Solved "System Check" malware - infected. Recovered... but I'm still crippled!

mark118 · Jan 14, 2012

Logs

Hey Broni,

Everything seems to be back to normal. All program folders are back, so far no redirect in IE. I'm glad I came across this forum.... I was concidering formatting and starting over.

Here are the logs as requested (split into 2 replies), let me know what I have to do next.

OTL logfile created on: 1/14/2012 8:16:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 69.78% Memory free
16.06 Gb Paging File | 13.77 Gb Available in Paging File | 85.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 156.30 Gb Free Space | 33.56% Space Free | Partition Type: NTFS

Computer Name: THEGUNSHOW | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/14 08:13:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/24 07:33:04 | 002,351,191 | ---- | M] (SlimDevices - A Logitech Company) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
PRC - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () -- C:\Program Files (x86)\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2008/07/23 20:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2007/04/23 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/13 22:56:46 | 000,024,698 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\23fe5d76b9491fa255db2281ac7687d5\Service.dll
MOD - [2012/01/13 22:56:45 | 000,073,825 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\b7b4505cb0a127c242f14d779e410e03\POSIX.dll
MOD - [2012/01/13 22:56:44 | 000,090,222 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll
MOD - [2012/01/13 22:56:44 | 000,024,673 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\20252d6e001ae3774b425e81ba09b666\Fcntl.dll
MOD - [2012/01/13 22:56:42 | 000,041,064 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\f48694173221cfa9bad4275e2389b498\Win32.dll
MOD - [2012/01/13 22:56:42 | 000,020,587 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\6a834a555edd63cb8706466e7c1666f2\Hostname.dll
MOD - [2012/01/13 22:56:41 | 000,086,141 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll
MOD - [2012/01/13 22:56:41 | 000,020,573 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\7020d50af327e3fc94b98242c307fc81\Cwd.dll
MOD - [2012/01/13 22:56:40 | 000,163,971 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll
MOD - [2012/01/13 22:56:37 | 000,024,671 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll
MOD - [2012/01/13 22:56:36 | 000,032,872 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\855297e7b4b860331fdbdd53426f5e15\Dumper.dll
MOD - [2012/01/13 22:56:36 | 000,028,794 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\2076671ee5d0a5323570c92c74abac6f\Process.dll
MOD - [2012/01/13 22:56:35 | 000,036,963 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\86351894c58e4804ca004825fea78bbb\Encode.dll
MOD - [2012/01/13 22:56:33 | 000,028,771 | R--- | M] () -- C:\Users\Mark\AppData\Local\Temp\pdk-Mark-3560\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/23 20:04:20 | 005,625,344 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2008/04/15 13:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2007/04/23 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2006/01/10 03:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 19:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\pngio.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/28 08:27:32 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/30 16:53:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/24 07:32:32 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2010/09/02 04:46:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/02 04:46:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/07/26 12:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/28 08:27:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/03 12:01:08 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/23 08:57:04 | 000,280,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/02/23 08:57:01 | 000,505,176 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/02/23 08:55:53 | 000,053,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/02/23 08:55:13 | 000,031,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/02/23 08:55:05 | 000,064,344 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/23 08:54:58 | 000,022,360 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/12/03 04:05:34 | 000,069,152 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/12/02 22:30:36 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/09/07 22:11:58 | 001,018,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2008/08/06 03:26:08 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/04/11 15:35:30 | 000,056,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 15:35:22 | 000,053,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/04/11 15:34:58 | 000,035,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2006/11/01 18:23:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

O1 HOSTS File: ([2012/01/13 16:23:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([player] http in Trusted sites)
O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22470FE-C567-4958-9D55-53AFAD0C300A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Mark\Media\Pictures\Wallpapers\new\fresh_lime-1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/11 21:00:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 08:13:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/01/13 17:55:32 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/13 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\Media
[2012/01/13 16:23:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/13 16:21:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
[2012/01/13 15:03:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/13 15:03:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/13 15:03:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/13 15:03:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 15:02:31 | 004,382,027 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/01/13 15:01:54 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\virus fix files
[2012/01/12 09:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/12 09:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/11 20:59:31 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/11 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/26 08:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/26 08:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/26 08:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/26 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/26 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/26 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 08:16:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BCD208F4-7D0F-4A27-9114-A79A3EC47B7A}.job
[2012/01/14 08:13:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/01/14 06:55:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 06:55:54 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 19:03:50 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/13 19:03:49 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/13 19:03:49 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/13 18:55:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/13 16:23:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/13 15:02:36 | 004,382,027 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/01/13 12:32:44 | 590,350,989 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/12 13:23:45 | 000,000,212 | ---- | M] () -- C:\Users\Mark\Desktop\system check malware-virus - Malwarebytes removed it, but Im still crippled... can you help - Malwarebytes Forum.url
[2012/01/12 12:26:10 | 000,000,132 | ---- | M] () -- C:\Users\Mark\Desktop\System Check Malware partially removed, not completely gone - TechSpot OpenBoards.url
[2012/01/12 12:19:56 | 000,000,329 | ---- | M] () -- C:\Users\Mark\Desktop\AVG Forums - System Check Virus - Need Help.url
[2012/01/12 12:13:19 | 000,000,214 | ---- | M] () -- C:\Users\Mark\Desktop\program files emptied. NEED HELP PLEASE..url
[2012/01/11 21:00:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/01/11 16:55:26 | 000,000,629 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/26 11:47:33 | 000,000,219 | ---- | M] () -- C:\Users\Mark\Desktop\Portal.url
[2011/12/26 11:47:33 | 000,000,219 | ---- | M] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode Two.url
[2011/12/26 11:47:33 | 000,000,219 | ---- | M] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode One.url
[2011/12/26 08:37:17 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/17 08:21:37 | 000,000,206 | ---- | M] () -- C:\Users\Mark\Desktop\YouTube - nick jr intro.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 15:10:06 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/01/13 15:10:06 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012/01/13 15:10:06 | 000,000,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Squeezebox Server Tray Tool.lnk
[2012/01/13 15:10:00 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 6.0.lnk
[2012/01/13 15:10:00 | 000,002,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2012/01/13 15:10:00 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/13 15:10:00 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/13 15:10:00 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/13 15:10:00 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/01/13 15:10:00 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2012/01/13 15:10:00 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/13 15:10:00 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/13 15:10:00 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/13 15:10:00 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/13 15:10:00 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/13 15:10:00 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/13 15:10:00 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/13 15:10:00 | 000,001,335 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012/01/13 15:10:00 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2012/01/13 15:10:00 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012/01/13 15:10:00 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012/01/13 15:10:00 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk
[2012/01/13 15:10:00 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012/01/13 15:10:00 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk
[2012/01/13 15:10:00 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012/01/13 15:10:00 | 000,000,968 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/13 15:10:00 | 000,000,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/01/13 15:10:00 | 000,000,780 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora.lnk
[2012/01/13 15:10:00 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/01/13 15:10:00 | 000,000,240 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/13 15:09:59 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/13 15:09:59 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2008.lnk
[2012/01/13 15:09:59 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/13 15:09:59 | 000,000,973 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/13 15:09:59 | 000,000,968 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/13 15:09:59 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/13 15:09:59 | 000,000,258 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/13 15:03:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/13 15:03:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/13 15:03:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/13 15:03:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/13 15:03:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/12 13:01:12 | 000,000,212 | ---- | C] () -- C:\Users\Mark\Desktop\system check malware-virus - Malwarebytes removed it, but Im still crippled... can you help - Malwarebytes Forum.url
[2012/01/12 12:26:10 | 000,000,132 | ---- | C] () -- C:\Users\Mark\Desktop\System Check Malware partially removed, not completely gone - TechSpot OpenBoards.url
[2012/01/12 09:53:19 | 000,000,214 | ---- | C] () -- C:\Users\Mark\Desktop\program files emptied. NEED HELP PLEASE..url
[2012/01/11 22:01:03 | 000,000,329 | ---- | C] () -- C:\Users\Mark\Desktop\AVG Forums - System Check Virus - Need Help.url
[2012/01/11 21:00:13 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/01/11 16:55:26 | 000,000,629 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/26 11:47:33 | 000,000,219 | ---- | C] () -- C:\Users\Mark\Desktop\Portal.url
[2011/12/26 11:47:33 | 000,000,219 | ---- | C] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode Two.url
[2011/12/26 11:47:33 | 000,000,219 | ---- | C] () -- C:\Users\Mark\Desktop\Half-Life 2 Episode One.url
[2010/02/06 15:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll
[2009/08/22 16:19:11 | 000,005,610 | ---- | C] () -- C:\Windows\unpsd.ini
[2009/06/02 16:53:52 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/05/03 12:52:52 | 000,074,737 | ---- | C] () -- C:\Program Files (x86)\Uninstal.exe
[2009/03/29 15:27:12 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/05 10:20:40 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/03/05 10:20:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/03/04 21:34:47 | 000,024,465 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/03/04 21:33:47 | 000,024,006 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/03/04 19:45:31 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/03/04 19:45:31 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/03/04 19:45:27 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/03/04 19:45:27 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/03/02 21:19:25 | 000,019,968 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/02 20:42:14 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2009/03/02 20:38:16 | 000,001,460 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps64.dat
[2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/06/11 12:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/06/11 12:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/06/11 12:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/06/11 12:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/06/05 11:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 02:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/04/09 15:47:32 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Autodesk
[2012/01/06 08:05:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BitTorrent
[2010/09/17 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/02/07 09:38:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DNA
[2010/10/07 11:56:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LaunchPad
[2010/02/06 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\nCleaner
[2011/12/04 09:20:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Spotify
[2010/10/09 13:20:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TechWizard
[2012/01/13 18:54:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/14 08:16:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BCD208F4-7D0F-4A27-9114-A79A3EC47B7A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/02/18 17:25:40 | 000,028,830 | ---- | M] () -- C:\aaw7boot.log
[2012/01/11 21:00:13 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/03/03 09:19:52 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/09/17 14:52:36 | 000,000,131 | ---- | M] () -- C:\DeletePrintJobs.cmd
[2012/01/13 18:38:15 | 001,859,091 | ---- | M] () -- C:\DeQuarantine.txt
[2007/05/02 04:53:35 | 000,355,416 | ---- | M] (Hewlett-Packard) -- C:\hpzids40.dll
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/01/13 18:55:45 | 312,602,622 | -HS- | M] () -- C:\pagefile.sys
[2009/03/04 19:48:17 | 000,000,046 | ---- | M] () -- C:\splash.idx
[2008/09/22 18:54:48 | 000,005,632 | ---- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2006/11/02 10:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 09:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2004/12/01 11:30:31 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\motd.txt
[2004/12/01 11:24:42 | 000,000,955 | ---- | M] () -- C:\Program Files (x86)\readme.txt
[2009/05/03 12:52:52 | 000,074,737 | ---- | M] () -- C:\Program Files (x86)\Uninstal.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/13 15:02:36 | 004,382,027 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/01/14 08:13:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/03/04 20:09:52 | 000,721,912 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Mark\gotomypc_428.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/02 20:38:28 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/13 15:58:38 | 000,002,889 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/10/06 15:52:53 | 000,000,008 | -H-- | M] ()(C:\S??l????.txt) -- C:\Şოϊłοժоռ.txt
[2011/10/06 15:52:51 | 000,000,008 | -H-- | C] ()(C:\S??l????.txt) -- C:\Şოϊłοժоռ.txt

< End of report >

mark118 · Jan 14, 2012

extras

OTL Extras logfile created on: 1/14/2012 8:16:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 69.78% Memory free
16.06 Gb Paging File | 13.77 Gb Available in Paging File | 85.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 156.30 Gb Free Space | 33.56% Space Free | Partition Type: NTFS

Computer Name: THEGUNSHOW | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Classes\<extension>]
.scr [@ = AutoCADScriptFile] -- C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Mark\BitTorrent\bittorrent.exe" = C:\Users\Mark\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Users\Mark\BitTorrent\bittorrent.exe" = C:\Users\Mark\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EB798A-F799-4032-9058-01FBAF621237}" = lport=137 | protocol=17 | dir=in | app=system |
"{1464AFC2-4977-4F62-A3F3-4EA52ED736E4}" = lport=138 | protocol=17 | dir=in | app=system |
"{29211770-D225-46D8-A204-2A0FCEE1B482}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3F87FF1C-0BD5-4D53-B0D1-0465CCE77E25}" = rport=445 | protocol=6 | dir=out | app=system |
"{439BB7B4-CE61-4D9F-AF6C-B1AD4146A80F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5150B380-D604-42DA-BE4C-D63E7613F472}" = rport=138 | protocol=17 | dir=out | app=system |
"{850E8AB6-1957-4EA8-90F4-3BBCB5BDCD98}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE6F3F0-3BB5-4554-BAE8-F32CCB91A87F}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4DBA163-240E-4562-9796-AEF53E3CD943}" = lport=139 | protocol=6 | dir=in | app=system |
"{BF3563EA-E25C-4CED-853F-24050F3B70E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5A63AF8-741E-40D7-88A7-AA802E88E975}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F740F000-F64F-488D-BB6A-07A2C2E605F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011B025D-5F19-490E-81ED-0A95C38B25D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{017162BB-4899-4EE4-A286-FB5412CAB176}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{02207E64-E373-40F1-98DE-FC26544565DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{03763B90-34BE-4E8A-8FE5-F8763BF52BE9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{06A1CE33-B2CE-4377-802C-681704B7DF1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B70425F-6D23-4CD7-BBBB-1461B5B63C99}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F9ADA8D-1AC3-41A3-AD95-593D37110D3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{10221D5D-C5E9-4A56-AD43-E94419BC0E57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11B19A1E-D310-480D-A431-B5A163C76B58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1247C7C6-6EAA-42A6-9476-91E96B757775}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{180F40E6-B26D-41A1-AB97-C2C273947C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{19507FA4-8486-4D22-BC2F-B32B9E88B5C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C5EFEA9-0BD2-447B-ACEF-946CA9ED3E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2DE4D49B-83A4-4F9A-83F3-F34E6072F563}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3151F735-6596-44EB-BD40-0A1E519A70DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{500BFE5F-42CF-4F73-A824-9017851194DF}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{503A8E75-E0C7-4C97-866C-7303E732DBB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{524B1457-2CE2-437B-AFA9-890306A63B23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{56EA1E61-65FC-4DA0-BFEC-F4E90D06407C}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{56FE03FE-F6BC-49B2-8C05-16655BAF3FAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{580E1DF3-AF13-4B6C-A8FD-E2DFA08B6C45}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5A4C30BD-AEA7-4E62-9035-52C1CD474F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{63065ED5-0AFF-40DA-BEAC-8C4C37C052DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{650C34E9-973C-41C3-BB4B-D438D066AFF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6567B540-69A5-4A6B-B097-900920FB0DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{65DCE4BC-2702-430F-9875-27DE07F47480}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6945E4F5-572C-4DC2-B358-83A4A9880395}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\fear perseus mandate\fearxp2.exe |
"{6A33E333-BBCA-4A26-AE01-7E487D2FBFEE}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{6A59BC20-221D-4830-A87A-A8487D49276A}" = protocol=17 | dir=in | app=c:\users\mark\bittorrent\bittorrent.exe |
"{71E9B24D-841B-47ED-BF3F-567F9A2C6884}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{7C924257-F067-4271-B6BA-F79AA5255103}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8511AD74-5A47-49B0-A4AA-8B6CB4E68B21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B5F92F1-57E2-4BC4-9E2D-4EB9002EE6F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8EC83BDD-092B-44B4-9B26-2EE1AB69B490}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{8EE5071F-FC66-4CCD-8EFA-940E61B1926B}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{8FB036CE-2EC6-4F8E-A3C1-8690F12B640E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{90506CB4-93D4-4513-9D34-E043D79DF11F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{96CF31B6-709C-4DFC-9A84-2EDD957CCB64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97E3FB79-5FBA-4414-989E-6E1865E2C77B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{9E02DE32-912B-44A0-ABDE-97F9FE672D33}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{9E1E78D5-1351-4692-9FF3-1A01297C8637}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A0A77E83-2BDB-486A-891F-E388239AA5EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{A4E90255-7A96-4FC3-A67A-8E4C0DEB16BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AFC623D5-19E1-4A6D-8E82-AD471E0CAB07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B11B9DB8-4524-4A4F-9716-78BF9D7A1027}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{B68B5F7A-B71E-47DD-A3B0-56FD994542F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B93144DF-B85C-4C50-AE0B-F79DEC6E6594}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B938D9C9-3A6B-4958-892D-48450ABCD035}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{BB78357B-2695-4BDA-AF98-59A879552DB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C375BDCB-3BC5-4555-8B07-723814D699F9}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{C4365814-BD06-4790-B68A-983085BA9963}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C5E5652D-B1A1-4938-88BE-C2F689B5097B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CA3F772D-D0B7-4601-8A83-C881B96C5781}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2194848-8190-4F42-9B59-2F1628B18ACC}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{D5EBEDAA-3CE7-44DD-88EE-6772350CE896}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D8ECC807-FF32-4FF3-8F35-F660EB15A0CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{DD27CAAF-E16C-4F6F-AAA0-21EAC8FCC1E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEEB62F8-6DB3-4F89-B731-9DF5A40A7ED7}" = protocol=6 | dir=in | app=c:\users\mark\bittorrent\bittorrent.exe |
"{DF8A28F6-C752-4D8E-8B69-F0D40C2097BA}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{E07C6232-140E-405F-A012-0B58BE498EF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E9623858-715B-4A8C-89C6-76E848697C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{E99E1EF3-D921-4B77-8D9C-E931EBA3D7F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFB0C883-7D7F-433B-A584-3D39D864154C}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\fear perseus mandate\fearxp2.exe |
"{F61D9218-54E8-4AD4-BCC9-0FE4F18287F6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F676FDF5-ECD3-465F-96D0-A812F3A9923D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC118827-BA1E-4F19-9E30-692E24E71FCF}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{812F5B09-D0BA-4036-A63E-69238EF22ECA}" = Microsoft Corporation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}" = HP Officejet 6500 E710n-z Basic Device Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6916E491-8BBF-4E8A-AFAD-D01307C059E5}" = Vz In Home Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}" = Verizon Download Manager
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"avast" = avast! Free Antivirus
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Half-Life 2 Deathmatch Create Server Mod" = Half-Life 2 Deathmatch Create Server Mod
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"*******_3D_screensaver1" = *******_3D_screensaver1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"nCleaner" = nCleaner second 2.3.4.0
"OpenAL" = OpenAL
"PrintScreenDeluxe" = Print Screen Deluxe
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"Squeezebox Server_is1" = Squeezebox Server 7.5.3
"Steam App 13210" = Unreal Tournament 3: Black Edition
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2010 5:19:52 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 5:22:15 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 5:22:15 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 5:22:16 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 5:22:16 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 5:32:01 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 5:32:01 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 8:33:11 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 8:33:11 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 7/30/2010 8:33:23 AM | Computer Name = TheGunShow | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

[ Media Center Events ]
Error - 2/22/2010 6:35:37 PM | Computer Name = TheGunShow | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/2/2010 1:31:36 PM | Computer Name = TheGunShow | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/13/2012 4:59:56 PM | Computer Name = TheGunShow | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 10/29/2011 6:04:08 AM | Computer Name = TheGunShow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 721751
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/13/2012 6:50:32 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7000
Description =

Error - 1/13/2012 6:50:32 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7026
Description =

Error - 1/13/2012 6:55:26 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7034
Description =

Error - 1/13/2012 6:55:26 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7034
Description =

Error - 1/13/2012 6:55:26 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7034
Description =

Error - 1/13/2012 7:55:59 PM | Computer Name = TheGunShow | Source = HTTP | ID = 15016
Description =

Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7009
Description =

Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7000
Description =

Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7000
Description =

Error - 1/13/2012 7:57:36 PM | Computer Name = TheGunShow | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Broni · Jan 14, 2012

Good news

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([player] http in Trusted sites)
O15 - HKU\S-1-5-21-3867335980-3509603360-33153671-1000\..Trusted Domains: xmradio.com ([www] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

mark118 · Jan 14, 2012

excellent, thank you.

Here is the OTL fix log

I will new permorm the other tasks and post log when done.

mark118 · Jan 14, 2012

Here are the last 2 logs... ESET found no problems.. so no log to report.

Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
nCleaner second 2.3.4.0
Java(TM) 6 Update 30
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````

Farbar Service Scanner
Ran by Mark (administrator) on 14-01-2012 at 13:25:39
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\SysWOW64\dhcpcsvc.dll
[2008-01-20 21:48] - [2008-01-20 21:48] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\System32\drivers\afd.sys
[2011-06-16 03:35] - [2011-04-21 08:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A

C:\Windows\System32\drivers\tdx.sys
[2008-01-20 21:49] - [2008-01-20 21:49] - 0094208 ____A (Microsoft Corporation) 8C39C72E0E853DE04748C0337D9B9216

C:\Windows\System32\Drivers\tcpip.sys
[2010-08-11 21:09] - [2010-06-16 11:40] - 1420176 ____A (Microsoft Corporation) 7D86275FB640011B372FD566C0EAFA8D

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 14:45] - [2011-03-02 10:10] - 0117760 ____A (Microsoft Corporation) DAF05293C1264E251D3A25E7E24B2DDF

C:\Windows\System32\mpssvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA

C:\Windows\System32\bfe.dll
[2008-01-20 21:50] - [2008-01-20 21:50] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2008-01-20 21:50] - [2008-01-20 21:50] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629

C:\Windows\System32\wscsvc.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8

C:\Windows\System32\wbem\WMIsvc.dll
[2008-01-20 21:50] - [2008-01-20 21:50] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C

C:\Windows\System32\wuaueng.dll
[2009-10-01 22:52] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2008-01-20 21:50] - [2008-01-20 21:50] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58

C:\Windows\System32\es.dll
[2009-03-04 22:18] - [2008-04-17 23:42] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66

C:\Windows\System32\cryptsvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-16 20:00] - [2009-03-02 23:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

**** End of log ****

Broni · Jan 14, 2012

I don't see any log from OTL fix.

mark118 · Jan 14, 2012

wrong log......

Broni · Jan 14, 2012

That's incorrect.
You clicked on "Scan" button instead of "Fix" button.
Redo.

mark118 · Jan 14, 2012

that was the wrong log sorry. Here is the correct one.

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xmradio.com\player\ not found.
Registry key HKEY_USERS\S-1-5-21-3867335980-3509603360-33153671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xmradio.com\www\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 1804841 bytes
->Temporary Internet Files folder emptied: 16510062 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7024 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Mark
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01142012_154159

Files\Folders moved on Reboot...
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1B47.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1B4F.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1BC7.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1BCF.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1C19.tmp not found!
File\Folder C:\Users\Mark\AppData\Local\Temp\~DF1C29.tmp not found!
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B43BEAAD-8C61-459D-BF20-5008B44B0012}.tmp moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\getAds[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\getForecast[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\grab[1].cur moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\like[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\map_iframe[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWIICLXA\showthread[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\like[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\map_iframe[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\qseg[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\site=cnn&cnn_pagetype=mmst&cnn_position=300x150_rgt&cnn_rollup=world&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\Type=click&FlightID=412577&AdID=599682&TargetID=112280&Values=1588&Redirect=;ord=tayKnq,bhrdyjNcnARab[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBXEBROW\xd_proxy[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPSTEXET\12[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPSTEXET\ping[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\ai[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\def[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\facebook_com[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\getForecast[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\index[1].html moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\MoreStoriesPagelet[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\pass[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\site=cnn&cnn_pagetype=mmst&cnn_position=336x850_rgt&cnn_rollup=world&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ8KML79\site=cnn&cnn_pagetype=mmst&cnn_position=607x95_adlinks&cnn_rollup=world&page.allowcompete=yes&params.styles=fs&Params.User[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2I7FQ7E\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZEVYKBA\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IYFP1WC\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QRCKICF\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Broni · Jan 14, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

mark118 · Jan 15, 2012

Ok, here is the last log... I will run throught the other tasks later today...

Broni · Jan 15, 2012

I see no log.....

Broni · Jan 21, 2012

The issue seems to be resolved.

Solved "System Check" malware - infected. Recovered... but I'm still crippled!

mark118

Posts: 21 +0

mark118

Posts: 21 +0

Broni

Posts: 56,041 +516

mark118

Posts: 21 +0

mark118

Posts: 21 +0

Broni

Posts: 56,041 +516

mark118

Posts: 21 +0

Broni

Posts: 56,041 +516

mark118

Posts: 21 +0

Broni

Posts: 56,041 +516

mark118

Posts: 21 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts