Solved Infected with Nasty Java Bug!

G

gottarollwithit

Posts: 36   +0
I think I'm fighting a compound problem here. A couple days ago I got slammed with Security Shield 2012. I wriggled my way out of that with Malwarebytes installed via Chameleon.

Then, I was getting random audio advertisements and a sound clips playing all throughout the night. I tried killing it with Avast Free AV. After a boot time scan and a full system scan it seems to have gone away. The results state that it found: Threat: Java:CVE2012-0507-EI[Expl], Threat: JavaAgent-amx[Expl}, and a long list of other stuff starting with Threat Java...

I have absolutely no idea what I have. I enabled the "file shield" on Avast and it keeps alerting me of new viruses that it has blocked.
I have gone down the sticky'd list of 5 things to do before posting in the hopes that it would kill this thing. No dice and no idea how to interpret the logs that get put out.

Got any advice on how to kill whatever bug(s) I got?

Thanks!!!
 

Attachments

  • DDS.txt
    16 KB · Views: 1
  • mbam-log-2012-08-14 (17-40-34).txt
    1.8 KB · Views: 1
  • gmer - Copy.txt
    1.2 KB · Views: 1
Not sure if I'm supposed to attach these logs, or paste them directly into the thread. Beneath are the logs for viewing. (Sorry in advance if this isn't the way folks here want it)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-14 18:29:37
Windows 6.0.6001 Service Pack 1
Running: wozvzuoc.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1A 0x18 0x20 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1A 0x18 0x20 0x7D ...

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_31
Run by Ray at 18:33:22 on 2012-08-14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8182.5816 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\.\globalroot\systemroot\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [radem] rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset
uRun: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Ray\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0A83F878-A190-4BDC-92A1-5A809D002E86} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun-x64: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-3-20 88576]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-11-27 401920]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-13 44808]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-10 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-10 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 OV550I;OVT Scanner;C:\Windows\system32\Drivers\ov550ivx.sys --> C:\Windows\system32\Drivers\ov550ivx.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 scsiscan;SCSI Scanner Driver;C:\Windows\System32\drivers\scsiscan.sys [2009-11-25 10576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-2 93184]
.
=============== Created Last 30 ================
.
2012-08-13 07:08:10 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-13 07:08:08 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-13 07:07:11 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-13 07:06:33 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-13 07:06:33 -------- d-----w- C:\Program Files\AVAST Software
2012-08-13 04:46:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-10 19:36:30 4200024 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2012-08-10 19:35:18 -------- d-----w- C:\Program Files (x86)\Quicken
2012-08-10 08:59:39 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFB905EF-2447-40BC-8CE3-5DD9BCF4627E}\mpengine.dll
2012-08-02 21:01:07 -------- d--h--w- C:\Users\Ray\AppData\Roaming\CF5B8AE0
2012-07-25 18:27:50 -------- d-----w- C:\Users\Ray\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-08-12 21:35:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 21:35:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:34:08.15 ===============
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.01

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Ray :: RAY-PC [administrator]

8/14/2012 5:40:34 PM
mbam-log-2012-08-14 (17-40-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199132
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

I still need Attach.txt part of DDS.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/20/2009 1:16:52 PM
System Uptime: 8/13/2012 6:47:33 PM (28 hours ago)
.
Motherboard: Dell Inc. | | 0R849J
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 609.569 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.029 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 55.89 GiB free.
K: is Removable
L: is Removable
M: is Removable
N: is Removable
O: is Removable
P: is FIXED (NTFS) - 932 GiB total, 409.399 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Nikon SUPER COOLSCAN 9000 ED
Device ID: ROOT\IMAGE\0000
Manufacturer: DIY Software
Name: Nikon SUPER COOLSCAN 9000 ED
PNP Device ID: ROOT\IMAGE\0000
Service: scsiscan
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Nikon SUPER COOLSCAN 9000 ED
Device ID: ROOT\IMAGE\0001
Manufacturer: DIY Software
Name: Nikon SUPER COOLSCAN 9000 ED #3
PNP Device ID: ROOT\IMAGE\0001
Service: scsiscan
.
==== System Restore Points ===================
.
RP1576: 7/25/2012 8:33:48 PM - Scheduled Checkpoint
RP1577: 7/26/2012 12:00:11 AM - Windows Backup
RP1578: 7/27/2012 12:00:11 AM - Windows Backup
RP1579: 7/27/2012 2:06:56 AM - Windows Update
RP1580: 7/27/2012 6:02:57 PM - Scheduled Checkpoint
RP1581: 7/28/2012 12:00:10 AM - Windows Backup
RP1582: 7/29/2012 12:00:11 AM - Windows Backup
RP1583: 7/30/2012 12:00:11 AM - Windows Backup
RP1584: 7/31/2012 12:00:09 AM - Windows Backup
RP1585: 7/31/2012 2:20:52 AM - Windows Update
RP1586: 8/1/2012 12:00:12 AM - Windows Backup
RP1587: 8/2/2012 12:00:10 AM - Windows Backup
RP1588: 8/3/2012 12:00:10 AM - Windows Backup
RP1589: 8/3/2012 1:37:11 AM - Windows Update
RP1590: 8/3/2012 1:58:16 PM - Scheduled Checkpoint
RP1591: 8/4/2012 1:05:30 AM - Windows Backup
RP1592: 8/4/2012 1:30:35 AM - 8/4/12 restore point
RP1593: 8/4/2012 2:00:03 AM - Device Driver Package Install: HP Printers
RP1594: 8/4/2012 2:01:48 AM - Device Driver Package Install: HP Printers
RP1595: 8/5/2012 12:00:14 AM - Windows Backup
RP1596: 8/6/2012 12:00:11 AM - Windows Backup
RP1597: 8/7/2012 12:00:09 AM - Windows Backup
RP1598: 8/7/2012 1:57:53 AM - Windows Update
RP1599: 8/8/2012 12:00:11 AM - Windows Backup
RP1600: 8/9/2012 12:00:10 AM - Windows Backup
RP1601: 8/10/2012 12:00:10 AM - Windows Backup
RP1602: 8/10/2012 1:58:00 AM - Windows Update
RP1603: 8/11/2012 12:00:11 AM - Windows Backup
RP1604: 8/11/2012 2:27:53 PM - Installed StreetSmart Edge
RP1605: 8/12/2012 12:00:10 AM - Windows Backup
RP1606: 8/13/2012 12:00:07 AM - Windows Backup
RP1607: 8/13/2012 12:05:48 AM - avast! Free Antivirus Setup
RP1608: 8/14/2012 4:50:11 PM - Windows Backup
.
==== Installed Programs ======================
.
.
ABBYY FineReader 5.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.3)
Amazon Games & Software Downloader
AnyDVD
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
avast! Free Antivirus
BadCopy Pro
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Pro9500 Mark II series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CloneDVD2
Compatibility Pack for the 2007 Office system
CyberView CS - ImageBox 1.2a (Build 20090921)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Getting Started Guide
EPSON Perf 4870 Reference Guide
EPSON Scan
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet P1000 series
HP Photosmart Essential
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPSSupply
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 31
LaserJet 1020 series
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
Nikon Scan
OVTScanner_X64
PhotoshopdotcomInspirationBrowser
Picasa 3
PIXresizer 2.0.4
Quicken 2007
Quicken 2012
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Seagate DiscWizard
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skins
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
StreetSmart Edge
StreetSmart Pro
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB MassStorage CardReader
VueScan
.
==== Event Viewer Messages From Past Week ========
.
8/13/2012 12:11:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
8/13/2012 12:11:18 AM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2012 2:52:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/12/2012 2:52:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/12/2012 2:52:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================
 
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ray [Admin rights]
Mode: Scan -- Date: 08/14/2012 22:05:19

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : radem (rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2500361401-2329092988-2998417166-1000[...]\Run : radem (rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\ray\appdata\local\{671474f1-fa80-57d5-7acd-d325b83af53a}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\ray\appdata\local\{671474f1-fa80-57d5-7acd-d325b83af53a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\ray\appdata\local\{671474f1-fa80-57d5-7acd-d325b83af53a}\L --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000340AS ATA Device +++++
--- User ---
[MBR] 008df27dff082dfd03d5d08ee7856032
[BSP] 70162c37983db158c142ea96ca50514d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000333AS ATA Device +++++
--- User ---
[MBR] 913073e647d240f23a9dde3b046a872b
[BSP] 9ea3752a40f5fa59374b5db9bcd27f00 : MBR Code unknown
Partition table:
1 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD10EAVS-00D7B1 ATA Device +++++
--- User ---
[MBR] 0d8bb3b04d56bb31dc0b0ab6c23805a4
[BSP] c4086c680478a26fef701459a93cc49b : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: TEAC USB HS-CF Card USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: TEAC USB HS-xD/SM USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Well, problems are getting worse.
So, I scanned with Rogue Killer and posted the results. Then, I downloaded the aswMBR.exe and scanned with it. On the first scan, I left it to scan and when I came back it was as if the computer had crashed. Didn't get a log or anything off of the first scan, so I scanned again. After the second scan, I got the following logs. As I was opening Firefox to post them up, it Blue Screened and memory dumped on me!!! Any idea what caused this???

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 00:08:07
-----------------------------
00:08:07.596 OS Version: Windows x64 6.0.6001 Service Pack 1
00:08:07.596 Number of processors: 8 586 0x1A04
00:08:07.596 ComputerName: RAY-PC UserName: Ray
00:08:10.778 Initialize success
00:08:10.903 AVAST engine defs: 12081401
00:08:13.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:08:13.976 Disk 0 Vendor: ST31000340AS DE13 Size: 953869MB BusType: 3
00:08:13.976 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
00:08:13.976 Disk 1 Vendor: ST31000333AS CC3H Size: 953869MB BusType: 3
00:08:13.992 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4
00:08:13.992 Disk 2 Vendor: WDC_WD10EAVS-00D7B1 01.01A01 Size: 953869MB BusType: 3
00:08:14.023 Disk 0 MBR read successfully
00:08:14.023 Disk 0 MBR scan
00:08:14.023 Disk 0 Windows VISTA default MBR code
00:08:14.039 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
00:08:14.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
00:08:14.054 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938445 MB offset 31586304
00:08:14.101 Disk 0 scanning C:\Windows\system32\drivers
00:08:22.775 Service scanning
00:08:33.227 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:08:35.988 Modules scanning
00:08:35.988 Disk 0 trace - called modules:
00:08:36.019 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys AnyDVD.sys >>UNKNOWN [0xfffffa80071342b0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:08:36.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800819a060]
00:08:36.035 3 CLASSPNP.SYS[fffffa600134bb3a] -> nt!IofCallDriver -> [0xfffffa8007f3e520]
00:08:36.035 5 acpi.sys[fffffa6000b70ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007f3a520]
00:08:36.050 \Driver\atapi[0xfffffa8007f2ae70] -> IRP_MJ_CREATE -> 0xfffffa80071342b0
00:08:37.797 AVAST engine scan C:\Windows
00:08:43.897 AVAST engine scan C:\Windows\system32
00:11:22.176 AVAST engine scan C:\Windows\system32\drivers
00:11:38.260 AVAST engine scan C:\Users\Ray
00:43:03.219 Disk 0 MBR has been saved successfully to "C:\Users\Ray\Desktop\logs\MBR.dat"
00:43:03.235 The log file has been saved successfully to "C:\Users\Ray\Desktop\logs\aswMBR.txt"
 
You're infected with ZeroAccess rootkit.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

Please post BOTH logs, rKill.txt and Combofix.txt.
 
Well, this isn't quite going as planned. I ran Combofix, but it never generated any log or results. I ran it, left, then came back to a normal looking screen with the Combofix window closed. I looked in the C drive where the results are supposed to be and there's nothing. I did this a couple times so....

Then, I followed your Rkill instructions. Downloaded Rkill and redownloaded Combofix. Booted to safe mode, ran Rkill, then Combofix. It gets about 1/2 way through and basically stops. The clock is still moving, so I guess it was still working. But... I left b/c it was taking a long time and I came back to a computer that had restarted on it's own. I brought everything back to safe mode and Combofix now seems to be crashed in the background. (pane on the bottom that I can't restore) Any idea what to do???

And... Combofix seems to make a file directly on the C drive. It's not a log or txt file. It has a buncha random letters/numbers and when I double click it, it leads to showing me all of my drives.
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Well, that worked out as planned.
Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 15-08-2012 17:11:56
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6931488 2008-12-21] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [136472 2008-06-24] (Seagate)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon [722256 2008-12-11] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1325848 2008-06-24] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [904768 2008-06-24] (Acronis)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
HKU\Ray\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Ray\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6241952 2012-07-30] (SlySoft, Inc.)
HKU\Ray\...\Run: [radem] rundll32.exe "C:\Users\Ray\AppData\Local\Temp\radem.dll",EnumCustomFunctionSettingReset [246272 2012-03-31] (C-Media Electronics Inc.)
HKU\Ray\...\Run: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12288 2012-04-19] (Charles Schwab & Co., Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0
relog_ap
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Ray\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 LPDSVC; C:\Windows\System32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)
2 SgtSch2Svc; "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" [605464 2008-06-24] (Seagate)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

========================== Drivers (Whitelisted) =============

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-05-01] (SlySoft, Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [44272 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
3 NAL; \??\C:\Windows\system32\Drivers\iqvw64e.sys [33888 2008-05-23] (Intel Corporation )
3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
3 scsiscan; C:\Windows\System32\Drivers\scsiscan.sys [17920 2008-01-20] (Microsoft Corporation)
3 scsiscan; C:\Windows\SysWow64\Drivers\scsiscan.sys [10576 1999-09-25] (Microsoft Corporation)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2009-04-08] (Acronis)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2009-04-15] (Duplex Secure Ltd.)
0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2009-04-08] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2009-04-08] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2009-04-08] (Acronis)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============


2012-08-15 17:11 - 2012-08-15 17:11 - 00000000 ____D C:\FRST
2012-08-15 15:00 - 2012-08-15 15:00 - 00000000 ____D C:\Windows\pss
2012-08-15 14:47 - 2012-08-15 14:47 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill.exe
2012-08-15 13:28 - 2012-08-15 15:54 - 00000000 ____D C:\Qoobox
2012-08-15 13:27 - 2012-08-15 13:30 - 00000000 ____D C:\Windows\erdnt
2012-08-14 23:46 - 2012-08-14 23:46 - 00270408 ____A C:\Windows\Minidump\Mini081512-01.dmp
2012-08-14 21:30 - 2012-08-14 21:30 - 00270408 ____A C:\Windows\Minidump\Mini081412-01.dmp
2012-08-14 21:28 - 2012-08-14 23:46 - 1195333827 ____A C:\Windows\MEMORY.DMP
2012-08-14 21:08 - 2012-08-14 21:09 - 04731392 ____A (AVAST Software) C:\Users\Ray\Desktop\aswMBR.exe
2012-08-14 21:03 - 2012-08-14 21:05 - 00000000 ____D C:\Users\Ray\Desktop\RK_Quarantine
2012-08-14 21:01 - 2012-08-14 21:01 - 01558528 ____A C:\Users\Ray\Desktop\RogueKiller.exe
2012-08-14 17:31 - 2012-08-14 17:31 - 00607260 ____R (Swearware) C:\Users\Ray\Downloads\dds.com
2012-08-14 17:30 - 2011-12-02 16:06 - 00000902 ____A C:\Users\Ray\Desktop\Mozilla Firefox.lnk
2012-08-14 16:24 - 2012-08-14 16:25 - 00302592 ____A C:\Users\Ray\Downloads\wozvzuoc.exe
2012-08-12 23:09 - 2012-08-14 15:46 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-12 23:08 - 2012-08-12 23:08 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-12 23:08 - 2012-08-12 23:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-12 23:08 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-12 23:08 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-12 23:08 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-12 23:08 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-12 23:08 - 2012-07-03 08:21 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-08-12 23:08 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-12 23:07 - 2012-08-12 23:08 - 00356656 ____A C:\Users\Ray\AppData\Local\dd_vcredistMSI5361.txt
2012-08-12 23:07 - 2012-08-12 23:08 - 00012598 ____A C:\Users\Ray\AppData\Local\dd_vcredistUI5361.txt
2012-08-12 23:07 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-12 23:07 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-12 23:06 - 2012-08-12 23:06 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-12 23:06 - 2012-08-12 23:06 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-12 23:00 - 2012-08-12 23:02 - 89340632 ____A C:\Users\Ray\Downloads\avast_free_antivirus_setup.exe
2012-08-12 20:46 - 2012-08-12 20:46 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-12 20:46 - 2012-08-12 20:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-12 20:44 - 2012-08-12 20:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ray\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-11 13:27 - 2012-08-11 13:27 - 20324112 ____A (Acresso Software Inc. ) C:\Users\Ray\Downloads\streetsmartedge(1).exe
2012-08-10 11:36 - 2012-08-10 11:36 - 00001635 ____A C:\Users\Public\Desktop\Quicken.lnk
2012-08-10 11:36 - 2011-09-16 18:51 - 04200024 ____A (Amyuni Technologies
2012-08-10 11:35 - 2012-08-10 11:54 - 00000000 ____D C:\Program Files (x86)\Quicken
2012-08-04 00:59 - 2012-08-04 01:04 - 00014353 ____A C:\P1005.log
2012-08-04 00:59 - 2012-08-04 00:59 - 03715152 ____A C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
2012-08-04 00:25 - 2012-08-04 00:36 - 00000000 ____D C:\Users\Ray\Desktop\New Folder
2012-08-03 12:19 - 2012-08-03 14:30 - 00000024 ____A C:\Windows\B186097B1EA1EAEC.log
2012-08-02 13:01 - 2012-08-12 13:49 - 00000000 ___HD C:\Users\Ray\AppData\Roaming\CF5B8AE0
2012-07-31 07:00 - 2012-07-31 07:00 - 09949624 ____A C:\Users\Ray\Downloads\SetupAnyDVD7060.exe
2012-07-25 10:27 - 2012-07-25 10:27 - 00000000 ____D C:\Users\Ray\AppData\Local\Macromedia
2012-07-21 08:36 - 2012-07-21 08:36 - 00000305 ____A C:\Users\Ray\Desktop\Desktop - Shortcut.lnk

============ 3 Months Modified Files ========================

2012-08-15 16:06 - 2009-03-20 12:15 - 01786881 ____A C:\Windows\WindowsUpdate.log
2012-08-15 16:06 - 2006-11-02 07:42 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-15 16:06 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-15 16:06 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 16:06 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 16:05 - 2006-11-02 04:46 - 00716688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 15:59 - 2010-08-10 10:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-15 15:34 - 2009-04-08 18:46 - 00001460 ____A C:\Users\Ray\AppData\Local\d3d9caps64.dat
2012-08-15 15:03 - 2009-04-02 12:24 - 00211968 ____A C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-15 14:47 - 2012-08-15 14:47 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Ray\Desktop\rkill.exe
2012-08-15 14:45 - 2010-08-10 10:51 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-14 23:46 - 2012-08-14 23:46 - 00270408 ____A C:\Windows\Minidump\Mini081512-01.dmp
2012-08-14 23:46 - 2012-08-14 21:28 - 1195333827 ____A C:\Windows\MEMORY.DMP
2012-08-14 21:30 - 2012-08-14 21:30 - 00270408 ____A C:\Windows\Minidump\Mini081412-01.dmp
2012-08-14 21:09 - 2012-08-14 21:08 - 04731392 ____A (AVAST Software) C:\Users\Ray\Desktop\aswMBR.exe
2012-08-14 21:01 - 2012-08-14 21:01 - 01558528 ____A C:\Users\Ray\Desktop\RogueKiller.exe
2012-08-14 17:31 - 2012-08-14 17:31 - 00607260 ____R (Swearware) C:\Users\Ray\Downloads\dds.com
2012-08-14 16:25 - 2012-08-14 16:24 - 00302592 ____A C:\Users\Ray\Downloads\wozvzuoc.exe
2012-08-14 15:53 - 2010-12-10 12:18 - 00065024 ____A C:\Users\Ray\Desktop\Stock.xls
2012-08-14 15:46 - 2012-08-12 23:09 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-14 15:40 - 2009-04-02 16:57 - 00000414 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
2012-08-13 15:43 - 2008-01-20 19:26 - 00064426 ____A C:\Windows\PFRO.log
2012-08-12 23:08 - 2012-08-12 23:08 - 00001787 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-12 23:08 - 2012-08-12 23:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-12 23:08 - 2012-08-12 23:07 - 00356656 ____A C:\Users\Ray\AppData\Local\dd_vcredistMSI5361.txt
2012-08-12 23:08 - 2012-08-12 23:07 - 00012598 ____A C:\Users\Ray\AppData\Local\dd_vcredistUI5361.txt
2012-08-12 23:02 - 2012-08-12 23:00 - 89340632 ____A C:\Users\Ray\Downloads\avast_free_antivirus_setup.exe
2012-08-12 20:46 - 2012-08-12 20:46 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-12 20:44 - 2012-08-12 20:44 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Ray\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-12 13:35 - 2012-03-29 08:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-12 13:35 - 2012-03-29 08:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-12 07:47 - 2011-08-12 09:35 - 00012288 ____A C:\Users\Ray\Desktop\Honolulu Must Tries.wps
2012-08-12 07:47 - 2009-07-29 13:02 - 00003290 ____A C:\Users\Ray\AppData\Roaming\wklnhst.dat
2012-08-12 01:05 - 2009-11-10 11:57 - 00000468 ____A C:\Windows\Tasks\Driver Robot.job
2012-08-11 13:28 - 2011-03-01 16:34 - 00001003 ____A C:\Users\Public\Desktop\StreetSmart Edge.lnk
2012-08-11 13:27 - 2012-08-11 13:27 - 20324112 ____A (Acresso Software Inc. ) C:\Users\Ray\Downloads\streetsmartedge(1).exe
2012-08-10 11:36 - 2012-08-10 11:36 - 00001635 ____A C:\Users\Public\Desktop\Quicken.lnk
2012-08-10 11:35 - 2009-04-02 13:56 - 00000126 ____A C:\Windows\QUICKEN.INI
2012-08-09 07:33 - 2010-12-17 08:45 - 02673664 ____A C:\Users\Ray\Desktop\Restaurants to try.wps
2012-08-07 19:27 - 2011-05-19 16:14 - 00000680 ____A C:\Users\Ray\AppData\Local\d3d9caps.dat
2012-08-04 01:04 - 2012-08-04 00:59 - 00014353 ____A C:\P1005.log
2012-08-04 00:59 - 2012-08-04 00:59 - 03715152 ____A C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
2012-08-03 14:30 - 2012-08-03 12:19 - 00000024 ____A C:\Windows\B186097B1EA1EAEC.log
2012-08-03 12:26 - 2009-04-08 10:20 - 00000125 ___SH C:\Users\All Users\.zreglib
2012-08-01 07:02 - 2012-07-11 13:56 - 00002142 ____A C:\Windows\setupact.log
2012-07-31 07:00 - 2012-07-31 07:00 - 09949624 ____A C:\Users\Ray\Downloads\SetupAnyDVD7060.exe
2012-07-31 07:00 - 2009-05-14 07:25 - 00000938 ____A C:\Users\Public\Desktop\AnyDVD.lnk
2012-07-31 06:57 - 2010-11-03 07:56 - 00038400 ____A C:\Users\Ray\Desktop\Cell Phone Numbers.xls
2012-07-21 08:36 - 2012-07-21 08:36 - 00000305 ____A C:\Users\Ray\Desktop\Desktop - Shortcut.lnk
2012-07-13 06:14 - 2012-07-13 06:13 - 09830264 ____A C:\Users\Ray\Downloads\SetupAnyDVD7050.exe
2012-07-11 13:56 - 2012-07-11 13:56 - 00000000 ____A C:\Windows\setuperr.log
2012-07-11 02:02 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 12:46 - 2011-12-11 23:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-08-12 23:08 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-08-12 23:08 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-08-12 23:08 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-08-12 23:08 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-08-12 23:08 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 08:21 - 2012-08-12 23:08 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-08-12 23:07 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2012-08-12 23:07 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-02 10:22 - 2012-07-02 10:13 - 1050389616 ____A (Microsoft Corporation) C:\Users\Ray\Downloads\X17-75238.exe
2012-06-27 02:35 - 2006-11-02 07:21 - 00397144 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-27 02:12 - 2006-11-02 04:34 - 00000266 ____A C:\Windows\win.ini
2012-06-26 12:27 - 2009-04-02 11:01 - 00107776 ____A C:\Users\Ray\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-17 08:08 - 2009-04-15 21:12 - 00002631 ____A C:\Users\Ray\Desktop\Microsoft Office Excel 2003.lnk
2012-06-15 08:33 - 2010-03-10 08:19 - 00000829 ____A C:\Users\Public\Desktop\StreetSmart Pro.lnk
2012-06-11 06:54 - 2012-04-17 16:42 - 00009216 ____A C:\Users\Ray\Desktop\Carlos Worklist 4-18-12.wps
2012-05-31 11:25 - 2011-06-23 01:12 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 19:50 - 2012-05-29 19:50 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-29 12:41 - 2012-05-29 12:41 - 39483256 ____A (Apple Inc.) C:\Users\Ray\Downloads\QuickTimeInstaller.exe


ZeroAccess:
C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}
C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\L
C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U

ZeroAccess:
C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}
C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\@
C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\L
C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 8182.26 MB
Available physical RAM: 7531.93 MB
Total Pagefile: 7928.15 MB
Available Pagefile: 7493.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:916.45 GB) (Free:607.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (External Hardrive) (Fixed) (Total:931.51 GB) (Free:408.39 GB) NTFS
3 Drive e: (Internal Back Up Hard Drive) (Fixed) (Total:931.5 GB) (Free:55.89 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:1.89 GB) (Free:1.88 GB) FAT
14 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:1.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 932 GB 0 B
Disk 1 Online 932 GB 6144 KB
Disk 2 Online 932 GB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 1937 MB 0 B
Disk 8 No Media 0 B 0 B
Disk 9 No Media 0 B 0 B
Disk 10 No Media 0 B 0 B
Disk 11 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 63 MB 32 KB
Partition 2 Primary 15 GB 63 MB
Partition 3 Primary 916 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 14 FAT Partition 63 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 932 GB 8033 KB
Partition 1 Logical 932 GB 8064 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Internal Ba NTFS Partition 932 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 932 GB 32 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 D External Ha NTFS Partition 932 GB Healthy

==================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1933 MB 4032 KB

==================================================================================

Disk: 7
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 11 F KINGSTON FAT Removable 1933 MB Healthy

==================================================================================

Last Boot: 2012-08-15 16:05

======================= End Of Log ==========================
 
Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-15 17:28:41
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
C:\Windows\SysWOW64\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\System32\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) BA539D2CE99C05A180EC518EA2040D6A
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-17 16:39] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-09-17 16:39] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
====== End Of Search ======
 
No idea if you want this or if it helps, but as requested before, here's my Rkill results log. Since I couldn't get Combofix to spit out a log, I have none to offer.

Thanks!!

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/15/2012 04:03:16 PM in x64 mode.
Windows Version: Windows Vista

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/15/2012 04:03:40 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally and see if Combofix will run.
 

Attachments

  • fixlist.txt
    667 bytes · Views: 3
Well, I screwed up a little bit. I ran FRST64 and hit Fix without the fixlist on the thumbdrive. Hopefully that ain't a prob. To try to fix this, I put fixlist on the drive and then ran the Fix button again.
Here's the lastest fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 2012-08-15 18:17:35 Run:2
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Ray\Software\Microsoft\Windows\CurrentVersion\Run\\radem Value not found.
C:\Users\Ray\AppData\Local\Temp\radem.dll not found.
C:\Users\Ray\AppData\Roaming\CF5B8AE0 not found.
C:\Windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a} not found.
C:\Users\Ray\AppData\Local\{671474f1-fa80-57d5-7acd-d325b83af53a} not found.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
Well, I got Combofix to at least work past the first screen with the status bar. It no longer gets hung up there and mysteriously closes and does nothing afterwards. I had to uninstall Avast b/c even after disabling it, Combofix kept whining about it. At this point, Combofix is now "Attempting to create a new system restore point" in an MS DOS kinda window.
 
Alright, finally got Combofix to spit out a log. So, what exactly did Combofix do for me?



ComboFix 12-08-15.01 - Ray 08/15/2012 18:39:18.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8182.6615 [GMT -7:00]
Running from: c:\users\Ray\Desktop\yourname1.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 72 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\B186097B1EA1EAEC.log
c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\@
c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U\00000001.@
c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U\80000000.@
c:\windows\Installer\{671474f1-fa80-57d5-7acd-d325b83af53a}\U\800000cb.@
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 01:45 . 2012-08-16 02:07 -------- d-----w- c:\users\Ray\AppData\Local\temp
2012-08-16 01:45 . 2012-08-16 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 01:11 . 2012-08-16 01:11 -------- d-----w- C:\FRST
2012-08-13 07:08 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 07:06 . 2012-08-16 01:31 -------- d-----w- c:\programdata\AVAST Software
2012-08-13 07:06 . 2012-08-13 07:06 -------- d-----w- c:\program files\AVAST Software
2012-08-13 04:46 . 2012-08-13 04:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-10 19:36 . 2011-09-17 02:51 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-08-10 19:35 . 2012-08-10 19:54 -------- d-----w- c:\program files (x86)\Quicken
2012-08-10 08:59 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFB905EF-2447-40BC-8CE3-5DD9BCF4627E}\mpengine.dll
2012-07-25 18:27 . 2012-07-25 18:27 -------- d-----w- c:\users\Ray\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 21:35 . 2012-03-29 16:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 21:35 . 2012-03-29 16:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 10:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 20:46 . 2011-12-12 07:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 19:25 . 2011-06-23 09:12 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-07-30 6241952]
"QuickLaunch"="c:\program files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-04-19 12288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2008-12-22 88576]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-10 18:50]
.
2012-08-16 c:\windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-22 6931488]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-08-15 19:09:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 02:09
.
Pre-Run: 798,767,673,344 bytes free
Post-Run: 799,367,323,648 bytes free
.
- - End Of File - - 5B3C8716D9BED91C1748BBA0A2928A14
 
Looks good :)

Any current issues?

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.01

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Ray :: RAY-PC [administrator]

8/15/2012 7:59:44 PM
mbam-log-2012-08-15 (19-59-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200726
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
OTL logfile created on: 8/15/2012 8:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Ray\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.36% Memory free
16.03 Gb Paging File | 14.51 Gb Available in Paging File | 90.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.45 Gb Total Space | 741.62 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 1.16 Gb Free Space | 7.74% Space Free | Partition Type: NTFS
Drive J: | 931.50 Gb Total Space | 55.89 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
Drive P: | 931.51 Gb Total Space | 409.36 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 20:00:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
PRC - [2012/07/30 09:14:34 | 006,241,952 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2008/09/23 19:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2009/10/23 13:31:44 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
MOD - [2008/06/24 18:35:34 | 001,328,408 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/22 00:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/10/17 03:24:26 | 000,905,216 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/09/23 19:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 19:52:05 | 000,041,984 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/18 14:20:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/07/27 13:35:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/24 19:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/04/15 21:56:54 | 000,867,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/04/08 15:22:41 | 000,711,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/04/08 15:22:41 | 000,081,952 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/04/08 15:22:36 | 000,235,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2009/04/08 15:22:33 | 000,593,952 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2008/12/22 00:37:14 | 000,185,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/10/17 03:24:30 | 004,709,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/10/17 03:24:30 | 004,709,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/09/28 05:46:48 | 000,316,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2008/09/28 01:22:14 | 000,402,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/23 13:54:38 | 000,033,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/02/21 17:10:36 | 000,196,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ov550ivx.sys -- (OV550I)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\scsiscan.sys -- (scsiscan)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 00:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2012/05/01 16:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [1999/09/25 03:36:06 | 000,010,576 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\scsiscan.sys -- (scsiscan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes,DefaultScope = {D73444F7-AA4A-4CC0-9D84-5697B491014F}
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..\SearchScopes\{D73444F7-AA4A-4CC0-9D84-5697B491014F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 14:20:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/20 10:52:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CC088F17-7B66-11E1-826D-B8AC6F996F26}: C:\Users\Ray\AppData\Local\{CC088F17-7B66-11E1-826D-B8AC6F996F26}\ [2012/03/31 12:22:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 14:20:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/20 10:52:09 | 000,000,000 | ---D | M]

[2009/04/02 12:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\Mozilla\Extensions
[2012/05/26 16:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\extensions
[2012/05/26 16:38:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/27 14:43:54 | 000,002,254 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\2ohc8t1n.default\searchplugins\askcom.xml
[2012/04/25 16:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/31 12:22:00 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\RAY\APPDATA\LOCAL\{CC088F17-7B66-11E1-826D-B8AC6F996F26}
[2012/07/18 14:20:16 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/03 09:34:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/07 21:00:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/07 21:00:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/08/15 19:06:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000..\Run: [QuickLaunch] C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe (Charles Schwab & Co., Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O15 - HKU\S-1-5-21-2500361401-2329092988-2998417166-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A83F878-A190-4BDC-92A1-5A809D002E86}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ray\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ray\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 20:00:22 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
[2012/08/15 19:10:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/15 19:10:01 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\temp
[2012/08/15 18:23:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/15 18:23:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/15 18:23:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/15 18:22:07 | 004,731,145 | R--- | C] (Swearware) -- C:\Users\Ray\Desktop\yourname1.exe
[2012/08/15 18:11:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/15 16:00:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/15 15:47:39 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ray\Desktop\rkill.exe
[2012/08/15 14:28:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 14:27:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/14 22:08:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ray\Desktop\aswMBR.exe
[2012/08/14 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\RK_Quarantine
[2012/08/14 17:41:11 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\logs
[2012/08/13 00:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/13 00:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/13 00:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/12 21:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/10 12:36:30 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2012/08/10 12:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012
[2012/08/10 12:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2012/08/04 01:25:33 | 000,000,000 | ---D | C] -- C:\Users\Ray\Desktop\New Folder
[2012/07/25 11:27:50 | 000,000,000 | ---D | C] -- C:\Users\Ray\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012/08/15 20:00:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ray\Desktop\OTL.exe
[2012/08/15 19:45:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 19:06:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/15 19:06:53 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 18:53:36 | 000,716,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 18:53:36 | 000,613,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 18:53:36 | 000,107,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 18:47:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 18:47:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 18:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 18:22:22 | 004,731,145 | R--- | M] (Swearware) -- C:\Users\Ray\Desktop\yourname1.exe
[2012/08/15 17:41:07 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job
[2012/08/15 16:34:20 | 000,001,460 | ---- | M] () -- C:\Users\Ray\AppData\Local\d3d9caps64.dat
[2012/08/15 16:03:23 | 000,211,968 | ---- | M] () -- C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 15:47:41 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ray\Desktop\rkill.exe
[2012/08/15 00:46:01 | 1195,333,827 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/14 22:09:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ray\Desktop\aswMBR.exe
[2012/08/14 22:01:42 | 001,558,528 | ---- | M] () -- C:\Users\Ray\Desktop\RogueKiller.exe
[2012/08/14 16:46:21 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/13 00:15:10 | 000,002,011 | ---- | M] () -- C:\Users\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/13 00:08:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/12 21:46:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 08:47:34 | 000,012,288 | ---- | M] () -- C:\Users\Ray\Desktop\Honolulu Must Tries.wps
[2012/08/12 08:47:34 | 000,003,290 | ---- | M] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat
[2012/08/11 14:28:29 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\StreetSmart Edge.lnk
[2012/08/10 12:36:17 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\Quicken.lnk
[2012/08/10 12:35:51 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/08/09 08:33:25 | 002,673,664 | ---- | M] () -- C:\Users\Ray\Desktop\Restaurants to try.wps
[2012/08/07 20:27:00 | 000,000,680 | ---- | M] () -- C:\Users\Ray\AppData\Local\d3d9caps.dat
[2012/08/04 21:57:38 | 002,843,878 | ---- | M] () -- C:\Users\Ray\Desktop\005.JPG
[2012/08/04 01:59:56 | 003,715,152 | ---- | M] () -- C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
[2012/08/03 13:26:16 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/07/31 08:00:59 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2012/07/21 09:36:39 | 000,000,305 | ---- | M] () -- C:\Users\Ray\Desktop\Desktop - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/08/15 18:23:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/15 18:23:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/15 18:23:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/15 18:23:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/15 18:23:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 22:28:39 | 1195,333,827 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/14 22:01:42 | 001,558,528 | ---- | C] () -- C:\Users\Ray\Desktop\RogueKiller.exe
[2012/08/14 18:30:37 | 000,000,902 | ---- | C] () -- C:\Users\Ray\Desktop\Mozilla Firefox.lnk
[2012/08/13 00:09:10 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/13 00:09:10 | 000,002,011 | ---- | C] () -- C:\Users\Ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/13 00:08:07 | 000,285,328 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2012/08/13 00:08:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/12 21:46:48 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/10 12:36:17 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\Quicken.lnk
[2012/08/08 16:59:44 | 002,843,878 | ---- | C] () -- C:\Users\Ray\Desktop\005.JPG
[2012/08/04 01:59:38 | 003,715,152 | ---- | C] () -- C:\Users\Ray\Desktop\HP LaserJet P1006 driver release Nov 2010.exe
[2012/07/21 09:36:39 | 000,000,305 | ---- | C] () -- C:\Users\Ray\Desktop\Desktop - Shortcut.lnk
[2012/07/21 08:19:00 | 000,760,417 | ---- | C] () -- C:\Users\Ray\Documents\living room (3).JPG
[2011/12/14 09:08:19 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/10 14:34:03 | 000,010,210 | -HS- | C] () -- C:\Users\Ray\AppData\Local\w7qt08g3tq7oll
[2011/12/10 14:34:03 | 000,010,210 | -HS- | C] () -- C:\ProgramData\w7qt08g3tq7oll
[2011/06/21 09:31:02 | 000,733,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/19 17:14:18 | 000,000,680 | ---- | C] () -- C:\Users\Ray\AppData\Local\d3d9caps.dat
[2009/07/29 14:02:43 | 000,003,290 | ---- | C] () -- C:\Users\Ray\AppData\Roaming\wklnhst.dat
[2009/04/08 19:46:55 | 000,001,460 | ---- | C] () -- C:\Users\Ray\AppData\Local\d3d9caps64.dat
[2009/04/08 11:20:21 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/04/02 13:24:35 | 000,211,968 | ---- | C] () -- C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/11/10 12:57:18 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Blitware
[2010/12/15 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Bluefive software
[2011/10/03 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Canon
[2012/08/10 21:10:29 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Charles Schwab
[2009/12/08 18:47:47 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\EPSON
[2009/06/09 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Image Zone Express
[2009/08/04 10:19:01 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Leadertech
[2009/11/27 15:52:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Nikon
[2009/11/25 16:36:23 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\PIE
[2009/04/12 09:33:51 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Printer Info Cache
[2009/07/29 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\Ray\AppData\Roaming\Template
[2012/08/15 18:46:05 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/15 17:41:07 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6D4BB973-456D-45C1-B884-0447E4E94AA2}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 565 bytes -> C:\Users\Ray\Documents\Correction of address.eml:OECustomProperty

< End of report >
 
So, how does everything look??

It seems that my random audio has gone away. As I took off Avast, I can't really tell if there are any viruses attacking me...
 
Sorry, missed one! Gah, these logs all look the same! See anything of note?

OTL Extras logfile created on: 8/15/2012 8:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Ray\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 79.36% Memory free
16.03 Gb Paging File | 14.51 Gb Available in Paging File | 90.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.45 Gb Total Space | 741.62 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 1.16 Gb Free Space | 7.74% Space Free | Partition Type: NTFS
Drive J: | 931.50 Gb Total Space | 55.89 Gb Free Space | 6.00% Space Free | Partition Type: NTFS
Drive P: | 931.51 Gb Total Space | 409.36 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: RAY-PC | User Name: Ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2500361401-2329092988-2998417166-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9500_II_series" = Canon Pro9500 II series Printer Driver
"{893D9341-6AEA-8463-83E1-70D004A56AD3}" = ccc-utility64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 13.1.33.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0764694E-4C2E-1A05-B6A2-3C0B4F061AB5}" = CCC Help Hungarian
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0C2D2976-6F6B-EB9A-57CB-0F479510E29D}" = Catalyst Control Center Localization Portuguese
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1833C9AB-38B3-2B52-6A66-46B366327FE8}" = Catalyst Control Center Localization French
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AF983E8-983E-AEAD-BB41-D7CAED800C03}" = CCC Help Chinese Traditional
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{319397B7-88C3-FF5E-788E-6EC3D9C7F10F}" = Catalyst Control Center Localization Chinese Standard
"{33303B83-3081-5C68-EBD9-9140DD374B5A}" = Catalyst Control Center Core Implementation
"{364F416C-CA2E-20FA-193C-267192F339A7}" = CCC Help Japanese
"{4250568D-A456-7DF3-4832-21CC15E7D0B1}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F668F8E-56FC-6DFF-4F2F-603542D7413B}" = Catalyst Control Center Graphics Full Existing
"{5070E761-C5ED-A868-CE4E-B3C7B4674E06}" = Catalyst Control Center Localization Hungarian
"{5646676A-5A97-4B66-BE71-1B1770AD982B}" = StreetSmart Edge
"{59B8EE7B-A449-A1F5-45A2-6F58C305925E}" = Catalyst Control Center Graphics Light
"{5AED8F22-D3F2-C924-4F2A-1D6C80162C78}" = CCC Help Italian
"{63A7AA0B-6EDC-40F0-B14E-5289599EE2A3}" = Catalyst Control Center - Branding
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69A01F5F-EF07-C3C6-3B94-E895E931FCF1}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7CF115FC-BA7C-E81A-631A-B9545D446AF0}" = Catalyst Control Center Graphics Previews Common
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80250615-2FF1-0AAE-9C71-375BA6E5CF7E}" = ccc-core-static
"{80F0EB59-D25F-2A39-92E9-B1D593255E64}" = Skins
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B5A3788-7DE7-668B-437A-2EDF278F8324}" = CCC Help English
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9AE79FD8-90DD-AA27-06FA-0DF8A0FFCE88}" = CCC Help French
"{9B947CCE-D5B2-1AE4-D3EE-B073D5D5D4D7}" = Catalyst Control Center Graphics Previews Vista
"{A2233F8C-B7AC-0E77-0DF3-57678388A816}" = Catalyst Control Center Localization Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_X64
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E24CA6-5254-7E2D-F1FC-B01881AD4556}" = Catalyst Control Center Localization Italian
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C4A40111-4DD6-C90E-27E7-CA8F3E647DF0}" = CCC Help Chinese Standard
"{C61798EC-C148-DCAF-0BBB-983E3F2A358A}" = CCC Help German
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{D0B7DE9F-D63D-57DD-1872-3F0207A437AC}" = CCC Help Turkish
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DDEE3690-E766-135E-39F9-1069E44364FF}" = Catalyst Control Center Localization Turkish
"{DE6D0FDB-3B65-48B9-6F71-A61D5A7B576F}" = CCC Help Portuguese
"{E14D7E83-C764-F6D9-FA7E-DA50596C8B02}" = Catalyst Control Center Localization Spanish
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E74B759B-1291-4CBA-962D-E1D86BCCAFE9}" = CyberView CS - ImageBox 1.2a (Build 20090921)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F39A1538-F97D-702B-AD48-F8FD2A01D0B2}" = Catalyst Control Center Localization Korean
"{F569D2CB-5BB9-B8A1-9B1D-AA813D974372}" = CCC Help Spanish
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB997B37-623B-E151-6AC5-5EEA34FE4178}" = Catalyst Control Center Localization Chinese Traditional
"{FCDDA9CC-10DC-F720-53DE-D23A96EA8792}" = Catalyst Control Center Localization German
"040a_5005" = USB MassStorage CardReader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"AnyDVD" = AnyDVD
"BadCopy Pro" = BadCopy Pro
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon Pro9500 Mark II series User Registration" = Canon Pro9500 Mark II series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP-LaserJet 1020 series" = LaserJet 1020 series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PIXresizer_is1" = PIXresizer 2.0.4
"Silent Package Run-Time Sample" = EPSON Perf 4870 Reference Guide
"TurboTax 2011" = TurboTax 2011
"VueScan" = VueScan

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2012 10:06:01 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/17/2012 10:46:05 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/17/2012 11:06:01 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/17/2012 11:46:05 PM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 12:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 12:46:05 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 1:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 1:46:05 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 2:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 2:46:05 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/18/2012 3:06:01 AM | Computer Name = Ray-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 10/7/2009 4:35:32 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/10/2009 3:32:23 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/4/2009 4:41:36 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/13/2012 4:21:24 AM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/13/2012 6:14:19 AM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/13/2012 8:21:23 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/14/2012 7:49:36 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/14/2012 10:07:03 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/15/2012 4:08:17 AM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/15/2012 4:31:41 PM | Computer Name = Ray-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/15/2012 9:20:24 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/15/2012 9:31:31 PM | Computer Name = Ray-PC | Source = HTTP | ID = 15016
Description =

Error - 8/15/2012 9:32:55 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/15/2012 9:34:34 PM | Computer Name = Ray-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume D: were aborted because of a failed free
space computation.

Error - 8/15/2012 9:35:08 PM | Computer Name = Ray-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

Error - 8/15/2012 9:42:03 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2012 9:45:24 PM | Computer Name = Ray-PC | Source = Application Popup | ID = 1060
Description = \??\C:\yourname1\catchme.sys has been blocked from loading due to
incompatibility with this system. Please contact your software vendor for a compatible
version of the driver.

Error - 8/15/2012 9:46:00 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 8/15/2012 9:47:19 PM | Computer Name = Ray-PC | Source = HTTP | ID = 15016
Description =

Error - 8/15/2012 9:48:39 PM | Computer Name = Ray-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Is Hello Games finally calling No Man's Sky "complete" with the Omega update?
Replies
12
Views
665
erickmendes
erickmendes
Cal Jeffrey
Capcom's latest Resident Evil 4 Remake ad perfectly sums up my experience with the demo...
Replies
6
Views
785
Nobina
Nobina
Daniel Sims
Ratchet & Clank: Rift Apart leads the 25th DICE Awards with nine nominations
Replies
0
Views
681
Daniel Sims
Daniel Sims

Latest posts

Back