Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log


  • This topic is locked This topic is locked
26 replies to this topic

#1 dr.porsche

dr.porsche

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 19 March 2010 - 11:57 PM

I have been trying in vain to rid my computer of a pretty sever trojan infection. Here is the hijack this log


Running processes:
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
D:\Program Files\Microsoft Office 2003\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://cc.porsche.com/pva_new/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F46483362C55FBF6CFC924ACB2C86919?pluginsInstalled=true&RT=1234070117281"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB093F4-F00B-49B7-B148-ABC5CDFE170B}: NameServer = 93.188.164.204,93.188.161.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{CACFA021-D4DC-47FB-8C0B-8714518C3CCB}: NameServer = 93.188.162.104,93.188.166.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0639DD8-420E-435C-9E4E-6C717DDB5B58}: NameServer = 93.188.164.204,93.188.161.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE80BB73-9855-4343-910F-E7BC10F09150}: NameServer = 93.188.164.204,93.188.161.80
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.204,93.188.161.80
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.164.204,93.188.161.80
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.204,93.188.161.80
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9a4b6f02b6a30) (gupdate1c9a4b6f02b6a30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

any help would be greatly appreciated.
Jeff

BC AdBot (Login to Remove)

 


#2 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 20 March 2010 - 08:40 AM

I forgot to add I am also geting re-routes when I click on google links in IE and firefox and chrome won't even open..
Thanks again!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 20 March 2010 - 09:55 AM

Hello Victim,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


Then close all windows except HijackThis and click Fix Checked.

Restart Your Machine

2.
Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

3.
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

4.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

5.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt and Attach.txt logs.


Things to include in your next reply:
MBAM log
Gmer log
DDS.txt
Attach.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 21 March 2010 - 02:36 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 21 March 2010 - 04:29 PM

I am still here, but I have had a time trying to get gmer to run. It will not run in safe mode or regular. It will sometimes run about 50% of the way and lock-up the machine (I let it run all night and it never prgressed any further that analyzing one of the .dll files), other times it would reboot my machine without asking permission. Here are the text files you asked for, except gmer.

mbam.txt
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/20/2010 4:59:31 PM
mbam-log-2010-03-20 (16-59-31).txt

Scan type: Quick Scan
Objects scanned: 98824
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.


dds.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dad at 17:19:15.99 on Sun 03/21/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1029 [GMT -4:00]

AV: avast! antivirus 4.8.1296 [VPS 081210-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1296 [VPS 081210-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\unsecapp.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Dad\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://cc.porsche.com/pva_new/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F46483362C55FBF6CFC924ACB2C86919?pluginsInstalled=true&RT=1234070117281"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [avast!] d:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [<NO NAME>]
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.204,93.188.161.80
TCP: {2FB093F4-F00B-49B7-B148-ABC5CDFE170B} = 93.188.164.204,93.188.161.80
TCP: {CACFA021-D4DC-47FB-8C0B-8714518C3CCB} = 93.188.162.104,93.188.166.81
TCP: {E0639DD8-420E-435C-9E4E-6C717DDB5B58} = 93.188.164.204,93.188.161.80
TCP: {FE80BB73-9855-4343-910F-E7BC10F09150} = 93.188.164.204,93.188.161.80
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\vyarz72b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.springfieldnewssun.com/e/content/oh/index/entertainment/events/holidays/contests/singing.html
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\dad\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\dad\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\progra~1\palm\packag~1\NPInstal.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-19 64288]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-8-20 902592]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-9 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-4 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-4 41424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-9 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-3-15 53328]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2008-9-19 138680]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-11-6 33280]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-2-4 5120]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2008-9-19 352920]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-7-10 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-7-10 99472]
S2 gupdate1c9a4b6f02b6a30;Google Update Service (gupdate1c9a4b6f02b6a30);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]

=============== Created Last 30 ================

2010-03-20 21:05:52 0 ----a-w- c:\users\dad\defogger_reenable
2010-03-20 20:52:19 0 d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2010-03-20 20:52:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-20 20:52:11 0 d-----w- c:\programdata\Malwarebytes
2010-03-20 20:52:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-20 20:52:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-19 21:23:33 0 d-----w- c:\users\dad\appdata\roaming\CheckPoint
2010-03-19 21:23:23 22528 ----a-w- c:\windows\system32\netiougc.exe
2010-03-19 21:23:23 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-03-19 21:23:14 0 d-----w- c:\program files\CheckPoint
2010-03-19 21:22:54 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-19 21:22:26 446664 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-03-19 21:22:26 422437 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-03-19 21:22:26 0 d-----w- c:\windows\system32\ZoneLabs
2010-03-19 21:22:24 0 d-----w- c:\program files\Zone Labs
2010-03-19 21:21:52 0 d-----w- c:\programdata\CheckPoint
2010-03-19 21:21:51 0 d-----w- c:\windows\Internet Logs
2010-03-19 20:59:30 147336360 ----a-w- c:\windows\MEMORY.DMP
2010-03-19 20:40:24 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-19 20:39:27 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-19 20:37:53 0 d-----w- c:\program files\Lavasoft
2010-03-19 11:28:56 0 d-----w- c:\program files\CCleaner
2010-03-19 11:25:39 0 d-----w- c:\windows\pss
2010-03-19 04:13:42 65536 --sha-w- c:\users\dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TM.blf
2010-03-19 04:13:42 524288 --sha-w- c:\users\dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
2010-03-19 04:13:42 524288 --sha-w- c:\users\dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
2010-03-19 02:55:01 0 d-----w- C:\Autoruns
2010-03-18 02:54:26 0 d-----w- c:\program files\Ask.com
2010-03-18 02:53:26 0 d-----w- c:\users\dad\appdata\roaming\uTorrent
2010-03-16 02:56:25 0 d-----w- c:\program files\AVG
2010-03-16 02:48:12 23 --sha-w- c:\windows\system32\edacded0.dat
2010-03-16 02:48:12 23 ----a-w- c:\windows\system32\bcdadac7.xml
2010-03-16 02:44:39 0 d-----w- c:\program files\jv16 PowerTools 2009
2010-03-16 02:27:57 0 d-----w- c:\users\dad\appdata\roaming\Sammsoft
2010-03-16 02:27:20 0 d-----w- c:\program files\Advanced Registry Optimizer
2010-03-16 02:14:05 65536 --sha-w- c:\users\dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TM.blf
2010-03-16 02:14:05 524288 --sha-w- c:\users\dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
2010-03-16 02:14:05 524288 --sha-w- c:\users\dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
2010-03-16 01:18:19 0 d-----w- c:\program files\Trend Micro
2010-03-16 00:56:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-16 00:56:29 0 d-----w- c:\users\dad\appdata\roaming\SUPERAntiSpyware.com
2010-03-16 00:56:29 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-28 02:29:45 410 ----a-w- c:\windows\BRWMARK.INI
2010-02-28 02:29:45 34 ----a-w- c:\windows\system32\BD2170W.DAT
2010-02-28 02:29:23 146 ----a-w- c:\windows\BRVIDEO.INI
2010-02-28 02:29:23 0 ----a-w- c:\windows\brmx2001.ini
2010-02-28 02:28:58 77824 ------w- c:\windows\system32\brlmw03a.dll
2010-02-28 02:28:58 114 ------w- c:\windows\system32\brlmw03a.ini
2010-02-28 02:28:55 9868 ----a-w- c:\windows\HL-2170W.INI
2010-02-28 02:28:55 176128 ------w- c:\windows\system32\BROSNMP.DLL
2010-02-28 02:28:55 0 d-----w- c:\program files\Brownie
2010-02-28 02:28:48 94208 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2010-02-28 02:28:47 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
2010-02-28 02:28:47 196608 ------w- c:\windows\system32\Pdrvinst.dll
2010-02-28 02:28:47 0 d-----w- c:\program files\Brother
2010-02-28 02:28:02 318 ----a-w- c:\windows\Brownie.ini
2010-02-28 02:16:44 0 d-----w- c:\programdata\Brother

==================== Find3M ====================

2010-03-19 21:22:47 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-19 21:22:47 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-19 21:22:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-16 07:35:29 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-31 17:46:18 99596 ---ha-w- c:\windows\system32\mlfcache.dat
2008-09-24 07:27:19 174 --sha-w- c:\program files\desktop.ini
2008-09-24 07:16:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-06-02 04:12:45 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-02 04:12:45 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-02 04:12:45 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-09-29 01:24:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092820090929\index.dat
2009-09-30 02:48:31 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009092920090930\index.dat
2009-10-19 20:28:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009101920091020\index.dat
2009-10-22 01:49:27 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102120091022\index.dat
2009-10-24 21:24:14 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009102420091025\index.dat
2009-08-21 00:48:42 3735552 --sha-w- c:\windows\xxclone.arc\20090820.xcd\users\dad\NTUSER.DAT
2009-08-20 19:21:40 155648 --sha-w- c:\windows\xxclone.arc\20090820.xcd\windows\serviceprofiles\localservice\NTUSER.DAT
2009-08-20 19:21:35 151552 --sha-w- c:\windows\xxclone.arc\20090820.xcd\windows\serviceprofiles\networkservice\NTUSER.DAT

============= FINISH: 17:21:27.73 ===============


attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/27/2008 12:09:29 AM
System Uptime: 3/21/2010 5:15:42 PM (0 hours ago)

Motherboard: Acer | | Grapevine
Processor: Genuine Intel® CPU T2060 @ 1.60GHz | U1 | 1600/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 156 GiB total, 95.154 GiB free.
D: is FIXED (NTFS) - 135 GiB total, 64.306 GiB free.
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.{FE80BB73-9855-4343-910F-E7BC10F09150}
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: isatap.{FE80BB73-9855-4343-910F-E7BC10F09150}
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: isatap.{AA8FC0E2-DEA3-4010-A1FB-197490A413BF}
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.{FE80BB73-9855-4343-910F-E7BC10F09150}
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel

==== System Restore Points ===================

RP802: 3/1/2010 12:00:02 AM - Scheduled Checkpoint
RP803: 3/2/2010 10:51:20 PM - Scheduled Checkpoint
RP804: 3/4/2010 12:00:08 AM - Scheduled Checkpoint
RP805: 3/5/2010 12:00:08 AM - Scheduled Checkpoint
RP806: 3/6/2010 12:00:08 AM - Scheduled Checkpoint
RP807: 3/7/2010 12:00:09 AM - Scheduled Checkpoint
RP808: 3/8/2010 12:34:59 AM - Scheduled Checkpoint
RP809: 3/9/2010 12:50:43 AM - Scheduled Checkpoint
RP810: 3/10/2010 6:56:39 PM - Scheduled Checkpoint
RP811: 3/12/2010 1:26:31 AM - Scheduled Checkpoint
RP812: 3/13/2010 12:00:11 AM - Scheduled Checkpoint
RP813: 3/14/2010 5:07:52 PM - Scheduled Checkpoint
RP816: 3/15/2010 10:08:41 PM - Restore Operation

==== Installed Programs ======================


Acrobat.com
Acronis True Image Home
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11
Advanced Registry Optimizer
Agent
AI Robot
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATT-PRT22
Audacity 1.2.6
Audible Download Manager
avast! Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Brother HL-2170W
BUFFALO NAS Navigator
CCleaner
CompanionLink for Google
Compatibility Pack for the 2007 Office system
DV Network Software
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 6.1.2.5 (27/10/2009)
Facebook Plug-In
Free DVD ISO Burner version 2.5
Free M4a to MP3 Converter 6.1
Free Mp3 Wma Converter V 1.81
Free WMA to MP3 Converter 1.16
GhostMouse 2.0
Google Calendar Sync
Google Chrome
Google Earth
Google Update Helper
GpsViewer
Hardware sensors monitor 4.4
HDView for Internet Explorer
Hide My IP 1.9
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel® Graphics Media Accelerator Driver
IntelliGolf for Pocket PC
iTunes
Java™ 6 Update 15
jv16 PowerTools 2009
LAME v3.98.2 for Audacity
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Voice Command US PPC 1.60 for M2M
Mozilla Firefox (3.0.4)
MyDSC2
Nero 8
neroxml
Novacomd
Nvu 1.0
Palm webOS® Doctor™ Build Sprint.169.219, webOS 1.3.5
PayPal Plug-In
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Photo Viewer 2.4
Pocket e-Sword (2005)
PrimoPDF -- brought to you by Nitro PDF Software
Quicken 2006
QuickTime
Remote Control USB Driver
Samsung ML-1430 Series
SIW version 2008-12-16
SpeedFan (remove only)
Sprite Backup
Sun xVM VirtualBox
Switch Sound File Converter
Synaptics Pointing Device Driver
TaxCut Basic + Efile 2008
TaxCut Premium 2007
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wrapper
Unity Web Player
URL.BIZ ip blocker 1.0
VCRedistSetup
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinAVI Video Converter
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinImage
WinRAR archiver
Workspace Macro Pro 6.5
XXClone ver 0.58.0
YouTube Downloader 2.5.3
ZoneAlarm
ZoneAlarm Toolbar
Zoom ADSL Modem

==== Event Viewer Messages From Past Week ========

3/21/2010 9:29:58 AM, Error: EventLog [6008] - The previous system shutdown at 9:23:25 AM on 3/21/2010 was unexpected.
3/21/2010 9:18:33 AM, Error: EventLog [6008] - The previous system shutdown at 9:17:25 AM on 3/21/2010 was unexpected.
3/21/2010 5:16:14 PM, Error: EventLog [6008] - The previous system shutdown at 5:15:14 PM on 3/21/2010 was unexpected.
3/21/2010 5:12:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP hmonitor spldr VBoxDrv VBoxUSBMon Wanarpv6
3/21/2010 5:04:25 PM, Error: EventLog [6008] - The previous system shutdown at 3:09:28 PM on 3/21/2010 was unexpected.
3/21/2010 3:10:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
3/20/2010 9:28:02 PM, Error: EventLog [6008] - The previous system shutdown at 9:26:32 PM on 3/20/2010 was unexpected.
3/20/2010 9:20:43 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/20/2010 9:13:41 PM, Error: EventLog [6008] - The previous system shutdown at 8:15:41 PM on 3/20/2010 was unexpected.
3/20/2010 5:18:42 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2010 5:18:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
3/20/2010 5:12:49 PM, Error: EventLog [6008] - The previous system shutdown at 5:10:52 PM on 3/20/2010 was unexpected.
3/20/2010 4:36:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TrueVector Internet Monitor service to connect.
3/20/2010 4:36:43 PM, Error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/19/2010 5:23:21 PM, Error: Service Control Manager [7030] - The ZoneAlarm Toolbar IswSvc service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/19/2010 5:23:00 PM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/18/2010 12:57:47 AM, Error: Service Control Manager [7000] - The NTIDrvr service failed to start due to the following error: The system cannot find the file specified.
3/18/2010 11:08:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/18/2010 11:08:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi DfsC hmonitor NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx VBoxDrv VBoxUSBMon Wanarpv6
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/18/2010 11:08:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/18/2010 11:07:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/18/2010 11:07:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/18/2010 11:07:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/18/2010 11:07:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/18/2010 11:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/16/2010 8:45:18 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TAMMY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E0639DD8-420E-435C-9E4E-6C717DDB5. The master browser is stopping or an election is being forced.
3/16/2010 2:22:19 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
3/15/2010 9:20:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/15/2010 9:18:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
3/14/2010 8:09:23 PM, Error: PlugPlayManager [12] - The device 'TSSTcorp CD/DVDW TS-L632D ATA Device' (IDE\CdRomTSSTcorp_CD/DVDW_TS-L632D_______________AC01____\5&1d72feec&0&1.0.0) disappeared from the system without first being prepared for removal.
3/14/2010 8:09:22 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
3/14/2010 8:08:47 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
3/14/2010 4:06:33 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
3/14/2010 4:06:33 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.

==== End Of File ===========================

The machine runs somewhat quicker, but I am getting random dialog boxes that IE has crashed, a host file has crashed, etc and that they will be stopped. Also, it sometimes will not shut down correctly. I hope there is more we can do....

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 21 March 2010 - 08:07 PM

Hello dr.porsche,

QUOTE
The machine runs somewhat quicker, but I am getting random dialog boxes that IE has crashed, a host file has crashed, etc and that they will be stopped. Also, it sometimes will not shut down correctly. I hope there is more we can do....

We are just getting started. We will take a deeper look in your machine.

Are you from the Ukraine? If yes, then what internet server you using?

1.
Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

http://www.benedelman.org/spyware/ask-toolbars/
http://vil.nai.com/vil/content/v_185490.htm


I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Ask Toolbar.

2. Please update Malwarebytes_Anti-Malware and do a Full Scan.

3.
    1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Things to inlcude in your next reply:
OTL.txt
Extra.txt
MBAM log

Edited by fireman4it, 21 March 2010 - 08:08 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 21 March 2010 - 11:20 PM

The malwarebytes program will not update. I am in the United States, Ohio to be more precise.

Everytime I go to update the malwarebytes it comes back with an error to report, but I can't even open up their website to tell them about it.

I will post up the other two items you wanted in the next few minutes.

Jeff

#8 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 21 March 2010 - 11:42 PM

extra.txt

OTL Extras logfile created on: 3/22/2010 12:23:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156.40 Gb Total Space | 95.02 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive D: | 134.68 Gb Total Space | 64.31 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive E: | 488.13 Mb Total Space | 488.09 Mb Free Space | 99.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAX_WEDGE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office 2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BFEABE-706A-4ABF-BB9C-56988AD539CC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{05D64881-1855-4597-8493-2DD581285D73}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{08589E78-163D-42AF-8A83-633C56B4AED9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E2FE2CD-ECC5-40C4-BBD9-55E777D44E4A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F0CD1D9-D40B-4924-A48B-D3116293720C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{14E5E318-7D91-400A-BBA6-1C9EB65141CE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C91A8FA-BEE5-4B6A-A35F-6B6B3D450EB0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1E731878-A931-4237-96CF-B04F0C597DB9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{210FB168-070B-4610-B47A-FC2EAEDF1804}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{337C26C0-CA64-4E8C-9AD4-B2990CA50B25}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{38463A88-86D1-408E-8BF8-3EE4C9B9E802}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5008E531-F524-43ED-97DB-7913BF877D9B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{538B6058-D4DD-4AA0-A787-AF661318F4D8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C34CCA5-70E2-4E8E-AC55-53BC9E9AF80F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5CE581A9-E92F-4A29-AD59-25A12E2ACD44}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69389C53-B46B-4710-9113-BF2EFF5F7A55}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6B50DF3D-F4E3-4504-A9A0-5289027A506E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{73C63BEA-CD8F-416B-B3C2-864F02D9481B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{75DACF3C-CA3C-4176-91FF-B433C2E65179}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{78BEEC97-BE94-4204-AE7E-79668CBF73E1}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7AFA081F-CAF0-4B35-B216-90E79F0F8631}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{842809BA-A136-45E5-A4B6-14C9D98CBB19}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{8B1F08FB-92A2-40A0-9D47-BDD739D2EEE4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8C8CBF34-042D-4C35-B1FB-5C8507D8A945}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{91B4AE17-762D-49BA-9D8D-1D236D37D763}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97334FE7-B798-4004-B13D-18C213CCA8FD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97A694FC-D301-42EA-9AEE-D9B7933CE8AE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9B6A842A-9B34-442C-8A4D-B0375DCEC912}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C5495EF-5DA6-4509-9BE4-301C9B88755C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A56D2806-5349-43D2-9FB6-04846825BA2C}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{A70778DD-1DC2-40DB-BFD9-C56F56A1986D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A9B04F5D-C2B1-4D8F-9AD8-6490D71023B0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C076671F-24A7-4B13-AD59-E98625A3B6A9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C671EC02-4835-4E55-A2EF-2332DC4D8EA0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C9764504-4395-46C2-AFA1-680298078C57}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CBED1F12-952A-4016-8701-8C5CE120EB4A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCAB59F6-D2AA-4C06-90EE-4BBD811ED527}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D21117EC-D1EB-48A3-9C16-22112C1144B9}" = lport=23 | protocol=6 | dir=out | name=zoom_x6_dsl_port23 |
"{D637A2DB-1685-4AB9-B2FA-55729BC72B37}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D862E0B7-FFEA-49C7-88AB-4871D4F844C6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DB0F4C53-DB2D-4691-857A-464889499991}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DF81287E-6A97-4116-98C3-18BACC39A1C0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EB5C9018-97D9-450C-AA04-178E93865C8F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F050C56A-09C6-4A56-A1EC-145AA899D9F9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F3678FF9-7F29-49ED-887F-6A249FD94F3F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0171DB3C-756B-4872-AD39-D6417305457B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{03D9FB46-CC6B-4AE7-8E0E-060A7B1FC39B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{040274C8-5776-4683-A6E9-EA732F09FBB3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{042952F2-7680-413C-AD39-1036C5143C48}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{043F6E4D-C938-455B-B243-D5DD8F3C1949}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{04D0A50C-9775-4D22-A42C-D44B9D822000}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{086CDF35-FCAB-420F-AF09-9749C7455AFF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B65D799-7624-482C-B73A-D35FF42FC7E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0C69C4BE-7D2C-413C-819B-6C0251936E6E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0F2ACA6C-30AE-44BC-B6E8-A2FFC8714CDD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{130028E5-244D-4CC0-9923-8C279B5C2405}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{15DC7544-7F14-4842-944D-2278308A5693}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{308D03B2-7107-425E-8C19-5782811BF0E0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{338C57B1-2116-43F1-86C5-5882E8E962D3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{395C2C2D-666F-462D-97AA-241A147C2C5A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D65AC3C-AB32-4578-9FC6-A77C80542183}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3E49082D-B611-4F61-969B-21F4E6C5536A}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe |
"{3E82743B-A497-4CDA-8E25-A00B3464A397}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F659D69-0495-4B45-A6F7-F148B027AEC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{475CBAC2-4288-47FB-B224-0BB6EC252A4E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4787BCFE-97C5-491E-B3F8-670D74865D1E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47FEF87F-6231-4D26-A5F6-3A9B9BE8871F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E60879E-B56E-4A34-8C92-535EB4591C49}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5267D97B-5701-4727-AD34-A25C00BCAEE7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{53030FAC-7267-4A6C-B837-AEB71F3F8E8F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5586BC80-2C31-417F-92C6-D111A28A162B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55CBC398-0296-4085-B558-47661135798C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5623333B-BF1C-475B-8B9F-D6794EA2E625}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5F6D9E8F-0F1F-4632-A076-15DD570C8825}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6200447C-B7E3-4F1B-BDC8-2559598971C1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65AF3097-7CEE-4F71-9EFD-C5B8EECCA6B6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{681AF5F1-4E96-4FFD-8A76-2EF4E3C4F6E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6886702A-BFB1-41D6-9120-BA6BBDF7B511}" = protocol=17 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe |
"{69A00CF9-1EC5-4DAB-8D74-6BB046046465}" = protocol=6 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe |
"{6B0AA4C9-C109-45F4-9F88-1521F98384AE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{70133195-CED5-4023-8378-418E14099B1D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{71273981-FCAB-467A-98F6-A0FBAD3ED769}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{715B37D7-65F8-4E9D-BAC2-1188CA0FB7DC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{71BDB3D4-5EF8-4891-B19C-6349480C4D0C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{75DADBB4-5C51-4243-B9F8-06D8567B7C67}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{76C3A059-8612-43FD-B1D9-48600759C698}" = protocol=6 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe |
"{77005C39-A1E0-4222-BE39-7DA46EE9EF1D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{774D85B1-B40D-4BCD-9231-B9261A216878}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{79351317-AB51-4048-9A0C-440285B58A27}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{79911F2F-D9C4-4B58-BA26-A7FB2B012564}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{79B64EE4-AB9B-4345-8B9D-5D50CD318881}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7B13D625-C643-455C-8140-671952417FA8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B4C098E-2105-4CAD-A2DB-31E3D524776D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8050D212-67C7-49EC-842F-E06E680D19FC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8250FD13-7C23-42A2-9153-2D59AE9491B4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8339F23D-FC54-45FB-B84D-7416A01B1569}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8702D1DA-70C4-4784-B853-AE7CB5BDAEA4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{871806FA-C4CE-45DB-A5BB-D0ABCC2CC542}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{875A87ED-FC7E-4BFC-80CE-A2AAA35CF932}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe |
"{883F7184-7780-4E28-AF34-0F05C5C7EE50}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88D32AF1-386F-415A-857A-78535C6CC0D8}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{8CE8EA1F-1C79-49EE-84E8-17E2FF5F43E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8CEE92A0-C1D2-4DB2-8423-C4D8C1D4CE42}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EB28A20-71CF-4C2A-8A88-25E24AB9A16E}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe |
"{913C5C9D-28D5-4001-A97E-E9B11E4742C9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91BA4F56-D060-4E13-BE49-9F9138C0E497}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93476E35-60FE-400A-BD93-9CFA2AE37CDE}" = protocol=17 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe |
"{93A4B5B8-6E60-4562-8882-773DA1FDA415}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{948868E3-330B-4EA9-A7CC-102BF308EC05}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97AABA8B-7BE9-41FE-AE87-183D112C9BAF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9ADBF401-DB22-409B-8EA7-C48B7B104E1F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A7CC3CE1-81A0-412E-B0F2-4D95C542B775}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA38CC08-AFFB-48B3-9015-44826D770A0B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AAB04901-6759-48C8-B40F-59F24CEE460E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD3591F1-A38B-4A30-A83B-6FEA82ED64E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE1A58F1-AC73-45E8-98BB-25ED6F66C3F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0AC9960-BAAA-4B30-ACE6-9AFE5E3D653A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B301E933-A0D9-464B-B2A0-231EF88236C6}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe |
"{B3406948-A4C1-4A66-AFC0-B12477386551}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B52E479B-DF39-4DFC-9B54-90E7A3E9173E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B58343FA-5F47-4D79-B88B-582B8E130B52}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe |
"{BEDC3812-7301-420D-BE21-E6DE4080BF86}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF3C1128-24C4-4506-9AD5-574D7A54C446}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C6411A71-3E24-4C05-9BD7-AA4C6C89F012}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C7D3BC6B-3A7A-41B6-B968-1ACB236C726F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C7D4D42D-9DEB-416F-B141-2AE6735EEA3B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9BB6839-70F1-40D6-A266-A2AF8E9DF370}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9D3524E-36D3-468D-B08E-42682FA2FA6A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CA805DE2-480B-45E2-A391-5E514B4F4B1B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC652F00-AEF1-44F7-A289-CDEF9D9F5ECB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CDCBE331-E17C-4AF0-90FB-DE8F3E81BEDF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D3D26732-5F69-4C47-9175-6308B30BB2CE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D5E10D54-AE4A-4472-A2A5-BBE1CB31AB6C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8C7F04D-DD76-4DEE-A503-4D15C4492858}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D91CFDFD-E1FB-40BF-9453-2CD8C42EFE92}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DAE9BA35-FA96-4B0C-B299-BD410F756248}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DB5FC458-5349-43E0-B111-1D7F3D98D8EE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD554694-4739-42D8-8D37-DBAF546147F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DEA0DD4A-079D-40BD-BE99-8BB1ED8C0FBC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFC07C73-A0B4-4621-8477-EB9B7F0F6E80}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1784753-95B8-430F-9E50-4398F13F2B9F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E272FF6D-EAC6-4073-AD4F-2547261B0953}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0CFE770-474E-4307-BB2D-4E2E4FC35F22}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F271D8DC-A72C-4673-AD35-C201B7021F20}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe |
"{F3828383-20C4-4617-B991-11E0203BE018}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7514073-7AFD-4ED4-84E5-9EE3BE3D4F84}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F8D530B7-DD88-4A22-99F5-E01EC8B90B26}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F97E9033-2472-4CBE-8120-92282D482F09}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF211677-DEDE-4B3C-94B0-0B25CEC18CAA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{223CA97A-C967-486E-9EEE-DECDD8B08F81}C:\program files\sun\xvm virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\sun\xvm virtualbox\virtualbox.exe |
"TCP Query User{360D0E4A-71B1-4BF4-BC25-069FCE8BFE7B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A266789B-2C8D-47C8-97C4-FFAF8F6B1139}D:\program files\intelligolf\igolf.exe" = protocol=6 | dir=in | app=d:\program files\intelligolf\igolf.exe |
"TCP Query User{E9DD1B10-D1D0-447B-9E81-0318F4DDEA49}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0532C546-42A2-43F0-AEAF-B6442E49DA96}D:\program files\intelligolf\igolf.exe" = protocol=17 | dir=in | app=d:\program files\intelligolf\igolf.exe |
"UDP Query User{36C7CF8E-104D-4706-8331-A80D542E33BD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B9D4709D-BD8F-40C1-90B4-77667D1D459E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EE1580A3-2D9F-438C-BCB5-E1567D940F62}C:\program files\sun\xvm virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\sun\xvm virtualbox\virtualbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2BB8F01E-9BA5-4102-97F0-90D1B81A0038}" = AI Robot
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{325CFEF6-F0C4-4FBC-AA98-CC4854BEFA42}" = Zoom ADSL Modem
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{473E9B0A-C70A-4891-A74F-72D6877A5FAC}" = CompanionLink for Google
"{4B04C8A6-8282-420B-A9CD-62E68E8A47C2}" = URL.BIZ ip blocker 1.0
"{567885A3-D921-443F-9704-9964D1D8EE33}" = Pocket e-Sword (2005)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E6EC4DD-7B1F-4E10-82B9-EA1B90791033}" = Nero 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{764B0FD6-D366-431E-9559-EE91DB7103BF}" = Brother HL-2170W
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CE12FDF-B758-46A5-A8CD-785EDFDC5B84}" = Workspace Macro Pro 6.5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8827923A-B5B5-44F9-8FAF-DFFDB23BBEB8}" = Sprite Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9808297E-9073-46A0-8B9D-6881D56FE8AE}" = Agent
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B}" = DV Network Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B9B37361-214D-4D7B-B616-159C390FE1ED}" = Microsoft Voice Command US PPC 1.60 for M2M
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE50F917-DF17-4EF9-B391-1B5B0920B73F}" = GpsViewer
"{CEF2806D-549B-432A-A232-6E265E6055CB}" = Sun xVM VirtualBox
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D81FBA6E-5492-4C46-BAE3-3A9242C27210}" = TaxCut Basic + Efile 2008
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3B48AAD-0D5F-4011-BB59-5440B094FA23}" = IntelliGolf for Pocket PC
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"ATT-PRT22" = ATT-PRT22
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"avast!" = avast! Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free MP3 to CD Converter & Burner (by minidvdsoft)_is1" = Free DVD ISO Burner version 2.5
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GhostMouse 2.0" = GhostMouse 2.0
"Google Calendar Sync" = Google Calendar Sync
"Hardware sensors monitor 4.4_is1" = Hardware sensors monitor 4.4
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hide My IP_is1" = Hide My IP 1.9
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{AB85A4DB-357F-41B5-94A6-C9A4CBBD791B}" = DV Network Software
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"Nvu_is1" = Nvu 1.0
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Photo Viewer" = Photo Viewer 2.4
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Samsung ML-1430 Series" = Samsung ML-1430 Series
"SpeedFan" = SpeedFan (remove only)
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UN060501" = BUFFALO NAS Navigator
"UnityWebPlayer" = Unity Web Player
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinImage" = WinImage
"WinRAR archiver" = WinRAR archiver
"XXClone" = XXClone ver 0.58.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Palm webOS® Doctor™ Build Sprint.169.219, webOS 1.3.5" = Palm webOS® Doctor™ Build Sprint.169.219, webOS 1.3.5

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/30/2008 9:49:23 PM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://voxel.dl.sourceforge.net/sourceforg...-Sudoku-1.0.cab
failed, 00000026.

Error - 10/4/2008 10:40:45 PM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download1.coupons.com/7/19/7125/638...uponprinter.exe
failed, 0000001E.

Error - 12/8/2008 11:39:16 PM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\webappsstore.sqlite
failed, 00000005.

Error - 12/9/2008 8:34:00 AM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\webappsstore.sqlite
failed, 00000005.

Error - 1/11/2009 12:10:11 AM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\LINKSTATION\Kids_Music\The Who\Who's Better, Who's Best\07 Pictures of Lily.mp3
failed, 00000040.

Error - 1/11/2009 12:35:13 AM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\LINKSTATION\Kids_Music\Various Artists\Shout! 2002 Disc 2\05 When You Change
Your Mind.mp3 failed, 00000040.

Error - 2/9/2009 12:15:59 AM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Dad\AppData\Roaming\Microsoft\ActiveSync\Profiles\5b2dd3bc\user.sdf failed,
00000005.

Error - 3/15/2010 11:22:22 PM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 3/17/2010 5:52:11 PM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Unhandled exception in AavmProviderStop
[Inner], MAIL.

Error - 3/20/2010 4:30:25 PM | Computer Name = Max_Wedge | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Dad\AppData\Local\Temp\IswTmp\Logs\ISWSHEX.swl failed, 00000005.

[ Application Events ]
Error - 3/21/2010 7:21:05 PM | Computer Name = Max_Wedge | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4b9b089c,
faulting module chrome.dll, version 4.1.249.1036, time stamp 0x4b9b0861, exception
code 0xc0000005, fault offset 0x006a1a8d, process id 0x11b4, application start time
0x01cac94d1a9f7e7a.

Error - 3/21/2010 7:36:36 PM | Computer Name = Max_Wedge | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc000071b, fault offset 0x00088ed9, process id 0x59c, application
start time 0x01cac93bbd0c2c1a.

Error - 3/21/2010 11:51:17 PM | Computer Name = Max_Wedge | Source = SPP | ID = 16387
Description =

Error - 3/21/2010 11:51:17 PM | Computer Name = Max_Wedge | Source = System Restore | ID = 8193
Description =

Error - 3/22/2010 12:05:35 AM | Computer Name = Max_Wedge | Source = SPP | ID = 16387
Description =

Error - 3/22/2010 12:05:35 AM | Computer Name = Max_Wedge | Source = System Restore | ID = 8193
Description =

Error - 3/22/2010 12:05:51 AM | Computer Name = Max_Wedge | Source = SPP | ID = 16387
Description =

Error - 3/22/2010 12:05:51 AM | Computer Name = Max_Wedge | Source = System Restore | ID = 8193
Description =

Error - 3/22/2010 12:13:20 AM | Computer Name = Max_Wedge | Source = EventSystem | ID = 4609
Description =

Error - 3/22/2010 12:16:35 AM | Computer Name = Max_Wedge | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 3/22/2010 12:13:58 AM | Computer Name = Max_Wedge | Source = DCOM | ID = 10005
Description =

Error - 3/22/2010 12:14:07 AM | Computer Name = Max_Wedge | Source = Service Control Manager | ID = 7001
Description =

Error - 3/22/2010 12:14:08 AM | Computer Name = Max_Wedge | Source = Service Control Manager | ID = 7001
Description =

Error - 3/22/2010 12:14:08 AM | Computer Name = Max_Wedge | Source = Service Control Manager | ID = 7001
Description =

Error - 3/22/2010 12:16:19 AM | Computer Name = Max_Wedge | Source = Service Control Manager | ID = 7001
Description =

Error - 3/22/2010 12:16:19 AM | Computer Name = Max_Wedge | Source = Service Control Manager | ID = 7026
Description =

Error - 3/22/2010 12:16:27 AM | Computer Name = Max_Wedge | Source = DCOM | ID = 10005
Description =

Error - 3/22/2010 12:16:35 AM | Computer Name = Max_Wedge | Source = DCOM | ID = 10005
Description =

Error - 3/22/2010 12:16:38 AM | Computer Name = Max_Wedge | Source = DCOM | ID = 10005
Description =

Error - 3/22/2010 12:16:41 AM | Computer Name = Max_Wedge | Source = DCOM | ID = 10005
Description =


< End of report >


otl.txt

OTL logfile created on: 3/22/2010 12:23:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156.40 Gb Total Space | 95.02 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive D: | 134.68 Gb Total Space | 64.31 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive E: | 488.13 Mb Total Space | 488.09 Mb Free Space | 99.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAX_WEDGE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/22 00:20:50 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2010/02/04 11:52:58 | 000,735,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/04 11:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 00:20:50 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- d:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- d:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/06 13:03:46 | 000,033,280 | ---- | M] (Palm) [Auto | Stopped] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/22 18:57:12 | 000,618,944 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.springfieldnewssun.com/e/content/oh/index/entertainment/events/holidays/contests/singing.html"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..network.proxy.ftp: "75.125.48.83"
FF - prefs.js..network.proxy.ftp_port: 58258
FF - prefs.js..network.proxy.gopher: "75.125.48.83"
FF - prefs.js..network.proxy.gopher_port: 58258
FF - prefs.js..network.proxy.http: "75.125.48.83"
FF - prefs.js..network.proxy.http_port: 58258
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "75.125.48.83"
FF - prefs.js..network.proxy.ssl_port: 58258

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2008/02/28 22:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/03/19 17:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/21 14:45:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/18 23:49:10 | 000,000,000 | ---D | M]

[2008/12/09 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2010/03/22 00:05:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\extensions
[2008/12/06 17:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\extensions\{353396a4-6910-4b95-9ec8-37978867618b}
[2008/07/08 18:28:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/21 19:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/01 21:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\proxy@hide-my-ip.com
[2008/12/09 23:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.204,93.188.161.80
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Dad\Desktop\slideshow_883698_Hungary_Zoo_MTI101.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/18 22:55:01 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{143e96d3-8d57-11dd-ac53-001bdc0038b4}\Shell - "" = AutoRun
O33 - MountPoints2\{143e96d3-8d57-11dd-ac53-001bdc0038b4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell00\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell01\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell02\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/24 03:18:04 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/22 00:20:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/03/20 16:52:19 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2010/03/20 16:52:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/20 16:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/20 16:52:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/20 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/19 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\ForceField Shared Files
[2010/03/19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2010/03/19 17:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/03/19 17:22:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/03/19 17:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/03/19 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/03/19 17:21:51 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/03/19 16:40:24 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/03/19 16:39:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/19 16:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/19 07:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 07:25:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/18 22:55:01 | 000,000,000 | ---D | C] -- C:\Autoruns
[2010/03/17 23:28:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\ImgBurn
[2010/03/17 23:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/03/17 23:20:25 | 004,614,113 | ---- | C] (LIGHTNING UK!) -- C:\Users\Dad\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/03/17 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\uTorrent
[2010/03/15 22:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/15 22:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2010/03/15 22:44:08 | 006,234,351 | ---- | C] (Macecraft Software ) -- C:\Users\Dad\Desktop\jv16pt_setup_hb.exe
[2010/03/15 22:29:32 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Dad\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/15 22:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Sammsoft
[2010/03/15 22:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/03/15 22:25:58 | 005,153,344 | ---- | C] (Sammsoft ) -- C:\Users\Dad\Desktop\ARO2010_mt.exe
[2010/03/15 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/15 20:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/15 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/15 20:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 16:52:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dad\AppData\Roaming\pcouffin.sys
[1 C:\Users\Dad\Documents\*.tmp files -> C:\Users\Dad\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/22 00:26:36 | 003,932,160 | ---- | M] () -- C:\Users\Dad\ntuser.dat
[2010/03/22 00:20:50 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/03/22 00:20:29 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/22 00:20:29 | 000,597,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/22 00:20:29 | 000,101,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/22 00:17:08 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/22 00:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/22 00:14:29 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/22 00:14:29 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TM.blf
[2010/03/22 00:12:20 | 207,013,296 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/22 00:03:12 | 000,001,594 | ---- | M] () -- C:\Users\Dad\Desktop\Clean Registry for Free!.lnk
[2010/03/22 00:02:12 | 000,000,286 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/03/22 00:01:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/22 00:01:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/22 00:00:57 | 000,004,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/22 00:00:56 | 000,004,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/21 23:54:59 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/21 19:00:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 18:47:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080922696-2955198264-2786358448-1000UA.job
[2010/03/21 17:59:29 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080922696-2955198264-2786358448-1000Core.job
[2010/03/21 17:18:58 | 000,525,824 | ---- | M] () -- C:\Users\Dad\Desktop\dds.scr
[2010/03/21 17:13:03 | 000,000,680 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2010/03/21 17:13:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/21 14:39:41 | 000,000,285 | ---- | M] () -- C:\Windows\win.ini
[2010/03/20 17:05:52 | 000,000,000 | ---- | M] () -- C:\Users\Dad\defogger_reenable
[2010/03/20 16:52:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 00:45:53 | 000,001,878 | ---- | M] () -- C:\Users\Dad\Desktop\HijackThis.lnk
[2010/03/19 21:09:45 | 000,006,760 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\PrimoPDFSet.xml
[2010/03/19 21:08:13 | 000,026,112 | ---- | M] () -- C:\Users\Dad\Documents\John Franklin.doc
[2010/03/19 17:23:56 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/03/19 17:23:10 | 000,000,875 | ---- | M] () -- C:\Users\Dad\Desktop\ZoneAlarm Security.lnk
[2010/03/19 16:39:26 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/19 07:28:57 | 000,001,674 | ---- | M] () -- C:\Users\Dad\Desktop\CCleaner.lnk
[2010/03/19 00:13:42 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/19 00:12:02 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 00:12:02 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TM.blf
[2010/03/18 00:44:22 | 000,001,410 | ---- | M] () -- C:\Users\Dad\Desktop\Live PC Help.lnk
[2010/03/17 23:49:20 | 000,022,016 | ---- | M] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 23:20:51 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/03/17 23:20:25 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\Users\Dad\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/03/17 22:53:15 | 000,019,627 | ---- | M] () -- C:\Users\Dad\Desktop\Windows Vista 32-bit Repair Disc.torrent
[2010/03/15 22:49:24 | 000,000,082 | ---- | M] () -- C:\Users\Dad\Desktop\Buy jv16 PowerTools.url
[2010/03/15 22:48:12 | 000,000,023 | -HS- | M] () -- C:\Windows\System32\edacded0.dat
[2010/03/15 22:48:12 | 000,000,023 | ---- | M] () -- C:\Windows\System32\bcdadac7.xml
[2010/03/15 22:47:23 | 000,000,804 | ---- | M] () -- C:\Users\Dad\Desktop\jv16 PowerTools 2009.lnk
[2010/03/15 22:44:08 | 006,234,351 | ---- | M] (Macecraft Software ) -- C:\Users\Dad\Desktop\jv16pt_setup_hb.exe
[2010/03/15 22:29:37 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Dad\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/15 22:27:36 | 000,001,844 | ---- | M] () -- C:\Users\Dad\Desktop\Check PC For Errors.lnk
[2010/03/15 22:25:59 | 005,153,344 | ---- | M] (Sammsoft ) -- C:\Users\Dad\Desktop\ARO2010_mt.exe
[2010/03/15 22:14:05 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 22:09:14 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 22:09:14 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/15 22:02:31 | 000,009,012 | -HS- | M] () -- C:\Users\Dad\AppData\Local\QJyrk5wvCU1
[2010/03/15 22:02:31 | 000,009,012 | -HS- | M] () -- C:\ProgramData\QJyrk5wvCU1
[2010/03/14 21:32:59 | 000,043,732 | ---- | M] () -- C:\Users\Dad\Desktop\cry 2010IFile.pdf
[2010/03/14 21:27:34 | 000,060,376 | ---- | M] () -- C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/14 16:05:21 | 000,258,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/13 16:22:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/12 17:36:46 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[1 C:\Users\Dad\Documents\*.tmp files -> C:\Users\Dad\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 00:03:12 | 000,001,594 | ---- | C] () -- C:\Users\Dad\Desktop\Clean Registry for Free!.lnk
[2010/03/21 17:18:53 | 000,525,824 | ---- | C] () -- C:\Users\Dad\Desktop\dds.scr
[2010/03/20 17:05:52 | 000,000,000 | ---- | C] () -- C:\Users\Dad\defogger_reenable
[2010/03/20 16:52:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 00:45:53 | 000,001,878 | ---- | C] () -- C:\Users\Dad\Desktop\HijackThis.lnk
[2010/03/19 21:08:12 | 000,026,112 | ---- | C] () -- C:\Users\Dad\Documents\John Franklin.doc
[2010/03/19 17:23:10 | 000,000,875 | ---- | C] () -- C:\Users\Dad\Desktop\ZoneAlarm Security.lnk
[2010/03/19 17:22:26 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/03/19 16:59:30 | 207,013,296 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/19 16:43:15 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/19 16:39:26 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/19 07:28:57 | 000,001,674 | ---- | C] () -- C:\Users\Dad\Desktop\CCleaner.lnk
[2010/03/19 00:13:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/19 00:13:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 00:13:42 | 000,065,536 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TM.blf
[2010/03/18 23:08:03 | 000,000,680 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2010/03/18 00:44:22 | 000,001,410 | ---- | C] () -- C:\Users\Dad\Desktop\Live PC Help.lnk
[2010/03/17 23:20:51 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/03/17 22:53:14 | 000,019,627 | ---- | C] () -- C:\Users\Dad\Desktop\Windows Vista 32-bit Repair Disc.torrent
[2010/03/15 22:49:24 | 000,000,082 | ---- | C] () -- C:\Users\Dad\Desktop\Buy jv16 PowerTools.url
[2010/03/15 22:48:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\edacded0.dat
[2010/03/15 22:48:12 | 000,000,023 | ---- | C] () -- C:\Windows\System32\bcdadac7.xml
[2010/03/15 22:47:23 | 000,000,804 | ---- | C] () -- C:\Users\Dad\Desktop\jv16 PowerTools 2009.lnk
[2010/03/15 22:27:36 | 000,001,844 | ---- | C] () -- C:\Users\Dad\Desktop\Check PC For Errors.lnk
[2010/03/15 22:14:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 22:14:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 22:14:05 | 000,065,536 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TM.blf
[2010/03/15 20:10:33 | 000,009,012 | -HS- | C] () -- C:\Users\Dad\AppData\Local\QJyrk5wvCU1
[2010/03/15 20:10:33 | 000,009,012 | -HS- | C] () -- C:\ProgramData\QJyrk5wvCU1
[2010/03/14 21:32:59 | 000,043,732 | ---- | C] () -- C:\Users\Dad\Desktop\cry 2010IFile.pdf
[2010/02/27 22:29:45 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/27 22:29:23 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/02/27 22:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/02/27 22:28:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/02/27 22:28:55 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/02/27 22:28:02 | 000,000,286 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/11/02 23:04:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/02 17:42:23 | 000,000,191 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/28 16:52:58 | 000,000,034 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.log
[2009/10/28 16:52:06 | 000,087,608 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\inst.exe
[2009/10/28 16:52:06 | 000,007,887 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.cat
[2009/10/28 16:52:06 | 000,001,144 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.inf
[2009/10/27 22:31:46 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/28 21:21:23 | 000,006,760 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\PrimoPDFSet.xml
[2009/09/28 21:16:18 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/08/15 12:51:56 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/02/13 23:23:44 | 000,010,536 | ---- | C] () -- C:\Windows\System32\drivers\Hmonitor.sys
[2009/01/29 19:38:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/12/06 17:49:50 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2008/12/06 17:38:29 | 000,003,120 | ---- | C] () -- C:\Windows\System32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
[2008/07/01 22:36:14 | 000,001,024 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\WavCodec.wff
[2008/05/13 09:51:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 23:13:12 | 000,022,016 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 19:52:23 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008/01/31 19:52:23 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2008/01/26 23:06:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/02/07 00:58:00 | 000,000,851 | ---- | C] () -- C:\Windows\xxclone.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/02 15:54:00 | 000,004,801 | ---- | C] () -- C:\Windows\UN060501.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/08/20 21:33:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acronis
[2010/02/06 04:36:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CanuckSoftware
[2010/03/19 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2009/10/15 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CompanionLink
[2010/02/13 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Facebook
[2009/08/15 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\HotSync
[2010/03/17 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\ImgBurn
[2009/09/15 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\KompoZer
[2009/08/19 23:10:49 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\NCH Swift Sound
[2010/03/19 19:41:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Nvu
[2010/03/15 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sammsoft
[2009/01/30 22:49:08 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TaxCut
[2010/03/18 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\uTorrent
[2009/10/28 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Vso
[2010/03/22 00:17:08 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/21 19:37:42 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/03/16 03:35:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 04:07:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:07:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


and i still cannot update mbam. I tried to use the link to manually update, but to no avail.

Jeff

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 22 March 2010 - 07:55 PM

Hello,

Lets try Uninstalling and Reinstalling Malware-Bytes


1.
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

2.
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 ( File not found
    O13 - gopher Prefix: missing
    O33 - MountPoints2\{143e96d3-8d57-11dd-ac53-001bdc0038b4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
    O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell00\Command - "" = G:\Autorun.exe -- File not found
    O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell01\Command - "" = G:\Autorun.exe -- File not found
    O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell02\Command - "" = G:\Autorun.exe -- File not found

    :Files
    C:\Users\Dad\AppData\Local\QJyrk5wvCU1
    C:\ProgramData\QJyrk5wvCU1
    C:\WINDOWS\System32\drivers\atapi.sys|C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys /replace

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "NameServer"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FB093F4-F00B-49B7-B148-ABC5CDFE170B}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CACFA021-D4DC-47FB-8C0B-8714518C3CCB}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E0639DD8-420E-435C-9E4E-6C717DDB5B58}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE80BB73-9855-4343-910F-E7BC10F09150}]

    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [REBOOT]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

3.
Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

4.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Things to include in your next reply:
OTL LOG
MBAM log
ESET log
How is your machine running now? Any redirects or sign of Malware?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 23 March 2010 - 05:55 AM

otl

OTL logfile created on: 3/22/2010 12:23:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156.40 Gb Total Space | 95.02 Gb Free Space | 60.75% Space Free | Partition Type: NTFS
Drive D: | 134.68 Gb Total Space | 64.31 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive E: | 488.13 Mb Total Space | 488.09 Mb Free Space | 99.99% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAX_WEDGE
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/22 00:20:50 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2010/02/04 11:52:58 | 000,735,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/04 11:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 00:20:50 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/02/04 11:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- d:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- d:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/06 13:03:46 | 000,033,280 | ---- | M] (Palm) [Auto | Stopped] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/22 18:57:12 | 000,618,944 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.springfieldnewssun.com/e/content/oh/index/entertainment/events/holidays/contests/singing.html"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..network.proxy.ftp: "75.125.48.83"
FF - prefs.js..network.proxy.ftp_port: 58258
FF - prefs.js..network.proxy.gopher: "75.125.48.83"
FF - prefs.js..network.proxy.gopher_port: 58258
FF - prefs.js..network.proxy.http: "75.125.48.83"
FF - prefs.js..network.proxy.http_port: 58258
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "75.125.48.83"
FF - prefs.js..network.proxy.ssl_port: 58258

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2008/02/28 22:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/03/19 17:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/21 14:45:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/18 23:49:10 | 000,000,000 | ---D | M]

[2008/12/09 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2010/03/22 00:05:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\extensions
[2008/12/06 17:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\extensions\{353396a4-6910-4b95-9ec8-37978867618b}
[2008/07/08 18:28:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\vyarz72b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/21 19:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/01 21:19:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\proxy@hide-my-ip.com
[2008/12/09 23:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.204,93.188.161.80
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Users\Dad\Desktop\slideshow_883698_Hungary_Zoo_MTI101.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/18 22:55:01 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{143e96d3-8d57-11dd-ac53-001bdc0038b4}\Shell - "" = AutoRun
O33 - MountPoints2\{143e96d3-8d57-11dd-ac53-001bdc0038b4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell00\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell01\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell02\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/24 03:18:04 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/22 00:20:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/03/20 16:52:19 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2010/03/20 16:52:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/20 16:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/20 16:52:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/20 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/19 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\ForceField Shared Files
[2010/03/19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2010/03/19 17:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/03/19 17:22:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010/03/19 17:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/03/19 17:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/03/19 17:21:51 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/03/19 16:40:24 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/03/19 16:39:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/19 16:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/03/19 07:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/19 07:25:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/18 22:55:01 | 000,000,000 | ---D | C] -- C:\Autoruns
[2010/03/17 23:28:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\ImgBurn
[2010/03/17 23:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/03/17 23:20:25 | 004,614,113 | ---- | C] (LIGHTNING UK!) -- C:\Users\Dad\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/03/17 22:53:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\uTorrent
[2010/03/15 22:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/15 22:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009
[2010/03/15 22:44:08 | 006,234,351 | ---- | C] (Macecraft Software ) -- C:\Users\Dad\Desktop\jv16pt_setup_hb.exe
[2010/03/15 22:29:32 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Dad\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/15 22:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Sammsoft
[2010/03/15 22:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2010/03/15 22:25:58 | 005,153,344 | ---- | C] (Sammsoft ) -- C:\Users\Dad\Desktop\ARO2010_mt.exe
[2010/03/15 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/15 20:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/15 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/15 20:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/28 16:52:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Dad\AppData\Roaming\pcouffin.sys
[1 C:\Users\Dad\Documents\*.tmp files -> C:\Users\Dad\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/22 00:26:36 | 003,932,160 | ---- | M] () -- C:\Users\Dad\ntuser.dat
[2010/03/22 00:20:50 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/03/22 00:20:29 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/22 00:20:29 | 000,597,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/22 00:20:29 | 000,101,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/22 00:17:08 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/22 00:15:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/22 00:14:29 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/22 00:14:29 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TM.blf
[2010/03/22 00:12:20 | 207,013,296 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/22 00:03:12 | 000,001,594 | ---- | M] () -- C:\Users\Dad\Desktop\Clean Registry for Free!.lnk
[2010/03/22 00:02:12 | 000,000,286 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/03/22 00:01:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/22 00:01:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/22 00:00:57 | 000,004,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/22 00:00:56 | 000,004,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/21 23:54:59 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/21 19:00:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 18:47:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080922696-2955198264-2786358448-1000UA.job
[2010/03/21 17:59:29 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080922696-2955198264-2786358448-1000Core.job
[2010/03/21 17:18:58 | 000,525,824 | ---- | M] () -- C:\Users\Dad\Desktop\dds.scr
[2010/03/21 17:13:03 | 000,000,680 | ---- | M] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2010/03/21 17:13:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/21 14:39:41 | 000,000,285 | ---- | M] () -- C:\Windows\win.ini
[2010/03/20 17:05:52 | 000,000,000 | ---- | M] () -- C:\Users\Dad\defogger_reenable
[2010/03/20 16:52:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 00:45:53 | 000,001,878 | ---- | M] () -- C:\Users\Dad\Desktop\HijackThis.lnk
[2010/03/19 21:09:45 | 000,006,760 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\PrimoPDFSet.xml
[2010/03/19 21:08:13 | 000,026,112 | ---- | M] () -- C:\Users\Dad\Documents\John Franklin.doc
[2010/03/19 17:23:56 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/03/19 17:23:10 | 000,000,875 | ---- | M] () -- C:\Users\Dad\Desktop\ZoneAlarm Security.lnk
[2010/03/19 16:39:26 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/19 07:28:57 | 000,001,674 | ---- | M] () -- C:\Users\Dad\Desktop\CCleaner.lnk
[2010/03/19 00:13:42 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/19 00:12:02 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 00:12:02 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TM.blf
[2010/03/18 00:44:22 | 000,001,410 | ---- | M] () -- C:\Users\Dad\Desktop\Live PC Help.lnk
[2010/03/17 23:49:20 | 000,022,016 | ---- | M] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 23:20:51 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/03/17 23:20:25 | 004,614,113 | ---- | M] (LIGHTNING UK!) -- C:\Users\Dad\Desktop\SetupImgBurn_2.5.1.0.exe
[2010/03/17 22:53:15 | 000,019,627 | ---- | M] () -- C:\Users\Dad\Desktop\Windows Vista 32-bit Repair Disc.torrent
[2010/03/15 22:49:24 | 000,000,082 | ---- | M] () -- C:\Users\Dad\Desktop\Buy jv16 PowerTools.url
[2010/03/15 22:48:12 | 000,000,023 | -HS- | M] () -- C:\Windows\System32\edacded0.dat
[2010/03/15 22:48:12 | 000,000,023 | ---- | M] () -- C:\Windows\System32\bcdadac7.xml
[2010/03/15 22:47:23 | 000,000,804 | ---- | M] () -- C:\Users\Dad\Desktop\jv16 PowerTools 2009.lnk
[2010/03/15 22:44:08 | 006,234,351 | ---- | M] (Macecraft Software ) -- C:\Users\Dad\Desktop\jv16pt_setup_hb.exe
[2010/03/15 22:29:37 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Dad\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/15 22:27:36 | 000,001,844 | ---- | M] () -- C:\Users\Dad\Desktop\Check PC For Errors.lnk
[2010/03/15 22:25:59 | 005,153,344 | ---- | M] (Sammsoft ) -- C:\Users\Dad\Desktop\ARO2010_mt.exe
[2010/03/15 22:14:05 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 22:09:14 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 22:09:14 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/15 22:02:31 | 000,009,012 | -HS- | M] () -- C:\Users\Dad\AppData\Local\QJyrk5wvCU1
[2010/03/15 22:02:31 | 000,009,012 | -HS- | M] () -- C:\ProgramData\QJyrk5wvCU1
[2010/03/14 21:32:59 | 000,043,732 | ---- | M] () -- C:\Users\Dad\Desktop\cry 2010IFile.pdf
[2010/03/14 21:27:34 | 000,060,376 | ---- | M] () -- C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/14 16:05:21 | 000,258,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/13 16:22:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/12 17:36:46 | 000,002,523 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[1 C:\Users\Dad\Documents\*.tmp files -> C:\Users\Dad\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/22 00:03:12 | 000,001,594 | ---- | C] () -- C:\Users\Dad\Desktop\Clean Registry for Free!.lnk
[2010/03/21 17:18:53 | 000,525,824 | ---- | C] () -- C:\Users\Dad\Desktop\dds.scr
[2010/03/20 17:05:52 | 000,000,000 | ---- | C] () -- C:\Users\Dad\defogger_reenable
[2010/03/20 16:52:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/20 00:45:53 | 000,001,878 | ---- | C] () -- C:\Users\Dad\Desktop\HijackThis.lnk
[2010/03/19 21:08:12 | 000,026,112 | ---- | C] () -- C:\Users\Dad\Documents\John Franklin.doc
[2010/03/19 17:23:10 | 000,000,875 | ---- | C] () -- C:\Users\Dad\Desktop\ZoneAlarm Security.lnk
[2010/03/19 17:22:26 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/03/19 16:59:30 | 207,013,296 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/19 16:43:15 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/19 16:39:26 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/19 07:28:57 | 000,001,674 | ---- | C] () -- C:\Users\Dad\Desktop\CCleaner.lnk
[2010/03/19 00:13:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/19 00:13:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 00:13:42 | 000,065,536 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{6a80e430-330c-11df-83d6-001bdc0038b4}.TM.blf
[2010/03/18 23:08:03 | 000,000,680 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2010/03/18 00:44:22 | 000,001,410 | ---- | C] () -- C:\Users\Dad\Desktop\Live PC Help.lnk
[2010/03/17 23:20:51 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/03/17 22:53:14 | 000,019,627 | ---- | C] () -- C:\Users\Dad\Desktop\Windows Vista 32-bit Repair Disc.torrent
[2010/03/15 22:49:24 | 000,000,082 | ---- | C] () -- C:\Users\Dad\Desktop\Buy jv16 PowerTools.url
[2010/03/15 22:48:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\edacded0.dat
[2010/03/15 22:48:12 | 000,000,023 | ---- | C] () -- C:\Windows\System32\bcdadac7.xml
[2010/03/15 22:47:23 | 000,000,804 | ---- | C] () -- C:\Users\Dad\Desktop\jv16 PowerTools 2009.lnk
[2010/03/15 22:27:36 | 000,001,844 | ---- | C] () -- C:\Users\Dad\Desktop\Check PC For Errors.lnk
[2010/03/15 22:14:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 22:14:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 22:14:05 | 000,065,536 | -HS- | C] () -- C:\Users\Dad\ntuser.dat{c09d1fba-309f-11df-b231-001bdc0038b4}.TM.blf
[2010/03/15 20:10:33 | 000,009,012 | -HS- | C] () -- C:\Users\Dad\AppData\Local\QJyrk5wvCU1
[2010/03/15 20:10:33 | 000,009,012 | -HS- | C] () -- C:\ProgramData\QJyrk5wvCU1
[2010/03/14 21:32:59 | 000,043,732 | ---- | C] () -- C:\Users\Dad\Desktop\cry 2010IFile.pdf
[2010/02/27 22:29:45 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/27 22:29:23 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/02/27 22:29:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/02/27 22:28:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/02/27 22:28:55 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/02/27 22:28:02 | 000,000,286 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/11/02 23:04:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/02 17:42:23 | 000,000,191 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/28 16:52:58 | 000,000,034 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.log
[2009/10/28 16:52:06 | 000,087,608 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\inst.exe
[2009/10/28 16:52:06 | 000,007,887 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.cat
[2009/10/28 16:52:06 | 000,001,144 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\pcouffin.inf
[2009/10/27 22:31:46 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/28 21:21:23 | 000,006,760 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\PrimoPDFSet.xml
[2009/09/28 21:16:18 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/08/15 12:51:56 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/02/13 23:23:44 | 000,010,536 | ---- | C] () -- C:\Windows\System32\drivers\Hmonitor.sys
[2009/01/29 19:38:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/12/06 17:49:50 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2008/12/06 17:38:29 | 000,003,120 | ---- | C] () -- C:\Windows\System32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
[2008/07/01 22:36:14 | 000,001,024 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\WavCodec.wff
[2008/05/13 09:51:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/10 23:13:12 | 000,022,016 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 19:52:23 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008/01/31 19:52:23 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2008/01/26 23:06:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/02/07 00:58:00 | 000,000,851 | ---- | C] () -- C:\Windows\xxclone.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/02 15:54:00 | 000,004,801 | ---- | C] () -- C:\Windows\UN060501.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/08/20 21:33:14 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acronis
[2010/02/06 04:36:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CanuckSoftware
[2010/03/19 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CheckPoint
[2009/10/15 21:14:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CompanionLink
[2010/02/13 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Facebook
[2009/08/15 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\HotSync
[2010/03/17 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\ImgBurn
[2009/09/15 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\KompoZer
[2009/08/19 23:10:49 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\NCH Swift Sound
[2010/03/19 19:41:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Nvu
[2010/03/15 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sammsoft
[2009/01/30 22:49:08 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\TaxCut
[2010/03/18 23:51:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\uTorrent
[2009/10/28 16:52:58 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Vso
[2010/03/22 00:17:08 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/21 19:37:42 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/03/16 03:35:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 04:07:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:07:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


mbam

Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/22/2010 10:14:17 PM
mbam-log-2010-03-22 (22-14-17).txt

Scan type: Quick Scan
Objects scanned: 108100
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


eset

D:\Nero8.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\Program Files\RegistryFix\RegistryFix.exe a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

I will report back with the condition of the machine this PM. I just wanted to post this before i left for work so that it would be here when you got a chance to work on it.

Thanks
Jeff

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 23 March 2010 - 05:54 PM

Hello,

Did you copy and paste the fix for Otl from my last post a click Run fix? It looks like you just ran OTL instead or using the script from my last post and clicking Run fix.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 23 March 2010 - 09:09 PM

yeah, I copied that text, pasted it into the box and clicked run fix. should i do it again?

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 23 March 2010 - 10:24 PM

Yes please do it again it looks like it didn't run.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 dr.porsche

dr.porsche
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 24 March 2010 - 05:58 AM

Looking back, i think I posted the wrong txt fiel for OTL. Here is the correct one.

OTL

All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 ( File not found> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{143e96d3-8d57-11dd-ac53-001bdc0038b4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell00\Command - "" = G:\Autorun.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell01\Command - "" = G:\Autorun.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2a40b49b-cd78-11dc-81e1-e413bfc2c2c1}\Shell\Shell02\Command - "" = G:\Autorun.exe -- File not found> in the current context!
========== FILES ==========
C:\Users\Dad\AppData\Local\QJyrk5wvCU1 moved successfully.
C:\ProgramData\QJyrk5wvCU1 moved successfully.
Unable to replace file: C:\WINDOWS\System32\drivers\atapi.sys with C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys without a reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FB093F4-F00B-49B7-B148-ABC5CDFE170B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FB093F4-F00B-49B7-B148-ABC5CDFE170B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CACFA021-D4DC-47FB-8C0B-8714518C3CCB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CACFA021-D4DC-47FB-8C0B-8714518C3CCB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E0639DD8-420E-435C-9E4E-6C717DDB5B58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0639DD8-420E-435C-9E4E-6C717DDB5B58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE80BB73-9855-4343-910F-E7BC10F09150}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE80BB73-9855-4343-910F-E7BC10F09150}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Dad
->Temp folder emptied: 18687702 bytes
->Temporary Internet Files folder emptied: 87115005 bytes
->Java cache emptied: 280761311 bytes
->FireFox cache emptied: 26991774 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 48674 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32281781 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 96631779 bytes

Total Files Cleaned = 518.00 mb


[EMPTYFLASH]

User: All Users

User: Dad
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03222010_214857

Files\Folders moved on Reboot...
C:\Users\Dad\AppData\Local\Temp\~DF30F5.tmp moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY1WQLFU\iframe[2].htm moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NIXL0Z6\google_com[2].htm moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09BQ0XYC\index[3].htm moved successfully.
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT00857.TMP not found!

Registry entries deleted on Reboot...


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:20 AM

Posted 24 March 2010 - 04:16 PM

Hello,

That log is the one we are looking for. thumbup2.gif


1.
Please update Malwarebytes_Anti-Malware and do a FullScan

2.
    3. Double click on the icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Things to include in your next reply:
MBAM log
OTL.txt
Extra.txt
How is your machine running now? Any redirects? Any signs or symptoms of Malware?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users