Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ugh! Virtumonde/Vundo infection with bonus Antivirus Live/Pro 2010


  • This topic is locked This topic is locked
20 replies to this topic

#1 firegirl25

firegirl25

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 27 February 2010 - 03:34 PM

Hi,

I have been several problems the past week. I hope someone can help 'cause I am at my wits end! crazy.gif

It all started with Antivirus Live 2010/Antivirus Pro 2010... I noticed the popups right away. It was easy to get rid of the first time but it came back. I wasn't sure if maybe I re-visited the same website where I got infected or what (and still not sure which one that was) but I had been using IE so once it came back again I changed to chrome, and then Firefox. The second time it returned it recognized Malwarebytes and would not launch it. I wasn't able to killit with rkill so I had to use a registry edit I found online to "fix" it (now I'm wondering if that made things worse). Prior to doing the fix.reg the computer would just shut down if I were trying to execute an anti-malware or spyware program. I was also not able to launch safe mode. After performing the fix.reg all seemed well- popups were gone and computer performace was back to normal (it had been bogged down and of course the constant crashing)...but then the next day, popups were back-same thing.

I did this about 3 times and then yesterday all of a sudden I kept getting a ton of Spybot S&D registry warnings. I would deny them all but they would not stop. AVG popped up with an alert with "virtumonde" which when I tried to click on to heal infection, etc. the computer crashed. Again rkill won't stop the harmful processes and malwarebytes won't run (get a missing file warning which I've read is common) I tried following the removal instructions here but can't get malwarebytes to run at all. Only way to get in safe mode is to disconnect power and drop out the battery which I don't like doing, an I can't seem to do much in safe anyway.

I managed to run a SAS scan twice (which took almost 7 hours both times) and each time it finds random trojans (fake.av, generic, etc.) I don't know if these are real or what cause I keep trying to heal them. It also found a vundo and supposedly fixed it (as did AVG) but I know it is still here. Still getting the popups and running slow as molasses.

Many of these programs don't seem to be working right. GMER has many of the options greyed out so I cannot make the selections as recommended in the preparation guide. I tried to do all this as best as I could.

Any help or advice you can give me would be greatly appreciated.
Thanks so much,
Jen

Attached Files



BC AdBot (Login to Remove)

 


#2 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:04:14 AM

Posted 27 February 2010 - 07:19 PM

Hi firegirl25, Welcome to Bleeping Computer smile.gif



Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  2. During the download, rename Combofix to Combo-Fix as follows:





  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  7. Double click on combo-Fix.exe & follow the prompts.
  8. When finished, it will produce a report for you.
  9. Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#3 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 27 February 2010 - 09:09 PM

I'm getting an error when I try to run combofix, I guess because I am Vista 64 bit? I tried both links you provided above.

Error-Win32 only

incompatible OS. Combofix only works for workstations with Windows 2000 and XP

Thanks, Jen


#4 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 01 March 2010 - 09:01 AM

Here are some of my logs, hopefully this will help with combofix not working...

HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:21 PM, on 2/27/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {28fc8777-f09f-4f54-9702-e02c45703894} - C:\ProgramData\viyuroba\viyuroba.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Fredericks\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [zayomoroy] Rundll32.exe "c:\progra~3\bubufibo\bubufibo.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: 9635938.lnk = C:\Users\Fredericks\AppData\Local\Temp\mvNat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\extensis\extensis suitcase 11\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\ProgramData\bupakomi\bupakomi.dll c:\PROGRA~3\bubufibo\bubufibo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: huwayezuh - {0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} - (no file)
O21 - SSODL: gutiledos - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll
O22 - SharedTaskScheduler: kupuhivus - {0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11543 bytes

SUPER ANTI SPYWARE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2010 at 01:44 AM

Application Version : 4.34.1000

Core Rules Database Version : 4618
Trace Rules Database Version: 2430

Scan type : Complete Scan
Total Scan Time : 06:13:07

Memory items scanned : 419
Memory threats detected : 1
Registry items scanned : 7618
Registry threats detected : 11
File items scanned : 49985
File threats detected : 13

Adware.Vundo/Variant-Senorita
C:\PROGRA~3\BUBUFIBO\BUBUFIBO.DLL
C:\PROGRA~3\BUBUFIBO\BUBUFIBO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7}
HKCR\CLSID\{0DC104A6-B8EB-41CD-A7C2-9E4F4DCDB5D7}
HKCR\CLSID\{0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7}\InprocServer32
HKCR\CLSID\{0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#huwayezuh
C:\PROGRAMDATA\BUBUFIBO\BUBUFIBO.DLL

Trojan.Downloader-Gen
HKLM\System\ControlSet001\Services\Ias
C:\WINDOWS\SYSTEM32\IASEX.DLL
HKLM\System\ControlSet001\Enum\Root\LEGACY_Ias
HKLM\System\ControlSet003\Services\Ias
HKLM\System\ControlSet003\Enum\Root\LEGACY_Ias
HKLM\System\CurrentControlSet\Services\Ias
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Ias

Adware.Vundo/Variant-[Fixed]
C:\PROGRAMDATA\NAHIVOYI\NAHIVOYI.DLL

Adware.Tracking Cookie
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@ad.yieldmanager[2].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@hypertracker[1].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@interclick[2].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@mediaresponder[2].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@mediatraffic[1].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@partners.ymultimedia[2].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@statcounter[1].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@stopzilla[2].txt
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Cookies\Low\fredericks@www.stopzilla[2].txt



#5 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:04:14 AM

Posted 04 March 2010 - 10:36 PM

Sorry for the delay:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#6 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 March 2010 - 04:30 PM



Thanks so much for your help and continued support! smile.gif Firegirl25
Here are the scans:


OTL Extras logfile created on: 3/5/2010 3:01:29 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Fredericks\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 81.51 Gb Free Space | 28.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREDERICKS-PC
Current User Name: Fredericks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Fredericks\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AC8AABC-2040-4DD8-A9F6-8130D7E5950D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A0AA128-240F-4384-AC56-01172EDDEB48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9C8D5F0-AF09-45D6-8869-E67A98FA63AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0363B567-53E4-4D8D-88A5-B2AE1311A86A}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{06C3ECFD-8F9F-4A7E-B6BD-1B2BC5FBBBA1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{090AE03B-6D32-4EFD-9969-DB2E0012CC41}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0CCBC03B-503D-4FD7-8F01-B461D7B88F6C}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{44CC577D-4C85-4A84-B56E-7F32BDB5B8A2}" = protocol=17 | dir=in | app=c:\users\fredericks\appdata\local\temp\mvnat.exe |
"{46F5EB33-E06F-4A66-8820-8D992ABD8525}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49A492BD-272F-4F02-AEFF-189BE012F81A}" = protocol=17 | dir=in | app=c:\program files (x86)\google\update\googleupdate.exe |
"{4A5ABF42-261B-4BDB-8B0C-930EBDD027B2}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4E9CC253-194B-46E2-B15B-C9EBAFD2EC30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4F81C920-7F08-47B1-A441-15C55F688DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\apple\mobile device support\bin\applemobiledeviceservice.exe |
"{51877A84-2F22-4D77-B1CB-E919A2C8C43E}" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{64A2AB2D-BF83-4D6A-A63C-62B7D4291573}" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"{7213538C-84B5-4E7C-9B03-EB0F05C0FD7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{79F1A542-C24C-4A3D-B725-CA6545E1348A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7DF2EE89-2CEC-4A38-BDD3-CF5276CFBFE7}" = protocol=17 | dir=in | app=c:\users\fredericks\appdata\local\temp\a2dspi.exe |
"{836EF7CF-5091-44DE-9859-21DA3C55D16D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8B2B0FED-1A5B-4773-B2A7-66DE6CEDCB44}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"{8B69BB38-9E1B-4571-8518-47F7974D56B3}" = protocol=6 | dir=in | app=c:\users\fredericks\appdata\local\temp\a2dspi.exe |
"{AEBFC500-F211-4D82-8C1E-6B900183DBFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AFE9E464-4BCB-4D25-B35A-358B6883C1B8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\apple\mobile device support\bin\applemobiledeviceservice.exe |
"{B095A698-4ADC-4F3B-A729-23B612C5AC26}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B8C1058C-EC5D-4C95-8B3A-3B65E92EB904}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C9CA25D1-0D8A-459F-A2B3-87C13BB513BB}" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy\sdwinsec.exe |
"{CA0544E1-356F-4F57-A649-598A067AEE07}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"{D6DBFF85-D058-4EF8-8D82-B1D2C51422A1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E02FC57A-ABBD-4776-BFCB-3D9B9B6E1EF6}" = protocol=6 | dir=in | app=c:\users\fredericks\appdata\local\temp\mvnat.exe |
"{E63BBD76-2939-4447-9580-08BA41310EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\google\update\googleupdate.exe |
"{E9111F41-1A55-4ED1-9A31-58AE8275F33E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F72DEEB2-5370-48CB-9BC3-A06BF92E32AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FFFD402A-2139-4942-93AA-33121A3A0E11}" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy\sdwinsec.exe |
"TCP Query User{225102A0-73E0-44FA-8623-52A00E8C3B1F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{76051FE3-9A47-481C-A013-AC98EC5993C3}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{A47B4BFE-3B41-4CED-ACFC-D286D3B84989}C:\program files (x86)\digital juice\juicer 3\djdownloadmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\digital juice\juicer 3\djdownloadmanager.exe |
"TCP Query User{F2E8640E-2758-4531-9109-D2DA94233CCF}C:\program files (x86)\calibre\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre\calibre.exe |
"TCP Query User{FBE1A2C8-C224-4FBF-8539-C873A889BAE2}C:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe |
"UDP Query User{3E3AD33A-D765-4B63-9D8F-B21D0482EE1A}C:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\stanza.exe |
"UDP Query User{428E9274-09CB-4737-8266-B5319908D6CA}C:\program files (x86)\digital juice\juicer 3\djdownloadmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\digital juice\juicer 3\djdownloadmanager.exe |
"UDP Query User{4D9D679B-6A74-47F9-A659-27B39B492716}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{55DFEAE6-CEFF-411E-B85A-33D070BB40FF}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{78BE914A-1B55-4A39-9680-0ABE4CF1C9EE}C:\program files (x86)\calibre\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre\calibre.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"ClickBook_is1" = Blue Squirrel ClickBook 12
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{62AD5F7F-9CFC-4523-AF83-C58F02836635}" = Geek Squad 24 Hour Computer Support
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{640EAE56-81A2-49D4-9B8C-00DA3C0031AF}_is1" = Juicer 3.59
"{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91D87975-616E-C6E2-6AB0-AC48E6E3C8B4}" = Catalyst Control Center InstallProxy
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ED6C5903-331C-4356-A0B2-22EFB7C9458D}" = Extensis Suitcase Fusion 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7 Wonders II" = 7 Wonders II
"7-Zip" = 7-Zip 4.52 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"Akamai" = Akamai NetSession Interface
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"Freecorder4.0" = Freecorder 4.0 Application
"Gateway Screensaver" = Gateway ScreenSaver
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3 (Remove only)
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 4.18.8
"LManager" = Launch Manager
"Luxor Quest for the Afterlife1.0" = Luxor Quest for the Afterlife
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MyLogoMaker_is1" = MyLogoMaker 2.0
"Photodex Presenter" = Photodex Presenter
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"ProShow Producer" = ProShow Producer
"ProShow Workshop - Creative Captions" = ProShow Workshop - Creative Captions
"ProShow Workshop - Exploring Layer Keyframing" = ProShow Workshop - Exploring Layer Keyframing
"ProShow Workshop - Masking Exposed" = ProShow Workshop - Masking Exposed
"ProShow Workshop - Mastering Audio" = ProShow Workshop - Mastering Audio
"ProShow Workshop - Working With Layers" = ProShow Workshop - Working With Layers
"Revo Uninstaller" = Revo Uninstaller 1.83
"Stanza" = Stanza
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2010 12:32:47 AM | Computer Name = Fredericks-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/23/2010 1:05:16 AM | Computer Name = Fredericks-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/23/2010 3:03:06 AM | Computer Name = Fredericks-PC | Source = Google Update | ID = 20
Description =

Error - 2/23/2010 6:16:48 PM | Computer Name = Fredericks-PC | Source = Application Hang | ID = 1002
Description = The program FCAudio.exe version 1.5.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 15f4 Start Time: 01cab4d4dc343d70 Termination Time: 15

Error - 2/24/2010 1:03:06 AM | Computer Name = Fredericks-PC | Source = Google Update | ID = 20
Description =

Error - 2/24/2010 2:03:32 AM | Computer Name = Fredericks-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/24/2010 3:03:06 AM | Computer Name = Fredericks-PC | Source = Google Update | ID = 20
Description =

Error - 2/24/2010 8:19:46 PM | Computer Name = Fredericks-PC | Source = Application Error | ID = 1000
Description = Faulting application qsjnts.exe, version 0.0.0.0, time stamp 0x4b8563d0,
faulting module qsjnts.exe, version 0.0.0.0, time stamp 0x4b8563d0, exception code
0x80000003, fault offset 0x000066b9, process id 0x127c, application start time 0x01cab5b03936e190.

Error - 2/24/2010 8:19:46 PM | Computer Name = Fredericks-PC | Source = Application Error | ID = 1000
Description = Faulting application oxhyanxq.exe, version 0.0.0.0, time stamp 0x4b856641,
faulting module oxhyanxq.exe, version 0.0.0.0, time stamp 0x4b856641, exception
code 0x80000003, fault offset 0x0001d6b9, process id 0x147c, application start time
0x01cab5b0383242d0.

Error - 2/24/2010 9:33:07 PM | Computer Name = Fredericks-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/3/2010 6:20:55 PM | Computer Name = Fredericks-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 3/3/2010 6:20:55 PM | Computer Name = Fredericks-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 3/3/2010 6:21:26 PM | Computer Name = Fredericks-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:18:47 PM on 3/3/2010 was unexpected.

Error - 3/3/2010 6:21:33 PM | Computer Name = Fredericks-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 3/3/2010 6:21:34 PM | Computer Name = Fredericks-PC | Source = HTTP | ID = 15016
Description =

Error - 3/3/2010 6:22:02 PM | Computer Name = Fredericks-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 3/3/2010 6:22:19 PM | Computer Name = Fredericks-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 3/3/2010 6:22:36 PM | Computer Name = Fredericks-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/3/2010 6:22:36 PM | Computer Name = Fredericks-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/3/2010 6:50:38 PM | Computer Name = Fredericks-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >

OTL logfile created on: 3/5/2010 3:01:29 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Fredericks\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.37 Gb Total Space | 81.51 Gb Free Space | 28.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREDERICKS-PC
Current User Name: Fredericks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/05 14:37:31 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Fredericks\Desktop\OTL.exe
PRC - [2010/03/01 15:29:47 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/03/01 15:29:43 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/03 20:39:19 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/07/25 21:48:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/10 02:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,094,720 | ---- | M] () -- c:\ProgramData\bubufibo\bubufibo.dll
MOD - [2010/03/05 14:37:31 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Fredericks\Desktop\OTL.exe
MOD - [2008/11/26 23:35:06 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/01/20 21:51:41 | 002,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008/01/20 21:50:46 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 10:02:33 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/23 17:28:02 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/04/03 21:55:28 | 000,839,200 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (Irmon)
SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/01 15:29:43 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/03 13:10:25 | 002,431,024 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3647.dll -- (Akamai)
SRV - [2010/02/03 04:48:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/03 20:39:19 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/10/16 22:10:32 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/03/10 02:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/11/03 22:41:00 | 000,437,248 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2004/08/17 20:00:00 | 000,073,728 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Irmonex.dll -- (Irmon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/03/01 15:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/08 13:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/01 13:55:24 | 000,000,000 | ---D | M]

[2010/02/03 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Mozilla\Extensions
[2010/02/26 17:31:33 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Mozilla\Firefox\Profiles\w86btgj1.default\extensions
[2010/02/10 20:55:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fredericks\AppData\Roaming\Mozilla\Firefox\Profiles\w86btgj1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/01 13:56:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {28fc8777-f09f-4f54-9702-e02c45703894} - C:\ProgramData\viyuroba\viyuroba.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Program Files (x86)\PLFSetI.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe File not found
O4 - HKLM..\Run: [zayomoroy] c:\ProgramData\bubufibo\bubufibo.dll ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [degejibaf] c:\ProgramData\bubufibo\bubufibo.dll ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [zayomoroy] c:\ProgramData\bubufibo\bubufibo.dll ()
O4 - Startup: C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk = C:\Users\Fredericks\AppData\Local\Temp\mvNat.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20 - AppInit_DLLs: (C:\ProgramData\bupakomi\bupakomi.dll) - C:\ProgramData\bupakomi\bupakomi.dll File not found
O20 - AppInit_DLLs: (c:\progra~3\bubufibo\bubufibo.dll) - c:\ProgramData\bubufibo\bubufibo.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: gutiledos - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\ProgramData\bubufibo\bubufibo.dll ()
O21 - SSODL: huwayezuh - {0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} - CLSID or File not found.
O22 - SharedTaskScheduler: {0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - kupuhivus - c:\ProgramData\bubufibo\bubufibo.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Windows\system32\svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\sajejura
[2010/03/05 14:52:31 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Fredericks\Desktop\OTL.exe
[2010/03/05 14:52:31 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\3-4 OTL
[2010/03/04 18:14:32 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Title Montage
[2010/03/04 14:09:51 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Itinerary
[2010/03/04 14:00:22 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Proshow Files-Cruise Movie
[2010/03/04 13:14:02 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\sCRAPS FOR mOVIE
[2010/03/04 00:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/03/04 00:02:48 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\AppData\Roaming\Yahoo!
[2010/03/04 00:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/03/04 00:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player
[2010/03/03 19:05:39 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Smashers Digital Juice
[2010/03/03 18:25:33 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Title Sequence
[2010/03/03 00:10:51 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Frames
[2010/03/03 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Logs
[2010/03/02 02:18:30 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Mediasource Wedding
[2010/03/02 02:16:07 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Day 1
[2010/03/01 15:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProShow MediaSource - Wedding Essentials
[2010/03/01 15:30:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/01 15:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/03/01 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\That's How We Roll
[2010/03/01 13:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/01 13:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/02/27 21:06:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/27 12:43:44 | 004,039,786 | -H-- | C] () -- C:\Users\Fredericks\AppData\Local\IconCache.db
[2010/02/27 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/02/27 02:26:53 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/02/26 18:16:36 | 000,406,100 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\dd_vcredistMSI56E8.txt
[2010/02/26 18:15:57 | 000,012,082 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\dd_vcredistUI56F8.txt
[2010/02/26 18:15:53 | 000,012,862 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\dd_vcredistUI56E8.txt
[2010/02/26 18:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/02/26 15:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\nahivoyi
[2010/02/26 15:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\bubufibo
[2010/02/26 15:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\bupakomi
[2010/02/26 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\viyuroba
[2010/02/26 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\vetewepe
[2010/02/26 15:41:33 | 000,000,008 | ---- | C] () -- C:\ProgramData\mswintmp.dat
[2010/02/26 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Actionbacks
[2010/02/26 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\Proshow downloads
[2010/02/26 14:51:49 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Desktop\To hard Drive
[2010/02/25 14:44:44 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Documents\Downloads
[2010/02/25 07:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/02/25 07:40:28 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\AppData\Roaming\SUPERAntiSpyware.com
[2010/02/25 07:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/25 07:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/24 19:19:38 | 000,011,840 | -HS- | C] () -- C:\Users\Fredericks\AppData\Local\684u2uVf
[2010/02/23 15:28:40 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\Documents\BandsBrewBBQReview_data
[2010/02/22 15:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2010/02/22 15:17:28 | 000,000,000 | ---D | C] -- C:\Users\Fredericks\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/13 21:29:49 | 000,000,680 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\d3d9caps.dat
[2010/02/13 19:43:54 | 000,009,830 | -HS- | C] () -- C:\Users\Fredericks\AppData\Local\17D8e1tgfYeh
[2010/02/04 15:05:27 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-shine.exe
[2010/02/04 15:04:20 | 000,036,868 | ---- | C] () -- C:\Program Files (x86)\uninst-Particular.exe
[2009/12/20 06:10:10 | 000,001,232 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\iTunesPrefs
[2009/12/20 06:09:21 | 000,000,056 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\84756-11986-27475-00TC1-94865
[2009/10/23 23:24:25 | 000,001,460 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\d3d9caps64.dat
[2009/07/29 14:37:20 | 000,000,600 | ---- | C] () -- C:\Users\Fredericks\AppData\Roaming\winscp.rnd
[2009/07/26 22:23:04 | 000,125,952 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 21:50:06 | 000,616,408 | ---- | C] () -- C:\Users\Fredericks\AppData\Local\GDIPFONTCACHEV1.DAT
[2006/11/02 10:25:49 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 10:07:25 | 000,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2099/01/01 12:00:00 | 000,095,232 | -HS- | M] () -- C:\Windows\SysWow64\zevihami.dll
[2099/01/01 12:00:00 | 000,095,232 | -HS- | M] () -- C:\Windows\SysWow64\kezuroha.dll
[2099/01/01 12:00:00 | 000,040,960 | -HS- | M] () -- C:\Windows\SysWow64\yodunika.dll
[2099/01/01 12:00:00 | 000,040,960 | -HS- | M] () -- C:\Windows\SysWow64\nuyakete.dll
[2099/01/01 12:00:00 | 000,000,008 | -HS- | M] () -- C:\Windows\SysWow64\figohele.exe
[2010/03/05 15:02:43 | 003,407,872 | -HS- | M] () -- C:\Users\Fredericks\ntuser.dat
[2010/03/05 14:51:55 | 048,391,990 | ---- | M] () -- C:\Users\Fredericks\Desktop\Livin It Up Part 1.pxc
[2010/03/05 14:51:47 | 000,553,608 | ---- | M] () -- C:\Users\Fredericks\Desktop\Livin It Up Part 1.psh
[2010/03/05 14:49:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/05 14:37:31 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Fredericks\Desktop\OTL.exe
[2010/03/05 05:08:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 20:35:30 | 000,171,979 | ---- | M] () -- C:\Users\Fredericks\Desktop\livin it up part 1.pxp
[2010/03/04 20:35:29 | 000,013,882 | ---- | M] () -- C:\Users\Fredericks\Desktop\livin it up part 1.ppr
[2010/03/04 19:13:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 19:13:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 18:46:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152795765-2045872881-2865042333-1000UA.job
[2010/03/04 17:06:39 | 005,079,621 | ---- | M] () -- C:\Users\Fredericks\Desktop\cruise 10 002.jpg
[2010/03/04 16:46:48 | 000,125,952 | ---- | M] () -- C:\Users\Fredericks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 13:46:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152795765-2045872881-2865042333-1000Core.job
[2010/03/04 13:35:54 | 000,616,408 | ---- | M] () -- C:\Users\Fredericks\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/04 00:02:34 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2010/03/03 17:21:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/03 17:21:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/03 15:44:02 | 009,838,229 | ---- | M] () -- C:\Users\Fredericks\Desktop\animated map.flv
[2010/03/03 15:32:09 | 012,689,725 | ---- | M] () -- C:\Users\Fredericks\Desktop\show intro sequence.flv
[2010/03/03 01:37:37 | 004,286,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/02 18:08:56 | 056,574,676 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/03/02 18:03:38 | 000,038,912 | ---- | M] () -- C:\Windows\SysWow64\95198237.exe
[2010/03/02 16:44:31 | 105,843,285 | ---- | M] () -- C:\Users\Fredericks\Desktop\ActionBacks_Sparkles_Overlays_1.3.part1.rar
[2010/03/02 02:25:12 | 000,000,751 | ---- | M] () -- C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk
[2010/03/01 15:36:08 | 000,006,456 | -H-- | M] () -- C:\ProgramData\sajejura
[2010/03/01 15:36:05 | 000,524,288 | -HS- | M] () -- C:\Users\Fredericks\ntuser.dat{27039814-e141-11de-ace5-00242c4bc0e7}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 15:36:05 | 000,065,536 | -HS- | M] () -- C:\Users\Fredericks\ntuser.dat{27039814-e141-11de-ace5-00242c4bc0e7}.TM.blf
[2010/03/01 15:35:36 | 004,039,786 | -H-- | M] () -- C:\Users\Fredericks\AppData\Local\IconCache.db
[2010/03/01 15:30:44 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/01 15:30:37 | 000,012,464 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/03/01 15:30:34 | 000,470,024 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/03/01 15:30:25 | 000,422,920 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/01 15:30:17 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/03/01 15:30:17 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/03/01 15:30:17 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/03/01 15:30:17 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/03/01 15:30:17 | 000,034,248 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/01 15:05:24 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/01 15:05:24 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/01 15:05:24 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/26 18:31:26 | 000,000,000 | -H-- | M] () -- C:\Users\Fredericks\Documents\Default.rdp
[2010/02/26 15:42:34 | 000,000,062 | ---- | M] () -- C:\Windows\SysWow64\RpcDhag.dat
[2010/02/26 15:42:34 | 000,000,062 | ---- | M] () -- C:\Windows\SysWow64\msobjuq.dat
[2010/02/26 15:41:33 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\perfqsza.dat
[2010/02/26 15:41:33 | 000,000,008 | ---- | M] () -- C:\ProgramData\mswintmp.dat
[2010/02/26 15:41:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dinpat.dat
[2010/02/26 14:38:42 | 003,208,188 | ---- | M] () -- C:\Users\Fredericks\Desktop\TheForumBook.pdf
[2010/02/25 13:42:55 | 000,002,069 | ---- | M] () -- C:\Users\Fredericks\Desktop\Google Chrome.lnk
[2010/02/25 13:14:15 | 000,011,840 | -HS- | M] () -- C:\Users\Fredericks\AppData\Local\684u2uVf
[2010/02/25 07:37:07 | 000,000,356 | ---- | M] () -- C:\Users\Fredericks\Documents\fix.reg
[2010/02/24 18:10:47 | 000,001,460 | ---- | M] () -- C:\Users\Fredericks\AppData\Local\d3d9caps64.dat
[2010/02/22 15:38:38 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/02/22 06:59:23 | 030,957,962 | ---- | M] () -- C:\Users\Fredericks\Desktop\Speed_Freeks_by_k-josscraps_Papers.zip
[2010/02/20 23:32:45 | 000,172,664 | ---- | M] () -- C:\Users\Fredericks\Documents\Parent - All Layers.png
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,095,232 | -HS- | C] () -- C:\Windows\SysWow64\zevihami.dll
[2099/01/01 12:00:00 | 000,095,232 | -HS- | C] () -- C:\Windows\SysWow64\kezuroha.dll
[2099/01/01 12:00:00 | 000,040,960 | -HS- | C] () -- C:\Windows\SysWow64\yodunika.dll
[2099/01/01 12:00:00 | 000,040,960 | -HS- | C] () -- C:\Windows\SysWow64\nuyakete.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\sajejura
[2099/01/01 12:00:00 | 000,000,008 | -HS- | C] () -- C:\Windows\SysWow64\figohele.exe
[2010/03/04 20:35:29 | 000,171,979 | ---- | C] () -- C:\Users\Fredericks\Desktop\livin it up part 1.pxp
[2010/03/04 20:35:29 | 000,013,882 | ---- | C] () -- C:\Users\Fredericks\Desktop\livin it up part 1.ppr
[2010/03/04 17:51:48 | 048,391,990 | ---- | C] () -- C:\Users\Fredericks\Desktop\Livin It Up Part 1.pxc
[2010/03/04 17:51:48 | 000,553,608 | ---- | C] () -- C:\Users\Fredericks\Desktop\Livin It Up Part 1.psh
[2010/03/04 17:06:33 | 005,079,621 | ---- | C] () -- C:\Users\Fredericks\Desktop\cruise 10 002.jpg
[2010/03/04 00:02:34 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2010/03/03 18:16:46 | 009,838,229 | ---- | C] () -- C:\Users\Fredericks\Desktop\animated map.flv
[2010/03/03 18:16:45 | 012,689,725 | ---- | C] () -- C:\Users\Fredericks\Desktop\show intro sequence.flv
[2010/03/03 18:14:01 | 105,843,285 | ---- | C] () -- C:\Users\Fredericks\Desktop\ActionBacks_Sparkles_Overlays_1.3.part1.rar
[2010/03/03 17:44:26 | 000,497,511 | ---- | C] () -- C:\Users\Fredericks\Desktop\frame-01.png
[2010/03/02 18:03:35 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\95198237.exe
[2010/03/01 15:30:44 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/01 15:30:37 | 000,012,464 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/03/01 15:30:34 | 000,470,024 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/03/01 15:30:24 | 000,422,920 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/03/01 15:30:17 | 056,574,676 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/03/01 15:30:17 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/03/01 15:30:17 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/03/01 15:30:17 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/03/01 15:30:17 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/03/01 15:30:17 | 000,034,248 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/03/01 15:09:22 | 000,735,212 | ---- | C] () -- C:\Users\Fredericks\Desktop\lweifenbach-solid8.jpg
[2010/02/26 18:31:26 | 000,000,000 | -H-- | C] () -- C:\Users\Fredericks\Documents\Default.rdp
[2010/02/26 15:41:33 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\perfqsza.dat
[2010/02/26 15:41:33 | 000,000,062 | ---- | C] () -- C:\Windows\SysWow64\RpcDhag.dat
[2010/02/26 15:41:33 | 000,000,062 | ---- | C] () -- C:\Windows\SysWow64\msobjuq.dat
[2010/02/26 15:41:33 | 000,000,008 | ---- | C] () -- C:\ProgramData\mswintmp.dat
[2010/02/26 15:41:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dinpat.dat
[2010/02/26 15:32:44 | 000,000,751 | ---- | C] () -- C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk
[2010/02/26 14:38:42 | 003,208,188 | ---- | C] () -- C:\Users\Fredericks\Desktop\TheForumBook.pdf
[2010/02/25 13:42:55 | 000,002,069 | ---- | C] () -- C:\Users\Fredericks\Desktop\Google Chrome.lnk
[2010/02/25 13:41:19 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152795765-2045872881-2865042333-1000UA.job
[2010/02/25 13:41:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152795765-2045872881-2865042333-1000Core.job
[2010/02/25 07:37:06 | 000,000,356 | ---- | C] () -- C:\Users\Fredericks\Documents\fix.reg
[2010/02/24 14:55:39 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/02/24 14:55:09 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/02/24 14:54:00 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 14:53:58 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 14:53:48 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 14:53:47 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 14:53:46 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/02/24 14:53:46 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 14:53:41 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 14:53:41 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 14:53:41 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/22 15:38:38 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2010/02/22 06:59:23 | 030,957,962 | ---- | C] () -- C:\Users\Fredericks\Desktop\Speed_Freeks_by_k-josscraps_Papers.zip
[2010/02/20 23:32:45 | 000,172,664 | ---- | C] () -- C:\Users\Fredericks\Documents\Parent - All Layers.png
[2010/01/03 22:00:55 | 000,000,062 | ---- | C] () -- C:\Windows\clikbook.ini
[2009/10/16 08:17:10 | 000,000,364 | ---- | C] () -- C:\Windows\qawin32.INI
[2009/10/16 08:16:47 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/30 20:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/06/10 23:43:29 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/03/04 16:49:37 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/03/04 16:49:37 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/03/04 16:48:52 | 000,000,061 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/03/04 16:48:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 21:49:10 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\membus.sys
[2004/08/17 20:00:00 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\Irmonex.dll
[2004/08/17 20:00:00 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\Iasex.dll

========== LOP Check ==========

[2010/02/23 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Audacity
[2010/02/03 18:30:32 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\calibre
[2010/02/22 15:17:28 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/09 01:25:35 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\DigitalJuice
[2009/09/10 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Extensis
[2010/03/01 14:02:53 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\LimeWire
[2009/12/04 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\My ClickOnce Applications
[2009/08/01 13:52:08 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\MyLogoMaker
[2009/10/27 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Netscape
[2009/10/27 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Photodex
[2010/03/03 00:19:33 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\uTorrent
[2009/12/28 16:19:56 | 000,000,000 | ---D | M] -- C:\Users\Fredericks\AppData\Roaming\Windows Live Writer
[2010/03/01 15:36:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2009/02/18 19:52:42 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Acer\Preload\Autorun\DRV\VGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0C988F7D
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1
< End of report >

< MD5 for: [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: [2006/11/02 06:16:48 | 000,014,848 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

< MD5 for: [2008/01/20 21:46:50 | 000,022,584 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

< MD5 for: [2008/01/20 21:46:51 | 000,064,568 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: [2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA CORPORATION) >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: [2008/01/20 21:46:59 | 000,290,872 | ---- | M] (INTEL CORPORATION) >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: [2008/01/20 21:48:28 | 000,592,384 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: [2008/01/20 21:49:49 | 000,235,520 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< MD5 for: [2008/01/20 21:50:28 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

< MD5 for: [2008/01/20 21:51:03 | 000,716,800 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

< MD5 for: [2009/02/18 19:52:42 | 000,183,312 | ---- | M] (ADVANCED MICRO DEVICES, INC) >
[2009/02/18 19:52:42 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) -- C:\Acer\Preload\Autorun\DRV\VGA\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< End of report >






#7 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:04:14 AM

Posted 05 March 2010 - 10:38 PM

Hi firegirl25, You're welcome smile.gif



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    MOD - [2099/01/01 12:00:00 | 000,094,720 | ---- | M] () -- c:\ProgramData\bubufibo\bubufibo.dll
    O2 - BHO: (no name) - {28fc8777-f09f-4f54-9702-e02c45703894} - C:\ProgramData\viyuroba\viyuroba.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [zayomoroy] c:\ProgramData\bubufibo\bubufibo.dll ()
    O4 - HKCU..\Run: [degejibaf] c:\ProgramData\bubufibo\bubufibo.dll ()
    O4 - HKCU..\Run: [zayomoroy] c:\ProgramData\bubufibo\bubufibo.dll ()
    O4 - Startup: C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk = C:\Users\Fredericks\AppData\Local\Temp\mvNat.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\ProgramData\bupakomi\bupakomi.dll) - C:\ProgramData\bupakomi\bupakomi.dll File not found
    O20 - AppInit_DLLs: (c:\progra~3\bubufibo\bubufibo.dll) - c:\ProgramData\bubufibo\bubufibo.dll ()
    O21 - SSODL: gutiledos - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\ProgramData\bubufibo\bubufibo.dll ()
    O21 - SSODL: huwayezuh - {0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} - CLSID or File not found.
    O22 - SharedTaskScheduler: {0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - kupuhivus - c:\ProgramData\bubufibo\bubufibo.dll ()
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    :Files
    C:\ProgramData\nahivoyi
    C:\ProgramData\bubufibo
    C:\ProgramData\bupakomi
    C:\ProgramData\viyuroba
    C:\ProgramData\vetewepe
    C:\Users\Fredericks\AppData\Local\684u2uVf
    C:\ProgramData\sajejura
    C:\Users\Fredericks\AppData\Local\17D8e1tgfYeh
    C:\Windows\SysWow64\zevihami.dll
    C:\Windows\SysWow64\kezuroha.dll
    C:\Windows\SysWow64\yodunika.dll
    C:\Windows\SysWow64\nuyakete.dll
    C:\Windows\SysWow64\figohele.exe
    C:\Windows\SysWow64\95198237.exe

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done




Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Run ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
You can refer to this animation by neomage if needed.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#8 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 08 March 2010 - 01:34 PM

SpySentinel,

Thanks so much for your help! Here are the scan logs as requested. Also please note that (now) when I boot the infected computer it does try to load and find "bubufibo.dll" and I get the error rmessage that "bubufibo.dll is not found.

Thanks again! firegirl25 smile.gif

OTL LOG:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28fc8777-f09f-4f54-9702-e02c45703894}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28fc8777-f09f-4f54-9702-e02c45703894}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zayomoroy deleted successfully.
c:\ProgramData\bubufibo\bubufibo.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\degejibaf deleted successfully.
File c:\ProgramData\bubufibo\bubufibo.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zayomoroy deleted successfully.
File c:\ProgramData\bubufibo\bubufibo.dll not found.
C:\Users\Fredericks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\bupakomi\bupakomi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\bubufibo\bubufibo.dll deleted successfully.
File c:\ProgramData\bubufibo\bubufibo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gutiledos deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c91ff1b-91dc-406f-b7b8-304fa36fdd36}\ deleted successfully.
File c:\ProgramData\bubufibo\bubufibo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\huwayezuh deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dc104a6-b8eb-41cd-a7c2-9e4f4dcdb5d7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{4c91ff1b-91dc-406f-b7b8-304fa36fdd36} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c91ff1b-91dc-406f-b7b8-304fa36fdd36}\ deleted successfully.
File c:\ProgramData\bubufibo\bubufibo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
========== FILES ==========
C:\ProgramData\nahivoyi folder moved successfully.
C:\ProgramData\bubufibo folder moved successfully.
C:\ProgramData\bupakomi folder moved successfully.
C:\ProgramData\viyuroba folder moved successfully.
C:\ProgramData\vetewepe folder moved successfully.
C:\Users\Fredericks\AppData\Local\684u2uVf moved successfully.
C:\ProgramData\sajejura moved successfully.
C:\Users\Fredericks\AppData\Local\17D8e1tgfYeh moved successfully.
C:\Windows\SysWow64\zevihami.dll moved successfully.
C:\Windows\SysWow64\kezuroha.dll moved successfully.
C:\Windows\SysWow64\yodunika.dll moved successfully.
C:\Windows\SysWow64\nuyakete.dll moved successfully.
C:\Windows\SysWow64\figohele.exe moved successfully.
C:\Windows\SysWow64\95198237.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

Malwarebytes Log:



alwarebytes' Anti-Malware 1.44
Database version: 3835
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/8/2010 9:47:51 AM
mbam-log-2010-03-08 (09-47-51).txt

Scan type: Quick Scan
Objects scanned: 105394
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irmon (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nla (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\membus (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\1328348.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\169146236.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\Iasex.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\Irmonex.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\membus.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\Nlaex.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\Ntmssvcex.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\ProgramData\mswintmp.dat (Malware.Trace) -> Quarantined and deleted successfully.

ESET Log:
C:\Users\Fredericks\Desktop\Current for ipod\Surrogates 2009\Surrogates 2009.avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Users\Fredericks\Desktop\Mediasource Wedding\ProShow_MediaSource_Wedding_Essentials\ProShow MediaSource Wedding Essentials\setup.exe multiple threats deleted - quarantined
C:\Users\Fredericks\Desktop\To hard Drive\ProShow\ProShow_MediaSource_Wedding_Essentials.rar multiple threats deleted - quarantined
C:\Users\Fredericks\Desktop\To hard Drive\ProShow\ProShow_MediaSource_Wedding_Essentials\ProShow MediaSource Wedding Essentials\setup.exe multiple threats deleted - quarantined
C:\Users\Fredericks\Desktop\To hard Drive\ProShow Wedding Essentials\ProShow_MediaSource_Wedding_Essentials\ProShow MediaSource Wedding Essentials\setup.exe multiple threats deleted - quarantined
C:\Users\Fredericks\Downloads\Photodex_ProShow.rar multiple threats deleted - quarantined





#9 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:04:14 AM

Posted 09 March 2010 - 07:16 PM

Hi firegirl25,

You're welcome. Thanks for letting me know smile.gif



Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.




    [list]
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#10 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 10 March 2010 - 02:02 PM

Here you go! thumbup2.gif

LOG.TXT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fredericks at 2010-03-10 13:54:38
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 80 GB (27%) free of 293 GB
Total RAM: 3837 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:51 PM, on 3/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Fredericks\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Fredericks.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...p;m=nv52_series
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [zayomoroy] Rundll32.exe "c:\progra~3\bubufibo\bubufibo.dll",a
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Fredericks\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\extensis\extensis suitcase 11\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: c:\progra~3\bubufibo\bubufibo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gutiledos - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll (file missing)
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11575 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152795765-2045872881-2865042333-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152795765-2045872881-2865042333-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files (x86)\Freecorder\tbFre0.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll [2010-03-01 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files (x86)\Freecorder\tbFre0.dll [2009-11-09 2331672]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISTray"=C:\Program Files (x86)\Spyware Doctor\pctsTray.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-03-01 2033432]
"zayomoroy"=c:\progra~3\bubufibo\bubufibo.dll,a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
"Google Update"=C:\Users\Fredericks\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~3\bubufibo\bubufibo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
gutiledos - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
kupuhivus - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\ProgramData\bupakomi\bupakomi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-10 13:54:38 ----D---- C:\rsit
2010-03-10 03:07:57 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-10 03:07:55 ----A---- C:\Windows\system32\httpapi.dll
2010-03-08 10:13:04 ----D---- C:\Program Files (x86)\ESET
2010-03-07 21:57:45 ----SHD---- C:\found.000
2010-03-07 21:44:53 ----D---- C:\_OTL
2010-03-04 00:02:48 ----D---- C:\Users\Fredericks\AppData\Roaming\Yahoo!
2010-03-04 00:02:48 ----D---- C:\ProgramData\Yahoo! Companion
2010-03-04 00:02:43 ----D---- C:\Program Files (x86)\Yahoo!
2010-03-04 00:02:30 ----D---- C:\Program Files (x86)\FLV Player
2010-03-01 15:50:17 ----D---- C:\Program Files (x86)\ProShow MediaSource - Wedding Essentials
2010-03-01 15:30:41 ----HD---- C:\$AVG
2010-03-01 13:57:23 ----D---- C:\ProgramData\Sun
2010-03-01 13:57:10 ----D---- C:\Program Files (x86)\Common Files\Java
2010-03-01 13:55:24 ----A---- C:\Windows\system32\javaws.exe
2010-03-01 13:55:24 ----A---- C:\Windows\system32\javaw.exe
2010-03-01 13:55:23 ----A---- C:\Windows\system32\java.exe
2010-02-27 21:06:13 ----D---- C:\32788R22FWJFW
2010-02-27 11:36:28 ----D---- C:\Program Files (x86)\Trend Micro
2010-02-27 02:26:53 ----D---- C:\VundoFix Backups
2010-02-26 18:15:46 ----D---- C:\Program Files (x86)\Common Files\PC Tools
2010-02-25 07:41:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-02-25 07:40:28 ----D---- C:\Users\Fredericks\AppData\Roaming\SUPERAntiSpyware.com
2010-02-25 07:40:28 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2010-02-25 07:39:19 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-02-24 14:55:39 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 14:55:09 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 14:53:54 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 14:53:52 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 14:53:46 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 14:53:46 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 14:53:46 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:53:46 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 14:53:41 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 14:53:41 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 14:53:41 ----A---- C:\Windows\system32\msdrm.dll
2010-02-22 15:38:37 ----D---- C:\Program Files (x86)\Nitro PDF
2010-02-22 15:17:28 ----D---- C:\Users\Fredericks\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-14 03:59:40 ----A---- C:\Windows\dd_ATL90SP1_KB973924MSI1DF6.txt
2010-02-14 03:59:37 ----A---- C:\Windows\dd_ATL90SP1_KB973924UI1DF6.txt
2010-02-14 03:58:34 ----A---- C:\Windows\dd_ATL80SP1_KB973923UI1D28.txt
2010-02-14 03:58:34 ----A---- C:\Windows\dd_ATL80SP1_KB973923MSI1D28.txt
2010-02-13 21:45:53 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-02-13 13:58:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of files/folders modified in the last 1 months======

2010-03-10 13:54:21 ----D---- C:\Windows\Temp
2010-03-10 13:47:56 ----D---- C:\Program Files (x86)\Common Files\Akamai
2010-03-10 13:18:31 ----D---- C:\Windows\Minidump
2010-03-10 13:18:09 ----D---- C:\Windows
2010-03-10 03:56:43 ----D---- C:\Windows\winsxs
2010-03-10 03:39:52 ----SHD---- C:\Config.Msi
2010-03-10 03:38:16 ----D---- C:\Windows\SysWOW64
2010-03-10 03:38:16 ----D---- C:\Windows\System32
2010-03-10 03:38:16 ----D---- C:\Program Files (x86)\Windows Mail
2010-03-10 03:37:50 ----D---- C:\Users\Fredericks\AppData\Roaming\uTorrent
2010-03-10 03:22:33 ----SHD---- C:\Windows\Installer
2010-03-10 03:22:20 ----D---- C:\ProgramData\Microsoft Help
2010-03-10 03:01:48 ----SHD---- C:\System Volume Information
2010-03-08 18:22:50 ----D---- C:\Windows\inf
2010-03-08 10:13:07 ----SD---- C:\Windows\Downloaded Program Files
2010-03-08 10:13:04 ----RD---- C:\Program Files (x86)
2010-03-08 09:47:51 ----HD---- C:\ProgramData
2010-03-07 22:29:10 ----D---- C:\Windows\system32\drivers
2010-03-04 00:09:53 ----SHD---- C:\$RECYCLE.BIN
2010-03-04 00:08:28 ----RSD---- C:\Windows\Fonts
2010-03-01 15:38:32 ----D---- C:\ProgramData\avg9
2010-03-01 15:20:01 ----AD---- C:\ProgramData\Temp
2010-03-01 14:02:53 ----D---- C:\Users\Fredericks\AppData\Roaming\LimeWire
2010-03-01 13:57:10 ----D---- C:\Program Files (x86)\Common Files
2010-03-01 13:54:24 ----A---- C:\Windows\system32\deploytk.dll
2010-02-27 20:48:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-02-27 20:46:37 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-02-27 11:57:29 ----A---- C:\Windows\ntbtlog.txt
2010-02-27 03:58:54 ----D---- C:\Windows\rescache
2010-02-27 03:47:57 ----D---- C:\Windows\system32\config
2010-02-27 03:15:51 ----D---- C:\Windows\system32\en-US
2010-02-25 17:45:35 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-02-25 17:41:10 ----D---- C:\Program Files (x86)\Adobe
2010-02-25 17:26:37 ----D---- C:\Users\Fredericks\AppData\Roaming\Adobe
2010-02-25 14:10:53 ----D---- C:\Program Files (x86)\uTorrent
2010-02-25 13:41:19 ----D---- C:\Windows\Tasks
2010-02-24 01:32:58 ----D---- C:\Program Files (x86)\Photodex
2010-02-23 15:30:00 ----D---- C:\Users\Fredericks\AppData\Roaming\Audacity
2010-02-22 15:38:38 ----A---- C:\Windows\primopdf.ini
2010-02-20 23:27:25 ----D---- C:\ProgramData\DigitalJuice
2010-02-15 16:35:24 ----D---- C:\ProgramData\Adobe
2010-02-15 16:13:19 ----RD---- C:\Program Files
2010-02-14 04:07:36 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-02-14 04:04:02 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 AvgTdiA;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio64.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys []
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S3 ATICDSDr;ATICDSDr; \??\C:\Users\FREDER~1\AppData\Local\Temp\ATICDSDr.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-03-01 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-04-03 839200]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-03-10 44800]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [2010-01-03 186760]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S2 FastUserSwitchingCompatibility;Network Security; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S2 Ntmssvc;Windows Visual Access; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-03 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 660256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------


INFO.TXT
info.txt logfile of random's system information tool 1.06 2010-03-10 13:54:53

======Uninstall list======

-->"C:\Program Files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe"
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
7 Wonders II-->C:\Program Files (x86)\MumboJumbo\7 Wonders II\uninstall.exe 7 Wonders II
7-Zip 4.52 beta-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe SVG Viewer 6.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 6.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 6.0\Uninstall\Install.log
Akamai NetSession Interface-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe
AMD USB Audio Driver Filter-->MsiExec.exe /X{A3AB35FA-943E-4799-99DC-46EFD59E998F}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.3.11 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG Free 9.0-->C:\Program Files (x86)\AVG\AVG9\setup.exe /UNINSTALL
calibre-->C:\Program Files (x86)\calibre\uninstall.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Extensis Suitcase Fusion 2-->MsiExec.exe /I{ED6C5903-331C-4356-A0B2-22EFB7C9458D}
FLV Player 2.0 (build 25)-->C:\Program Files (x86)\FLV Player\uninst.exe
Freecorder 4.0 Application-->"C:\Windows\Freecorder\uninstall.exe" "/U:C:\Program Files (x86)\Freecorder\Uninstall\uninstall.xml"
Freecorder Toolbar 3.0 Application-->"C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files (x86)\Freecorder Toolbar\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\PROGRA~2\FREECO~2\UNWISE.EXE /U C:\PROGRA~2\FREECO~2\INSTALL.LOG
Gateway Games-->"C:\Program Files (x86)\Gateway Games\Uninstall.exe"
Gateway MyBackup-->C:\Program Files (x86)\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Gateway Power Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gateway Recovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gateway ScreenSaver-->C:\Windows\Screensavers\Gateway\Uninstall.exe
Geek Squad 24 Hour Computer Support-->MsiExec.exe /I{62AD5F7F-9CFC-4523-AF83-C58F02836635}
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ImageSkill Background Remover 3 (Remove only)-->"C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\Plug-Ins\ImageSkill\Background Remover 3\uninstall.exe"
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iPhoneBrowser-->MsiExec.exe /I{495B6040-801F-474C-ADB8-309F132CF5F9}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Juicer 3.59-->"C:\Program Files (x86)\Digital Juice\Juicer 3\unins000.exe"
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
LAME v3.98.2 for Audacity-->"C:\Program Files (x86)\Lame for Audacity\unins000.exe"
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
LimeWire PRO 4.18.8-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
Luxor Quest for the Afterlife-->"C:\Windows\Luxor Quest for the Afterlife\uninstall.exe" "/U:C:\Program Files (x86)\Luxor Quest for the Afterlife\Uninstall\uninstall.xml"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyLogoMaker 2.0-->"C:\Program Files (x86)\MySoftware\MyLogoMaker\unins000.exe"
Nero 7 Ultra Edition-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\remove.exe
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
PrimoPDF -- by Nitro PDF Software-->"C:\Program Files (x86)\Nitro PDF\PrimoPDF\uninstaller.exe"
ProShow Producer-->C:\Program Files (x86)\Photodex\ProShowProducer\remove.exe
ProShow Workshop - Creative Captions-->C:\Program Files (x86)\Photodex\ProShow Workshop - Creative Captions\uninstall.exe
ProShow Workshop - Exploring Layer Keyframing-->C:\Program Files (x86)\Photodex\ProShow Workshop - Exploring Layer Keyframing\uninstall.exe
ProShow Workshop - Masking Exposed-->C:\Program Files (x86)\Photodex\ProShow Workshop - Masking Exposed\uninstall.exe
ProShow Workshop - Mastering Audio-->C:\Program Files (x86)\Photodex\ProShow Workshop - Mastering Audio\uninstall.exe
ProShow Workshop - Working With Layers-->C:\Program Files (x86)\Photodex\ProShow Workshop - Working With Layers\uninstall.exe
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek USB 2.0 Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Revo Uninstaller 1.83-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Stanza-->"C:\Program Files (x86)\Stanza\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Video Web Camera-->C:\Program Files (x86)\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0009 -removeonly
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Zuma's Revenge!-->"C:\Windows\Zuma's Revenge!\uninstall.exe" "/U:C:\Program Files (x86)\Zuma's Revenge!\Uninstall\uninstall.xml"

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware

======System event log======

Computer Name: Fredericks-PC
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\RAIHV.dll
Error Code: 126

Record Number: 83927
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100310184702.142561-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Fredericks-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 83928
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100310184702.805561-000
Event Type: Error
User:

Computer Name: Fredericks-PC
Event Code: 7023
Message: The Network Security service terminated with the following error:
The specified module could not be found.
Record Number: 83979
Source Name: Service Control Manager
Time Written: 20100310184756.000000-000
Event Type: Error
User:

Computer Name: Fredericks-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Record Number: 84007
Source Name: Service Control Manager
Time Written: 20100310184756.000000-000
Event Type: Error
User:

Computer Name: Fredericks-PC
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
Record Number: 84017
Source Name: Service Control Manager
Time Written: 20100310184845.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Fredericks-PC
Event Code: 20
Message:
Record Number: 15067
Source Name: Google Update
Time Written: 20100310090806.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Fredericks-PC
Event Code: 20
Message:
Record Number: 15068
Source Name: Google Update
Time Written: 20100310094605.000000-000
Event Type: Error
User: Fredericks-PC\Fredericks

Computer Name: Fredericks-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 15086
Source Name: Microsoft-Windows-WMI
Time Written: 20100310181935.000000-000
Event Type: Error
User:

Computer Name: Fredericks-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-152795765-2045872881-2865042333-1000:
Process 1148 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-152795765-2045872881-2865042333-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1148 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-152795765-2045872881-2865042333-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1148 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-152795765-2045872881-2865042333-1000\Software\Ahead\Nero Home\MediaLibrary
Process 1148 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-152795765-2045872881-2865042333-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 1148 (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-152795765-2045872881-2865042333-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner

Record Number: 15098
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100310184520.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Fredericks-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 15117
Source Name: Microsoft-Windows-WMI
Time Written: 20100310184755.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Fredericks-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FREDERICKS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x34c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21189
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100310184729.130361-000
Event Type: Audit Success
User:

Computer Name: Fredericks-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21190
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100310184729.130361-000
Event Type: Audit Success
User:

Computer Name: Fredericks-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FREDERICKS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x34c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 21191
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100310185045.755361-000
Event Type: Audit Success
User:

Computer Name: Fredericks-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FREDERICKS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x34c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 21192
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100310185045.755361-000
Event Type: Audit Success
User:

Computer Name: Fredericks-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 21193
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100310185045.755361-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\calibre;C:\Program Files (x86)\Extensis\Suitcase Fusion 2\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"ChatSupport"="C:\Program Files (x86)\Geek Squad\Geek Squad 24 Hour Computer Support\Geek Squad 24 Hour Computer Support.exe"
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------




#11 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:04:14 AM

Posted 10 March 2010 - 08:48 PM

Hi firegirl25,



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [zayomoroy] Rundll32.exe "c:\progra~3\bubufibo\bubufibo.dll",a
    O20 - AppInit_DLLs: c:\progra~3\bubufibo\bubufibo.dll
    O21 - SSODL: gutiledos - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll (file missing)
    O22 - SharedTaskScheduler: kupuhivus - {4c91ff1b-91dc-406f-b7b8-304fa36fdd36} - c:\progra~3\bubufibo\bubufibo.dll (file missing)

    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "zayomoroy"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""

    :Files
    c:\Program Files\bubufibo
    C:\ProgramData\bupakomi

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#12 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 11 March 2010 - 01:26 PM

Here is the latest OTL log, I did not get the bubufibo.dll not found error on reboot afterwards! thumbup2.gif

Thanks so much!!! smile.gif

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File Rundll32.exe "c:\progra~3\bubufibo\bubufibo.dll",a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls deleted successfully.
File pInit_DLLs: c:\progra~3\bubufibo\bubufibo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gutiledos deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c91ff1b-91dc-406f-b7b8-304fa36fdd36}\ deleted successfully.
File c:\progra~3\bubufibo\bubufibo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\kupuhivus not found.
File c:\progra~3\bubufibo\bubufibo.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zayomoroy deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== FILES ==========
File\Folder c:\Program Files\bubufibo not found.
File\Folder C:\ProgramData\bupakomi not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fredericks
->Temp folder emptied: 127938315 bytes
->Temporary Internet Files folder emptied: 66407 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 68728920 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1205 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1338543906 bytes

Total Files Cleaned = 1,464.00 mb


OTL by OldTimer - Version 3.1.34.0 log created on 03112010_131742

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...


#13 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:02:14 AM

Posted 18 March 2010 - 11:30 PM

Hi
SpySentinel is quite busy at the moment and asked if someone would look out for the logs he has going.

Do you still require help? If so please do this.

Please post a new DDS log and let me know what problems you are still experiencing if any.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#14 firegirl25

firegirl25
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 19 March 2010 - 02:07 PM

Hi maranatha!

Thanks so much for chscking up, I think I am clean! clapping.gif

I have had no further problems and have been scanning with AVG and Malwarebytes twice/weekly and have been coming back all clear.


Huge thanks and sincere appreciation to you, Spy Sentinel, and these forums for helping me out! smile.gif

Firegirl25


#15 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:02:14 AM

Posted 19 March 2010 - 09:46 PM

Hi
OK that's good to hear.

I would like to get a on line scan to make sure there is nothing lurking.
I seen SpySentinel had you run a ESET scan, I would like to see a Kaspersky scan.

Please run TFC before doing the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on Accept, If your pop up blocker blocks any windows from opening.

Read then Click Accept on the Information page.
Windows Vista users you must open the web browser using the Run as Administrator command.
  • The program will launch and then begin downloading the latest definition files:
  • Under Scan on the left side, Click on My Computer
  • This will start the program and scan your system.
  • Click the “Scan Report” On the left side.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
  • Save the text file to your desktop.
  • Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users