LoadPerf | ID = 3012
Description =

Error - 10/31/2011 2:47:47 PM | Computer Name = Kristopher-PC | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 9/17/2010 9:22:40 PM | Computer Name = Kristopher-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/1/2011 12:06:48 AM | Computer Name = Kristopher-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/1/2011 12:13:05 AM | Computer Name = Kristopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/1/2011 12:13:05 AM | Computer Name = Kristopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/1/2011 12:16:24 AM | Computer Name = Kristopher-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/1/2011 1:07:16 AM | Computer Name = Kristopher-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/1/2011 1:08:26 AM | Computer Name = Kristopher-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/1/2011 1:13:34 AM | Computer Name = Kristopher-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/1/2011 1:19:13 AM | Computer Name = Kristopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/1/2011 1:19:14 AM | Computer Name = Kristopher-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/1/2011 1:19:49 AM | Computer Name = Kristopher-PC | Source = Service Control Manager | ID = 7030
Description =


< End of report >
 
Hey there. Sorry, i did not see that message! It looks as if my computer is doing fine at the moment. I have been using my old laptop in the mean time. I had read in the instructions that i was not too use the computer till the problem had been fixed just to make things easier so i have done this.

Anyways, i am still not able to access programs from the start bar but i am able to see all of my programs on my desk top now. And i was also able to unlock a iphone on my computer ealier this morning so that is a big plus!
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58081
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58081
FF - prefs.js..network.proxy.http_port: 55192
O15 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1174171077-2518886125-756595050-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
[2011/10/03 15:39:48 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\D444pmmG5sQJdE
[2011/10/03 15:39:44 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\jzzzPNNyxA1uS
[2011/10/03 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\dxxxAA1uvS2o
[2011/10/03 15:39:35 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\G22iF33naQ6K7
[2011/10/03 15:39:30 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\jnnGG5aaQH6WK
[2011/10/03 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\SpnnGG5aQH
[2011/10/03 15:39:21 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\iuccSS2ibD3pn
[2011/10/03 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\wCwwkkIVrlONx
[2011/10/03 15:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\Q777fEEL8gTZhY
[2011/10/03 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\pSS11ivvD3nF
[2011/10/03 15:39:04 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\EHHH5ssQJ7dE8gZ
[2011/10/03 15:29:55 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw
[2011/10/03 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\PBttzzPNycA
[2011/10/03 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\K11uuvDD2oF4p
[2011/10/03 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\yqqqjjUCekI
[2011/10/03 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\h666dWWK7fR9
[2011/10/03 15:29:33 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c
[2011/10/03 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\WqjjYYCwk
[2011/10/03 15:29:24 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ
[2011/10/03 15:29:19 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt
[2011/10/03 15:29:15 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R
[2011/10/03 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\dNNyycA11vD2
[2011/10/03 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v
[2011/10/03 15:29:02 | 000,000,000 | ---D | C] -- C:\Users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[2011/10/25 22:26:18 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/25 22:25:40 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/25 22:25:40 | 000,000,112 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/25 22:25:11 | 000,000,643 | ---- | C] () -- C:\Users\Kristopher\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 22:17:21 | 000,000,619 | ---- | C] () -- C:\Users\Kristopher\Desktop\System Restore.lnk
[2011/06/12 09:02:12 | 000,000,120 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\Jkuzamodet.dat
[2011/06/12 09:02:12 | 000,000,000 | ---- | C] () -- C:\Users\Kristopher\AppData\Local\Pzuyit.bin
[2011/10/26 18:00:16 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/03/30 09:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\Add-in Express Ltd
[2011/10/03 15:29:33 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c
[2011/10/03 15:29:24 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ
[2011/10/03 15:29:07 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v
[2011/10/03 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB
[2011/10/03 15:39:48 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\D444pmmG5sQJdE
[2010/06/14 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\DAEMON Tools
[2011/10/03 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\dNNyycA11vD2
[2011/10/03 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\dxxxAA1uvS2o
[2011/10/03 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\EHHH5ssQJ7dE8gZ
[2011/10/03 15:39:35 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\G22iF33naQ6K7
[2010/01/05 14:29:43 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\GetRightToGo
[2011/10/03 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\h666dWWK7fR9
[2011/10/03 15:39:21 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\iuccSS2ibD3pn
[2011/10/03 15:39:30 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\jnnGG5aaQH6WK
[2011/10/03 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\jzzzPNNyxA1uS
[2011/10/03 15:29:46 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\K11uuvDD2oF4p
[2011/10/03 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw
[2011/10/03 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R
[2011/10/03 15:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\PBttzzPNycA
[2010/11/12 08:48:49 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\PeoplePC Online
[2011/10/03 15:39:08 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\pSS11ivvD3nF
[2011/10/03 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\Q777fEEL8gTZhY
[2011/10/03 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\qwwjjUVVelBtzNy
[2011/09/07 11:28:34 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\redsn0w
[2010/12/02 19:51:35 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\SoftGrid Client
[2011/10/03 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\SpnnGG5aQH
[2011/10/29 10:52:32 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\TuneUpMedia
[2011/10/03 15:39:17 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\wCwwkkIVrlONx
[2011/10/03 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\wFF44pmmG5QJ6EK
[2011/10/03 15:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\WqjjYYCwk
[2011/10/03 15:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt
[2011/10/03 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\Kristopher\AppData\Roaming\yqqqjjUCekI
[2010/06/15 13:23:05 | 000,000,088 | RHS- | M] () -- C:\ProgramData\5F099734AD.sys
[2011/10/25 22:26:18 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
@Alternate Data Stream - 2560 bytes -> C:\ProgramData\CLDShowX.ini:Update.CL

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: 55192 removed from network.proxy.http_port
Registry key HKEY_USERS\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netzero.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1174171077-2518886125-756595050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netzero.net\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\D444pmmG5sQJdE\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\jzzzPNNyxA1uS\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\dxxxAA1uvS2o\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\G22iF33naQ6K7\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\jnnGG5aaQH6WK\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\SpnnGG5aQH\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\iuccSS2ibD3pn\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\wCwwkkIVrlONx\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\Q777fEEL8gTZhY\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\pSS11ivvD3nF\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\EHHH5ssQJ7dE8gZ\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\PBttzzPNycA\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\K11uuvDD2oF4p\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\yqqqjjUCekI\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\h666dWWK7fR9\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\WqjjYYCwk\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\dNNyycA11vD2\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB\ not found.
File/Folder C:\Windows\SysWow64\*.tmp not found.
File/Folder C:\Windows\Fonts\*.tmp not found.
File C:\ProgramData\6DSS92c31Apgjk not found.
File C:\ProgramData\~6DSS92c31Apgjk not found.
File C:\ProgramData\~6DSS92c31Apgjkr not found.
File C:\Users\Kristopher\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
File C:\Users\Kristopher\Desktop\System Restore.lnk not found.
File C:\Users\Kristopher\AppData\Local\Jkuzamodet.dat not found.
File C:\Users\Kristopher\AppData\Local\Pzuyit.bin not found.
File C:\ProgramData\1kAlMiG2Kb7FzP not found.
Folder C:\Users\Kristopher\AppData\Roaming\Add-in Express Ltd\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\akkkIVVrzONtA0c\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\BDD33onnG4aH6WJ\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\BellIIBrzPNyA1v\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\CZZ99hTTXwUCeIB\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\D444pmmG5sQJdE\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\DAEMON Tools\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\dNNyycA11vD2\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\dxxxAA1uvS2o\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\EHHH5ssQJ7dE8gZ\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\G22iF33naQ6K7\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\GetRightToGo\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\h666dWWK7fR9\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\iuccSS2ibD3pn\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\jnnGG5aaQH6WK\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\jzzzPNNyxA1uS\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\K11uuvDD2oF4p\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\LJ777dEK8gRZ9Yw\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\NHH55sWWJ7dL8R\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\PBttzzPNycA\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\PeoplePC Online\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\pSS11ivvD3nF\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\Q777fEEL8gTZhY\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\qwwjjUVVelBtzNy\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\redsn0w\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\SoftGrid Client\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\SpnnGG5aQH\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\TuneUpMedia\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\wCwwkkIVrlONx\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\wFF44pmmG5QJ6EK\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\WqjjYYCwk\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\xhhYYCwwkUrlOt\ not found.
Folder C:\Users\Kristopher\AppData\Roaming\yqqqjjUCekI\ not found.
File C:\ProgramData\5F099734AD.sys not found.
File C:\ProgramData\6DSS92c31Apgjk not found.
Unable to delete ADS C:\ProgramData\CLDShowX.ini:Update.CL .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristopher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 344198 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5811075 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 628 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1496918995 bytes

Total Files Cleaned = 1,433.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kristopher
->Flash cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11022011_231255

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU7G3OAM\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVPZSQUL\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHA1KHX9\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AYVGEGV\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Companion 1.7.1
Java(TM) 6 Update 29
Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
 
C:\Program Files (x86)\7D37E\lvvm.exe a variant of Win32/Kryptik.UMI trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\LP\04AC\93A8.tmp.vir a variant of Win32/Kryptik.UMI trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\1kAlMiG2Kb7FzP.exe.vir a variant of Win32/Kryptik.UMH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\saXsAQWSemKq.exe.vir a variant of Win32/Kryptik.UMH trojan cleaned by deleting - quarantined
C:\Users\Kristopher\AppData\Roaming\Microsoft\04AC\5CBF.tmp a variant of Win32/Kryptik.UMI trojan cleaned by deleting - quarantined
C:\Users\Kristopher\AppData\Roaming\Microsoft\04AC\7CC0.tmp a variant of Win32/Kryptik.UMI trojan cleaned by deleting - quarantined
C:\Users\Kristopher\Documents\CyberLink.PowerDVD.Ultra.3D.v10.0.1516.51.Multilingual.Incl.Keymaker-CORE\keygen.exe probably a variant of Win32/Spy.Goldun.LISDAOM trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\CF67D\8A804.exe a variant of Win32/Kryptik.UMI trojan cleaned by deleting - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kristopher
->Temp folder emptied: 235038 bytes
->Temporary Internet Files folder emptied: 69880 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37307223 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 809 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6738 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kristopher
->Flash cache emptied: 0 bytes

User: Mcx1

User: Mcx2

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11032011_091818

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU7G3OAM\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVPZSQUL\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CHA1KHX9\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AYVGEGV\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Hey there. I have a big problem now it looks as if :( After running this step

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.


On reboot, after i entered in my password to enter the computer, i received the welcome screen for an abnormally long time and then a error box pops up, "An unauthorized change was made to windows. Windows has discovered a changed that will result in limited Windows functionality. Use the link below to find out how to fix Windows.
Then i have "Learn more online" and "close" as options. When i choose close i will get signed out of my name, the only user on the computer, and i will be able to enter my password to sign back in again. When i choose the "learn more online" option i am directed to a "Windows validation in proces" This may take a few minutes, do not navigate away from this page.

I am not able to see a start bar or anything on the screen except for the browser bar that takes up about 3/4 of the screen . Everything was going so great before i chose the cleanup process. Thanks for your time.
 
You must log in or register to reply here.

Similar threads

J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
midian182
Massive data dump containing millions of passwords sparks security alert: Is your data...
Replies
8
Views
278
p51d007
p51d007
T
Solved Missing desktop icons and start menu.
Replies
4
Views
2K
Tobiasrieper
T

Latest posts

Back