Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Spyware/Malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 pyrolimeade

pyrolimeade

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 December 2009 - 01:48 PM

Was browsing the internet when a Windows notification appeared stating something about "system32/net.net", then an AVG alert window loaded that said that a spyware threat was detected. About a minute later, an all blue window loaded called "Windows Security Update". I closed that window and a few minutes later it reloaded. I closed it again and it has not appeared since. While using the RootRepeat file as stated in the posting directions, Windows crashed and I got a version of the BSOD. I went to bed and successfully rebooted the computer this morning. Now AVG has detected Trojans titled Generic15.CKLU, Generic15.CKVR, and Vundo.IE. At this moment, two Windows services have shut down.


DDS Log


DDS (Ver_09-12-01.01) - NTFSx86
Run by Christian at 10:35:02.84 on Fri 12/11/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1796 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Icecast2 Win32\icecastService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIADA.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\hp\kbd\kbd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Christian\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: MRI_DISABLED - No File
BHO: NCO 2.0 IE BHO - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [EPSON Stylus CX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /fu "c:\windows\temp\E_S846B.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\christ~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://labs.jaduka.com/VaxSIPUserAgentCAB.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\christ~1\appdata\roaming\mozilla\firefox\profiles\3jjtnphm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\3jjtnphm.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npUMediaPlayer5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\christian\appdata\roaming\mozilla\firefox\profiles\3jjtnphm.default\extensions\justintvpublisher@justin.tv\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-12 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-12 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-27 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-28 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-12 297752]
R2 Icecast;Icecast Media Server;c:\program files\icecast2 win32\icecastService.exe [2009-2-18 393216]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-29 24652]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-9-7 21920]
S3 BroadWaveService;BroadWave;c:\program files\nch swift sound\broadwave\broadwave.exe [2009-5-21 499716]

=============== Created Last 30 ================

2009-12-11 09:13:06 0 d-----w- c:\program files\TrendMicro
2009-12-09 20:19:14 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 20:16:49 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 20:16:49 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 20:16:49 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 20:14:49 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-09 20:14:49 244224 ----a-w- c:\windows\system32\rastls.dll
2009-11-25 17:14:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 20:39:27 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 20:39:27 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 20:38:10 714240 ----a-w- c:\windows\system32\timedate.cpl

==================== Find3M ====================

2009-12-10 23:33:37 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-10 23:33:28 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-05 08:54:45 2678 ----a-w- c:\users\christ~1\appdata\roaming\wklnhst.dat
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-05 10:00:25 51200 ----a-w- c:\windows\inf\infpub.dat
2009-07-05 10:00:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-07-05 10:00:20 86016 ----a-w- c:\windows\inf\infstor.dat
2008-07-13 22:54:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-11 00:41:33 61 --sh--w- c:\windows\cnerolf.bin
2008-07-21 16:11:32 61 --sh--w- c:\windows\cnerolf.dat
2008-07-13 22:20:44 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 10:38:53.76 ===============Attached File  Attach.txt   4.87KB   1 downloads

Edited by pyrolimeade, 11 December 2009 - 02:03 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:35 AM

Posted 12 December 2009 - 10:40 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 pyrolimeade

pyrolimeade
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 December 2009 - 01:51 PM

Hey Sam, thanks for the response. Unfortunately, when I install Malwarebytes, the malware instantly removes the mbam.exe needed to run the program. I have renamed the installation .exe and renamed the install folder for Malwarebytes, but the infection still destroys the mbam.exe at the end of the install. I would like to add that this malware appears to be some sort of "Google redirect virus", because whenever I click directly on a Google or Yahoo search result, I get redirected to a website advertising something based on the websites that I generally visit.

OTL Logs

OTL Extras logfile created on: 12/12/2009 9:17:14 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Users\Christian\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.53% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.04 Gb Total Space | 151.43 Gb Free Space | 46.44% Space Free | Partition Type: NTFS
Drive D: | 9.31 Gb Total Space | 1.26 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 335.25 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive F: | 699.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-219566227-4232031137-3893328615-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-18]
"EnableNotifications" = 0
"EnableNotifications\Ref" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F90C8C-1ED0-4BCC-86EA-DBD3BC8A3CDB}" = lport=29901 | protocol=6 | dir=in | name=gamespy10 |
"{18314BEC-0850-4575-AA81-CEF8A99CA87E}" = lport=29900 | protocol=6 | dir=in | name=gamespy9 |
"{2910CE0D-EAF0-4E2F-ABA1-7E12A8EBABB6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D5DF852-24FA-4174-8F7A-9944F49E2BF4}" = lport=80 | protocol=6 | dir=in | name=broadwave |
"{2D91E676-0CA4-46C1-B23D-6FAFF70972E7}" = lport=23456 | protocol=17 | dir=in | name=fsx |
"{3092339F-498C-40E3-B761-0A91B00141CD}" = lport=6073 | protocol=17 | dir=in | name=fsx |
"{30E3C211-C190-4EFC-8575-FC3CA296BB83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31CEFBDB-20D7-4800-8B21-4D9C67B544CD}" = lport=13139 | protocol=6 | dir=in | name=gamespy11 |
"{330FE6F2-5473-459E-89CD-AC5427032260}" = lport=28900 | protocol=6 | dir=in | name=gamespy8 |
"{3A01776F-F54B-4681-96BE-770DECE37E9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41C7009D-9FA3-4C42-A4E8-2978EA590292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{480E54ED-35DD-4AE4-A583-7894700E2EE0}" = lport=6515 | protocol=6 | dir=in | name=gamespy12 |
"{4B09DCE3-72AA-4D6A-9716-CBF1E1AA4E36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D219EA9-E660-47CE-907A-20198F5EB10E}" = lport=85 | protocol=6 | dir=in | name=broadwave web server |
"{578C87A9-07B0-4A56-8CE4-7C1625944E16}" = lport=12264 | protocol=6 | dir=in | name=bitcomet 12264 tcp |
"{60CD528C-6B5D-40D6-8C08-83C5157EB8F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{625560EB-3E6C-4014-AACF-45EB9D3FF92D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{646FE463-2AD6-484F-8F24-819901897A98}" = lport=3783 | protocol=6 | dir=in | name=gamespy6 |
"{7C23ED56-6336-4A7B-B9BE-8B0676AD9DCC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{81D40705-605D-454C-8C0C-A95796D8085C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8F5B2AC7-B9E1-488D-AE14-3782BB34DCEC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9278F53B-08AA-4338-85F7-129D99B1DEEB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95B34F50-F12A-4B05-BAD6-7DDF47BE4F43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9662B3B7-8961-4FD5-9761-9BAE921E7FE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{97AFC2A7-B66D-4A2A-AE14-4FE5E8895A5E}" = lport=80 | protocol=17 | dir=in | name=broadwave10 |
"{9B9FCBF7-47C1-49C0-922C-D4A90334BD9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A05F00AD-8613-48E1-97F8-97C72578D944}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A202E09C-CCBC-40BE-A08E-5CD68240F1DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2DAFE1B-B6E8-47DE-BE73-65FBF023BC3F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A42968E3-D96E-47E0-93D3-1B307CD894A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA37090D-FB7C-452C-8018-8DE5BE2AC5DB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AB0BFB41-EFDE-4595-82CC-D15982E26214}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ACE5CB91-A771-4B6D-A7D5-31AEDA324EAB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B5F76294-2B0C-4652-8BC1-4C0FC962B460}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B82F9248-4469-4444-B57D-DC450539539D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0F36811-6833-43E9-83B9-5E53C1BCE068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6334BA5-83F6-4E75-B8B7-3AC67C782585}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CA7D85DF-EE5B-4179-942A-A00B061B5A56}" = lport=6667 | protocol=6 | dir=in | name=gamespy5 |
"{D16D518D-612B-4366-983F-062D3891728E}" = lport=27900 | protocol=6 | dir=in | name=gamespy7 |
"{D229C08F-6632-48CA-9D26-26F69CB0FEF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7E9BFE2-396E-4562-97D0-CC961694EFEA}" = lport=6500 | protocol=6 | dir=in | name=gamespy13 |
"{DD2151B4-00C8-4363-8A72-AB8F0A18C512}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E16BBFE2-812C-4AB8-A8D7-C7E69B879A8D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E480D6EF-8724-4722-9199-9A2336B22B3A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECEE7836-861A-4F89-8444-3EFCF16CFBBC}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EE7200F1-7C87-4E65-AFC6-D163D7C3D78A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F6A75479-165D-498F-9B53-D9DC663D99AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8D4089F-222A-46F4-B100-94DA63801A2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9EDBB96-2352-4201-B482-9F74CEEB55DA}" = lport=12264 | protocol=17 | dir=in | name=bitcomet 12264 udp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0623D320-E77E-4983-8D52-DF061E1BF08E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{075FB07E-866B-4D05-B541-63CA53DF9B73}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{135418B1-BF25-4B43-A528-C720578864DF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{19EDC939-4320-4655-8079-BA57CF7AE331}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1ABC1A3E-356E-460F-9E21-047BFE3D6CDA}" = protocol=6 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{277EADA2-101D-4FE0-87B4-F86A21BF5DBC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{292D32AD-7259-4F6B-846A-AB2F4DCAD34F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{293FADD9-8478-4A32-84D8-CCF7B42E3626}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B2B1856-ADFB-438F-859F-350C95CF4F3D}" = protocol=6 | dir=out | app=system |
"{302674FD-478F-4151-A6BA-CEE13956D4F9}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{32E212A4-ABDF-4561-A683-C432322902E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{36E96F26-6889-4021-B586-AF3CDA86EC24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{370531FE-91FD-49A4-BBC0-CE6494160DCF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3AC26C4C-0E3C-4976-B974-37705DF7FFA6}" = protocol=17 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{4EAA311C-1E62-40F0-8AB3-8A009E5E4216}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6457CED0-49CE-4312-9640-B4FEA2DD2272}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{647600DF-E677-49BE-B217-61FE28381AB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68700F20-1D94-490C-8F85-E011DF559286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E4B73DE-B3F3-47AD-8E45-6C0AD66C72A7}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{6E79778D-044E-4ED8-87CB-E0A39CCB651A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71865A5F-344A-456F-B883-FAE79CCB4D10}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgrsx.exe |
"{73D38C77-E4C8-47F1-95C0-BA6203635783}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85B230BA-1244-4E4F-9AF6-F7BB48F651F4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8A3A2214-1DAC-42CF-AB22-709115E13EF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BF130BC-309B-4016-903E-626A66E77873}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{9483C374-A2BB-40D1-A4CC-A719DBB6A217}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A317D0A0-47A0-406B-ADCB-B7E7D3A4D345}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A634907F-E0EB-4E7B-AFAF-77C0982A3253}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A94944C9-4D6A-4D5D-AFBC-D720935E98D5}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{A94C7740-1DF6-4958-9D21-8DDFCC3CC01D}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgrsx.exe |
"{AC41D021-B56C-4CD6-ADC2-A30370A8F85E}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{B43B575D-7D01-48C6-961B-F335CF644BF8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{BAA1468B-B8EA-4843-BF82-2072EF78F68A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C15A98D0-5422-429A-B976-5BE8D7E76246}" = protocol=17 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{C2227142-11BB-4254-AB96-18999FA45EF1}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C657F30C-671F-4D56-8934-8C5C511D0531}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C6B069DD-A82F-4408-B0EE-98F0D5F6AD53}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7D7C6C6-4867-4A8B-85AC-55FE539AE15A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CAA7323F-5DAD-4A41-9142-33AC9D6E441F}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D350DFD8-A283-4B15-8732-3340BA8A2617}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D47757FB-F4E2-4CC1-A57F-211476E0D73D}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D5DD4683-6FD2-4785-BAEC-51F7C0B36B96}" = protocol=6 | dir=in | app=c:\windows\servicing\trustedinstaller.exe |
"{D8B2F0A7-F9EE-4C65-91F4-B44CD9E3CB53}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DA8A7E58-4B03-4A9A-9648-BA2B5063C995}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{DFC22B34-A2C3-40A8-9A5A-DBF7EC97124A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{E5000699-6B80-4C09-A54D-2C937F0BFCAB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E8CD1E1C-E8BD-413F-9061-9DB257D0E93C}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EA18FF44-A7A9-451D-8DFD-0590D07BF0F1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{EDC02FFD-336D-43BC-8FD8-4A93A1966987}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0BFCCE0-012E-4BF0-8462-2335AC009B41}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F728D883-D110-44B7-8CC5-3BB8CA15C6EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE45BB25-87C5-4F20-B91A-AB642ABF6731}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FFA67876-7625-4A1C-B364-F55AC5E78B88}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FFEBE575-ACE6-4E97-BE20-7D6DAFA600FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0CF29570-C8D3-4ACE-BD83-79A944236710}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{2311AB35-1164-40F7-99A6-71C88B41FE50}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{28E75C24-088F-4ED2-9D3D-1C8A704D1022}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{30CBE399-0C42-4789-B017-0FAB8CECDC38}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{32C78DB4-AFF3-4CBA-885F-64540F2DCF6F}C:\program files\asrc\asrc.exe" = protocol=6 | dir=in | app=c:\program files\asrc\asrc.exe |
"TCP Query User{3645E136-B22C-477D-A25B-D1931EFE2E2E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{41D28389-7ED0-42EB-95C9-2DF5C61F18A3}C:\program files\squawkbox3\squawkbox.exe" = protocol=6 | dir=in | app=c:\program files\squawkbox3\squawkbox.exe |
"TCP Query User{42805148-A6E3-4066-87AE-B5E398366759}C:\program files\icecast2 win32\icecast2.exe" = protocol=6 | dir=in | app=c:\program files\icecast2 win32\icecast2.exe |
"TCP Query User{5A9AD461-59B6-4DA9-ACB7-2211F5DB528D}C:\users\christian\downloads\fshostclient1.1\fshostclient.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\fshostclient1.1\fshostclient.exe |
"TCP Query User{5C649DBE-B281-4164-9CCA-38580D369DA7}C:\program files\squawkbox3\squawkbox.exe" = protocol=6 | dir=in | app=c:\program files\squawkbox3\squawkbox.exe |
"TCP Query User{6174AC7A-94AE-4956-A109-1432A0A3F69D}C:\program files\squawkbox3\squawkbox_fsx.exe" = protocol=6 | dir=in | app=c:\program files\squawkbox3\squawkbox_fsx.exe |
"TCP Query User{6C78F837-72C9-4381-8AC7-85F97938F9D6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6CF4FF11-DF94-4E32-BFD8-22C77FB4C318}C:\users\christian\downloads\fshost32\fshost32.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\fshost32\fshost32.exe |
"TCP Query User{7E0AA323-473B-4B40-8FFD-25623B7A090A}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{85873265-9773-404B-95F6-BC0D6E5F5315}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8C3C069F-CE30-4694-BCEC-B639F7425BC0}C:\program files\squawkbox3\squawkbox_fs.exe" = protocol=6 | dir=in | app=c:\program files\squawkbox3\squawkbox_fs.exe |
"TCP Query User{8D1DB524-B701-44B0-B5E7-C475B684F525}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"TCP Query User{8F8EB0AC-2546-49FC-9547-4283313C8561}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{A02742BF-D4D8-4DB6-A151-9523E6CF7211}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{A947FFD7-8981-46F6-8EA9-7B89F236ECCD}C:\program files\fsfdt\fwinn\fwinn.exe" = protocol=6 | dir=in | app=c:\program files\fsfdt\fwinn\fwinn.exe |
"TCP Query User{B3A68EE5-E1BA-4FEB-BAAC-679BF24F9B0B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B863A55F-81EC-4961-A7E2-4384AC1C98F1}C:\program files\shoutcast\sc_serv.exe" = protocol=6 | dir=in | app=c:\program files\shoutcast\sc_serv.exe |
"TCP Query User{C29837A3-C690-4767-A02A-FBD3C78E7610}C:\program files\roger wilco\roger.exe" = protocol=6 | dir=in | app=c:\program files\roger wilco\roger.exe |
"TCP Query User{D4395B3B-CC2B-497E-813C-C0FFA38FB056}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{D7D27BC0-C93A-4AF2-BC28-1DF076E11800}C:\users\christian\appdata\local\temp\temp6_fshostclient1.1.zip\fshostclient.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\temp6_fshostclient1.1.zip\fshostclient.exe |
"TCP Query User{DD3BF9F6-7CBE-4B34-84A6-C742876D968A}C:\users\christian\appdata\local\temp\temp2_fshost32.zip\fshost32.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\temp2_fshost32.zip\fshost32.exe |
"TCP Query User{DE7F7961-11AB-4D87-A53B-D3F70563D0E6}C:\program files\vrc\vrc.exe" = protocol=6 | dir=in | app=c:\program files\vrc\vrc.exe |
"TCP Query User{E41F9008-2156-4CD0-8322-6473E85EF0E4}C:\users\christian\downloads\fshost32(2)\fshost32.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\fshost32(2)\fshost32.exe |
"TCP Query User{E44DB72E-AD53-4133-814F-99C72BB9B68A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{E92D85B1-FFCC-4063-A831-46B0EA320ACA}C:\users\christian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{EA5ACFA2-BD13-448B-A0EB-6210907A9F6B}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{ED2CAB52-6B99-47E8-8D5C-04994239CF08}C:\program files\microsoft games\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\flight simulator 9\fs9.exe |
"TCP Query User{F06E92D9-E270-4E31-BE2A-9C7AFECB0E73}C:\users\christian\downloads\fshostclient1.1\fshostclient.exe" = protocol=6 | dir=in | app=c:\users\christian\downloads\fshostclient1.1\fshostclient.exe |
"UDP Query User{07A0D1F4-9D8F-4EBF-AEDC-63B1B1B0BB9A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{07BD3854-B096-415A-AA57-22B8BD1D6EBF}C:\users\christian\downloads\fshost32\fshost32.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\fshost32\fshost32.exe |
"UDP Query User{0C5D5622-F9D4-4BB6-AC3C-9D99A74C3469}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{0D36A3C6-B866-4763-AB8E-BEEA7240D31A}C:\program files\shoutcast\sc_serv.exe" = protocol=17 | dir=in | app=c:\program files\shoutcast\sc_serv.exe |
"UDP Query User{16A75C24-5822-4189-8CC3-BCD320E9DFD7}C:\users\christian\appdata\local\temp\temp6_fshostclient1.1.zip\fshostclient.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\temp6_fshostclient1.1.zip\fshostclient.exe |
"UDP Query User{2C5D410E-83C2-4CB2-BCA5-B921A2B672A2}C:\program files\microsoft games\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\flight simulator 9\fs9.exe |
"UDP Query User{35B80F8E-749F-437B-9923-C437779AB755}C:\program files\squawkbox3\squawkbox.exe" = protocol=17 | dir=in | app=c:\program files\squawkbox3\squawkbox.exe |
"UDP Query User{38935A4A-3F8C-4C58-9E09-51C0DF485A07}C:\users\christian\appdata\local\temp\temp2_fshost32.zip\fshost32.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\temp2_fshost32.zip\fshost32.exe |
"UDP Query User{3A1CB4DA-C49B-4817-BC9B-519841CEFC89}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{51F76F1C-3B9E-41F5-AAF2-CC4AB62C5C26}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{53550488-9DF3-4C95-ADAE-5DA0C85FA6FF}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{54D2D5F9-C96C-480C-BAD3-53CA70160673}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"UDP Query User{6BE1E061-5D1F-48EF-AC11-D8044627F75A}C:\program files\squawkbox3\squawkbox_fsx.exe" = protocol=17 | dir=in | app=c:\program files\squawkbox3\squawkbox_fsx.exe |
"UDP Query User{702F15F5-6B65-4462-BACB-2F606C55630C}C:\program files\icecast2 win32\icecast2.exe" = protocol=17 | dir=in | app=c:\program files\icecast2 win32\icecast2.exe |
"UDP Query User{704103DF-D2EE-4B34-A53C-2863F117D988}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{70E191C0-E676-4330-B1AB-0504FB1FCC8D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{7C8D69F7-C1EE-4E2F-BBE5-76CD151A5B83}C:\program files\fsfdt\fwinn\fwinn.exe" = protocol=17 | dir=in | app=c:\program files\fsfdt\fwinn\fwinn.exe |
"UDP Query User{8CCD90A0-6A13-4FF8-B390-CC1DDBF2A97B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{8DE9A336-DD4A-4E19-A3E3-2E84DD78DA2C}C:\program files\vrc\vrc.exe" = protocol=17 | dir=in | app=c:\program files\vrc\vrc.exe |
"UDP Query User{90555A52-BD93-4328-857F-1F6BC0186725}C:\users\christian\downloads\fshostclient1.1\fshostclient.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\fshostclient1.1\fshostclient.exe |
"UDP Query User{91E88DBE-2163-4ACF-93E0-D30890356ECB}C:\program files\squawkbox3\squawkbox.exe" = protocol=17 | dir=in | app=c:\program files\squawkbox3\squawkbox.exe |
"UDP Query User{A1F2C11E-42BB-480F-A1DF-778958932F3F}C:\program files\squawkbox3\squawkbox_fs.exe" = protocol=17 | dir=in | app=c:\program files\squawkbox3\squawkbox_fs.exe |
"UDP Query User{A6D4C693-D9C3-428D-AC76-2F646A31C18B}C:\users\christian\downloads\fshostclient1.1\fshostclient.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\fshostclient1.1\fshostclient.exe |
"UDP Query User{ACE83FDB-E75C-4DEB-B4BC-519E810EAD81}C:\program files\asrc\asrc.exe" = protocol=17 | dir=in | app=c:\program files\asrc\asrc.exe |
"UDP Query User{AF7A8D2A-B298-4620-8E36-6F6EFD312487}C:\program files\roger wilco\roger.exe" = protocol=17 | dir=in | app=c:\program files\roger wilco\roger.exe |
"UDP Query User{B02B006A-EFB1-4B65-AE2B-D18DB83B8415}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{B057C0E5-997B-4956-AB22-3D2E5D19D6DE}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{C517353B-CB84-4EDB-A738-760E6D6B9B12}C:\users\christian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E5C8E25D-8A44-4F20-8A27-62066351D0FD}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{E6B725A5-C687-47CF-8D92-BA01270FCE16}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{ECCCA8CC-7A53-4A2F-ACA8-5B91DF754776}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{F5DB5C75-D45A-4B43-B0DF-5D065CDE5F03}C:\users\christian\downloads\fshost32(2)\fshost32.exe" = protocol=17 | dir=in | app=c:\users\christian\downloads\fshost32(2)\fshost32.exe |
"UDP Query User{FE563130-09F9-4F2D-89C3-B344201C31B8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13A189A1-0CEE-4EAF-B08D-FF425855517C}" = Airbus Collection Long Haul (FSX)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C0B9F94-E2E2-49EC-8172-8BE789B7CA9A}" = Spectrogram 16
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5708E1AE-CBF7-4EE8-9E5F-1662F56AFC90}" = Mozilla plugin for Unreal Media Player
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A06A6679-41D7-48C5-82F8-7D3B0B654720}" = Active Sky X
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0B6E1E2-F9FA-4C9C-8548-4ACE0B780B51}" = FS Recorder 1.331 for FSX
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C541EEFC-49B0-4976-80DB-4D5B78B50114}" = MorphVOX Pro
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D29D8FBE-A510-4071-834B-ADBB4C5C475C}" = ASRC
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7049A79-20CC-4C4F-8C14-4C878AFAC27E}" = MorphVOX Junior
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Airbus Collection Long Haul (FSX)" = Airbus Collection Long Haul (FSX)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"AVG8Uninstall" = AVG Free 8.5
"BitComet" = BitComet 1.02
"BroadWave" = BroadWave
"Captain Sim C-130 X-perience Pro Pack" = Captain Sim C-130 X-perience Pro Pack
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"EADM" = EA Download Manager
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"F-16 Block 20 (FS2004)" = F-16 Block 20 (FS2004)
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FreeCommander_is1" = FreeCommander 2008.06c
"Gmask 1.70 English" = Gmask 1.70 English
"Google Updater" = Google Updater
"GRLevel3_is1" = GRLevel3 version 1.44
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Icecast2 Win32_is1" = Icecast v2.3.1
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Project Reality Core_is1" = Project Reality 0856 Core
"Project Reality Levels_is1" = Project Reality 0856 Levels
"Project Reality Patch_is1" = Project Reality 0874 Patch
"Project Reality Retro Map Pack 1_is1" = Project Reality 0860 Retro Map Pack 1
"Roger Wilco" = Roger Wilco
"SCDNAS" = SHOUTcast DNAS (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SkyChart III Demo" = SkyChart III Demo
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Spectrum Lab_is1" = Spectrum Lab V2.72
"SquawkBox" = SquawkBox
"SquawkBox 3" = SquawkBox 3
"Stellarium_is1" = Stellarium 0.9.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ToneGen" = NCH Tone Generator
"ToolBox" = NCH Toolbox
"Train Simulator 1.0" = Microsoft Train Simulator
"vasFMC_is1" = vasFMC 1.10
"VATSpy" = VAT-Spy
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VRC" = VRC
"WavePad" = WavePad Sound Editor
"WebCam Monitor_is1" = WebCam Monitor 5.2
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-219566227-4232031137-3893328615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Groom Lake Scenery for FS2004" = Groom Lake Scenery for FS2004
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Timewave Calculator" = Timewave Calculator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2009 1:04:30 PM | Computer Name = Christian-PC | Source = VSS | ID = 8194
Description =

Error - 12/10/2009 2:07:14 PM | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2009 12:37:33 AM | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8089.726, time stamp
0x4a6ce533, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0x135c, application start time
0x01ca7a1aa28e54c5.

Error - 12/11/2009 4:39:56 AM | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Faulting application service.exe, version 6.0.5900.7512, time stamp
0x4b2132c7, faulting module service.exe, version 6.0.5900.7512, time stamp 0x4b2132c7,
exception code 0xc0000005, fault offset 0x0012d214, process id 0x14f0, application
start time 0x01ca7a3d83d06055.

Error - 12/11/2009 5:12:05 AM | Computer Name = Christian-PC | Source = SPP | ID = 16387
Description =

Error - 12/11/2009 5:12:05 AM | Computer Name = Christian-PC | Source = System Restore | ID = 8193
Description =

Error - 12/11/2009 5:12:53 AM | Computer Name = Christian-PC | Source = SPP | ID = 16387
Description =

Error - 12/11/2009 5:12:53 AM | Computer Name = Christian-PC | Source = System Restore | ID = 8193
Description =

Error - 12/11/2009 5:13:02 AM | Computer Name = Christian-PC | Source = SPP | ID = 16387
Description =

Error - 12/11/2009 5:13:02 AM | Computer Name = Christian-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 8/28/2008 8:21:40 AM | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/27/2008 7:48:33 PM | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:48:42 PM | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/11/2009 3:39:50 PM | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 12/11/2009 3:42:16 PM | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/11/2009 3:42:16 PM | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2009 3:52:24 AM | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:50:05 PM on 12/11/2009 was unexpected.

Error - 12/12/2009 3:52:30 AM | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 12/12/2009 3:54:51 AM | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/12/2009 3:54:51 AM | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2009 1:03:48 PM | Computer Name = Christian-PC | Source = HTTP | ID = 15016
Description =

Error - 12/12/2009 1:06:17 PM | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/12/2009 1:06:17 PM | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL logfile created on: 12/12/2009 9:17:14 AM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Users\Christian\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.53% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.04 Gb Total Space | 151.43 Gb Free Space | 46.44% Space Free | Partition Type: NTFS
Drive D: | 9.31 Gb Total Space | 1.26 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 335.25 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Drive F: | 699.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 09:16:12 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL.exe
PRC - [2009/12/11 10:33:52 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/10 15:33:28 | 00,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/10/30 14:06:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/20 07:54:32 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/20 07:54:32 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 07:54:27 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/20 07:54:24 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 07:54:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/27 17:21:39 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/09 13:33:34 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2008/01/20 18:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/20 18:23:53 | 01,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/20 18:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/20 18:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 18:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/15 03:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/22 11:49:08 | 00,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/11/19 13:54:04 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/16 07:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/18 07:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 03:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/19 04:00:00 | 00,177,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIADA.EXE
PRC - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/02 01:46:03 | 00,058,368 | ---- | M] (Netopsystems AG) -- C:\Windows\System32\FastNetSrv.exe
PRC - [2005/11/30 11:38:10 | 00,393,216 | ---- | M] () -- C:\Program Files\Icecast2 Win32\icecastService.exe


========== Modules (SafeList) ==========

MOD - [2009/12/12 09:16:12 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL.exe
MOD - [2009/09/11 10:41:16 | 00,052,736 | -HS- | M] () -- C:\Windows\System32\gebegimi.dll
MOD - [2009/08/20 07:54:32 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/20 18:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 15:33:28 | 00,215,128 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/08/20 07:54:24 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/20 07:54:18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/21 20:09:17 | 00,499,716 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe -- (BroadWaveService)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/27 17:21:39 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/24 11:22:47 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/01/20 18:24:13 | 00,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/01/20 18:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/19 13:54:04 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/09/19 16:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/07/23 15:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 04:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 01:46:03 | 00,058,368 | ---- | M] (Netopsystems AG) [Auto | Running] -- C:\Windows\System32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2006/11/02 01:46:03 | 00,044,544 | ---- | M] (FTD2XX Software Technology) [Auto | Running] -- C:\Windows\System32\BtwSrv.dll -- (BtwSrv)
SRV - [2005/11/30 11:38:10 | 00,393,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Icecast2 Win32\icecastService.exe -- (Icecast)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
IE - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\S-1-5-21-219566227-4232031137-3893328615-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.02
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.5.1
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="
FF - prefs.js..network.proxy.http: "24.5.244.250"
FF - prefs.js..network.proxy.http_port: 8085
FF - prefs.js..network.proxy.network.proxy.socks_remote_dns: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 08:18:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/30 14:06:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 14:06:35 | 00,000,000 | ---D | M]

[2008/07/13 19:18:45 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Extensions
[2009/12/11 11:50:35 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions
[2009/07/04 21:18:09 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/10/31 22:34:51 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/07/24 16:00:46 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2008/07/15 14:16:53 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/10/01 13:16:38 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions\justintvpublisher@justin.tv
[2008/07/14 11:12:19 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\3jjtnphm.default\extensions\moveplayer@movenetworks.com
[2009/10/26 15:54:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/08/04 13:00:00 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp60.dll
[2008/01/22 22:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007/01/24 09:52:32 | 00,245,832 | ---- | M] (C Systems - Creative Software Solutions since 1996) -- C:\Program Files\Mozilla Firefox\plugins\npUMediaPlayer5.dll
[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MsWerr] C:\Windows\TEMP\xm1985.DLL (微软公司)
O4 - HKU\S-1-5-18..\Run: [MsWerr] C:\Windows\TEMP\xm1985.DLL (微软公司)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000..\Run: [EPSON Stylus CX4800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-219566227-4232031137-3893328615-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} http://labs.jaduka.com/VaxSIPUserAgentCAB.cab (VaxSIPUserAgentCAB Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (gebegimi.dll) - C:\Windows\System32\gebegimi.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/29 15:03:09 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/11/01 02:44:42 | 01,187,840 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/11/01 02:44:42 | 00,000,043 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/11/01 02:39:39 | 00,000,000 | ---D | M] - F:\autorun -- [ CDFS ]
O33 - MountPoints2\{cc85dec9-27c6-11dd-81a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc85dec9-27c6-11dd-81a3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2005/11/01 02:44:42 | 01,187,840 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: BtwSrv - C:\Windows\System32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll ()
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 18:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/11 23:39:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware6
[2009/12/11 23:34:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware5
[2009/12/11 13:07:05 | 00,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2009/12/11 13:06:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/11 13:06:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/11 13:06:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/11 13:06:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/11 01:13:06 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro

========== Files - Modified Within 14 Days ==========

[2009/12/12 09:23:05 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\libojira
[2009/12/12 09:17:30 | 03,145,728 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT
[2009/12/12 09:09:46 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/12 09:09:46 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/12 09:09:46 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/12 09:06:19 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/12/12 09:05:45 | 46,542,550 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/12 09:05:45 | 00,123,577 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/12 09:03:49 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 09:03:49 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/12 09:03:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/12 09:03:35 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/12 09:03:22 | 32,195,66592 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/12 01:52:23 | 00,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/12/12 01:52:23 | 00,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/12/12 01:52:15 | 03,796,047 | -H-- | M] () -- C:\Users\Christian\AppData\Local\IconCache.db
[2009/12/11 23:39:47 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/11 10:41:12 | 00,008,704 | ---- | M] () -- C:\acad.exe
[2009/12/11 10:30:17 | 34,483,7932 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/11 01:39:37 | 00,003,034 | ---- | M] () -- C:\Users\Christian\Documents\Attach.zip
[2009/12/11 01:13:08 | 00,001,954 | ---- | M] () -- C:\Users\Christian\Desktop\HiJackThis.lnk
[2009/12/10 15:33:37 | 00,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/12/10 15:33:28 | 00,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/12/10 15:33:28 | 00,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/12/09 10:08:05 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristian.job
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2009/12/11 13:06:59 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/11 10:41:12 | 00,008,704 | ---- | C] () -- C:\acad.exe
[2009/12/11 01:39:37 | 00,003,034 | ---- | C] () -- C:\Users\Christian\Documents\Attach.zip
[2009/12/11 01:13:08 | 00,001,954 | ---- | C] () -- C:\Users\Christian\Desktop\HiJackThis.lnk
[2009/09/11 10:46:31 | 00,045,568 | -HS- | C] () -- C:\Windows\System32\suhokamo.dll
[2009/09/11 10:46:29 | 00,092,672 | -HS- | C] () -- C:\Windows\System32\meridewa.dll
[2009/09/11 10:46:29 | 00,039,424 | -HS- | C] () -- C:\Windows\System32\diwunawo.dll
[2009/09/11 10:41:16 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\gebegimi.dll
[2009/09/11 10:41:15 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\zayiveva.dll
[2009/09/11 10:41:15 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\negonuze.dll
[2009/01/04 17:15:23 | 00,001,854 | ---- | C] () -- C:\Windows\asrc.ini
[2008/12/31 23:09:42 | 00,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2008/12/31 09:42:54 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/21 19:37:55 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/08/20 05:59:20 | 00,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/07/27 01:54:08 | 00,002,678 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat
[2008/07/26 14:27:51 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/26 14:27:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/07/24 18:45:32 | 00,027,648 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/13 12:02:36 | 00,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2008/04/29 14:54:25 | 00,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/04/29 14:47:21 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/29 14:47:21 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/20 18:24:13 | 00,061,440 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2008/01/20 18:24:13 | 00,002,304 | ---- | C] () -- C:\Windows\System32\winsts.sys
[2006/11/02 04:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:46:03 | 00,000,006 | ---- | C] () -- C:\Windows\System32\FInstall.sys
[2006/11/01 23:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/01 09:14:08 | 00,097,280 | ---- | C] () -- C:\Windows\System32\TSRemote.dll

========== LOP Check ==========

[2009/08/01 06:02:47 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\.minecraft
[2008/07/29 14:26:34 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\acccore
[2009/11/30 22:16:17 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Audacity
[2008/10/10 16:32:34 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreeCommander
[2009/12/10 23:05:47 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GRLevel3
[2009/02/14 11:12:33 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HiFi
[2008/10/25 20:35:56 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LimeWire
[2008/07/13 20:21:17 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\My Games
[2009/05/21 20:11:38 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\NCH Swift Sound
[2009/04/26 08:35:27 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2009/01/04 16:00:30 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Screaming Bee
[2008/07/13 11:40:36 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Snapfish
[2008/08/10 21:01:47 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Stellarium
[2008/07/27 01:54:10 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Template
[2009/11/09 19:14:43 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\VAT-Spy
[2008/12/31 23:11:21 | 00,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Webcammax
[2009/12/12 01:52:27 | 00,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/11 10:41:12 | 00,008,704 | ---- | M] () -- C:\acad.exe


< MD5 for: AGP440.SYS >
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 18:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 01:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 18:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 21:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 18:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 18:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 18:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 18:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Edited by pyrolimeade, 12 December 2009 - 01:59 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:35 AM

Posted 12 December 2009 - 03:54 PM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2009/09/11 10:41:16 | 00,052,736 | -HS- | M] () -- C:\Windows\System32\gebegimi.dll
    O4 - HKU\.DEFAULT..\Run: [MsWerr] C:\Windows\TEMP\xm1985.DLL (微软公司)
    O4 - HKU\S-1-5-18..\Run: [MsWerr] C:\Windows\TEMP\xm1985.DLL (微软公司)
    O20 - AppInit_DLLs: (gebegimi.dll) - C:\Windows\System32\gebegimi.dll ()
    [2009/09/11 10:46:31 | 00,045,568 | -HS- | C] () -- C:\Windows\System32\suhokamo.dll
    [2009/09/11 10:46:29 | 00,092,672 | -HS- | C] () -- C:\Windows\System32\meridewa.dll
    [2009/09/11 10:46:29 | 00,039,424 | -HS- | C] () -- C:\Windows\System32\diwunawo.dll
    [2009/09/11 10:41:16 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\gebegimi.dll
    [2009/09/11 10:41:15 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\zayiveva.dll
    [2009/09/11 10:41:15 | 00,052,736 | -HS- | C] () -- C:\Windows\System32\negonuze.dll
    
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

===================



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


===================


Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 pyrolimeade

pyrolimeade
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 December 2009 - 04:49 PM

I installed and ran GMER, but about a minute or so into the scan, it crashed. I downloaded the random .exe option on the GMER link, and as soon as I ran the .exe, Windows crashed to a BSOD.

OTL Log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MsWerr deleted successfully.
C:\Windows\Temp\xm1985.dll moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\MsWerr not found.
File C:\Windows\TEMP\xm1985.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gebegimi.dll deleted successfully.
C:\Windows\System32\gebegimi.dll moved successfully.
C:\Windows\System32\suhokamo.dll moved successfully.
C:\Windows\System32\meridewa.dll moved successfully.
C:\Windows\System32\diwunawo.dll moved successfully.
File C:\Windows\System32\gebegimi.dll not found.
C:\Windows\System32\zayiveva.dll moved successfully.
C:\Windows\System32\negonuze.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian
->Temp folder emptied: -1375484729 bytes
->Temporary Internet Files folder emptied: 16514366 bytes
->Java cache emptied: 1126930337 bytes
->FireFox cache emptied: 118830036 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 95175 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 51256720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = -58.96 mb


OTL by OldTimer - Version 3.1.16.0 log created on 12122009_130409

Files\Folders moved on Reboot...
C:\Windows\temp\mta13187.dll moved successfully.

Registry entries deleted on Reboot...

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:35 AM

Posted 13 December 2009 - 09:35 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 pyrolimeade

pyrolimeade
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 14 December 2009 - 11:26 AM

Should I still download ComboFix from the second link? The first and third links redirect to a page stating that ComboFix is being updated.

#8 pyrolimeade

pyrolimeade
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 14 December 2009 - 05:57 PM

Thanks for the help, unfortunately, the infection destroyed Windows. I restored the computer to its factory condition and reinstalled Windows Vista.

Edited by pyrolimeade, 14 December 2009 - 05:58 PM.


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:35 AM

Posted 14 December 2009 - 09:11 PM

Ok, thanks for following up with me. :(

This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users