Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost control of taskbar, recycle bin and start menu


  • This topic is locked This topic is locked
44 replies to this topic

#1 KateWales

KateWales

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 04 June 2010 - 01:13 PM

Thanks Boopme, I have internet access atm, downloaded OTL and when the icon appeared on the desktop, the little Windows Security Centre icon was right there in the bottom right corner... I ran the scan for all Users.

OTL.txt:

OTL logfile created on: 04/06/2010 18:59:52 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Big Momma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 6.27 Gb Free Space | 5.62% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.20 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGMOMMA-PC
Current User Name: Big Momma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/04 18:59:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Big Momma\Desktop\OTL.exe
PRC - [2010/05/06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 17:00:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/07/03 18:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/20 09:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/01 00:35:20 | 000,326,440 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007/04/26 00:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/17 02:48:12 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/02/09 14:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/04 18:59:00 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Big Momma\Desktop\OTL.exe
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 08:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/31 15:32:58 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\System32\msdtc -- (MSDTC)
SRV - [2010/05/13 08:24:57 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/10/04 20:57:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 18:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/26 00:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/17 02:48:12 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 21:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/10/29 23:26:56 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/01/19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/12/05 02:41:00 | 008,238,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 01:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/14 04:46:47 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/06/22 10:34:12 | 001,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/05 12:08:56 | 000,454,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007/05/02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/04/26 00:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/04/26 00:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/04/26 00:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/01/24 10:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2007/01/22 09:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2006/12/08 02:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 31 01 2F F9 03 CB 01 [binary data]
IE - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 17:00:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 11:20:01 | 000,000,000 | ---D | M]

[2009/08/12 09:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/17 14:45:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI File not found
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\All Users\2975001584 ()
O4 - Startup: C:\Users\All Users\8s32 ()
O4 - Startup: C:\Users\All Users\Adobe [2010/02/03 12:07:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Alwil Software [2010/04/03 23:57:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple [2009/12/24 23:41:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2009/12/24 23:36:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\CyberLink [2007/09/14 04:58:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\eBay [2009/02/21 00:39:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Electronic Arts [2009/08/26 17:47:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\EPSON [2008/09/25 23:41:51 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\eSobi [2007/09/14 04:58:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\F-Secure [2010/06/02 18:32:07 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FLEXnet [2008/10/04 21:06:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2009/11/03 00:50:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\LauncherAccess.dt ()
O4 - Startup: C:\Users\All Users\Malwarebytes [2009/06/15 09:53:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee [2009/11/14 10:16:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\McAfee Security Scan [2010/05/31 15:32:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010/06/04 15:50:56 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2010/05/13 00:49:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\My Movies [2008/09/08 11:02:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NortonInstaller [2009/06/15 09:27:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NOS [2010/04/17 08:31:11 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\NVIDIA [2010/02/21 17:58:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2010/06/01 08:57:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Suite [2010/03/11 15:26:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PopCap Games [2010/03/01 21:24:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\SuperEasy Software [2008/09/28 15:07:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TEMP [2010/02/21 17:39:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2006/11/02 14:02:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\UDL [2008/09/25 23:46:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WindowsSearch [2008/09/29 10:43:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\WLInstaller [2008/10/25 00:35:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2007/09/14 04:34:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/12/24 23:37:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Big Momma\AppData [2008/09/07 06:53:20 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Big Momma\Application Data [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Contacts [2010/05/31 15:40:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Cookies [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Desktop [2010/06/04 18:59:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Documents [2010/05/17 10:44:08 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Downloads [2010/05/30 23:11:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Favorites [2008/09/07 06:53:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Links [2010/05/31 15:40:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Local Settings [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Music [2009/12/24 23:41:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\My Documents [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\NetHood [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\ntuser.dat ()
O4 - Startup: C:\Users\Big Momma\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Big Momma\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Big Momma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Big Momma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Big Momma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Big Momma\ntuser.ini ()
O4 - Startup: C:\Users\Big Momma\Office Genuine Advantage [2010/06/04 15:42:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Big Momma\Pictures [2010/05/14 18:32:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\PrintHood [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Recent [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Saved Games [2008/12/10 13:44:16 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\Searches [2010/05/31 15:40:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Big Momma\SendTo [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Start Menu [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Templates [2008/09/07 06:52:53 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Big Momma\Tracing [2010/01/12 00:25:13 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Big Momma\Videos [2010/06/02 12:24:15 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\AppData [2006/11/02 12:18:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2006/11/02 14:02:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Favorites [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 11:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\AppData [2010/06/02 19:54:21 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Application Data [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Contacts [2010/06/02 19:54:09 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Cookies [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Desktop [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Documents [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Downloads [2010/06/02 20:04:39 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Favorites [2010/06/02 19:54:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Links [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Local Settings [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Music [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\My Documents [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\NetHood [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\NTUSER.DAT ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\ntuser.ini ()
O4 - Startup: C:\Users\FIXIIIIING!!!!\Pictures [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\PrintHood [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Recent [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Saved Games [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Searches [2010/06/02 19:54:21 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\SendTo [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Start Menu [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Templates [2010/06/02 19:30:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\FIXIIIIING!!!!\Videos [2010/06/02 19:54:20 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\AppData [2010/02/21 17:57:12 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Fixit\Application Data [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Contacts [2010/02/21 17:56:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Cookies [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Desktop [2010/06/02 12:58:45 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Documents [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Downloads [2010/02/21 18:20:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Favorites [2010/02/21 17:57:13 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Links [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Local Settings [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Music [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\My Documents [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\NetHood [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\ntuser.dat ()
O4 - Startup: C:\Users\Fixit\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Fixit\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Fixit\NTUSER.DAT{2642f80c-3f73-11df-afa7-001c25898e2c}.TM.blf ()
O4 - Startup: C:\Users\Fixit\NTUSER.DAT{2642f80c-3f73-11df-afa7-001c25898e2c}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Fixit\NTUSER.DAT{2642f80c-3f73-11df-afa7-001c25898e2c}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Fixit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Fixit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Fixit\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Fixit\ntuser.ini ()
O4 - Startup: C:\Users\Fixit\Pictures [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\PrintHood [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Recent [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Saved Games [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\Searches [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Fixit\SendTo [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Start Menu [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Templates [2010/02/21 17:56:35 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Fixit\Videos [2010/02/21 17:57:12 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\AppData [2008/09/28 14:09:51 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Mcx1\Application Data [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Cookies [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Desktop [2008/09/28 14:15:11 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\Documents [2008/09/28 14:09:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\Downloads [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\Favorites [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\Links [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\Local Settings [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Music [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\My Documents [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\NetHood [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\ntuser.dat ()
O4 - Startup: C:\Users\Mcx1\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Mcx1\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{2642f80a-3f73-11df-afa7-001c25898e2c}.TM.blf ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{2642f80a-3f73-11df-afa7-001c25898e2c}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{2642f80a-3f73-11df-afa7-001c25898e2c}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{3638f1e1-03db-11de-a860-001c25898e2c}.TM.blf ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{3638f1e1-03db-11de-a860-001c25898e2c}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{3638f1e1-03db-11de-a860-001c25898e2c}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Mcx1\ntuser.ini ()
O4 - Startup: C:\Users\Mcx1\Pictures [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx1\PrintHood [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Recent [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Saved Games [2006/11/02 11:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Mcx1\SendTo [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Start Menu [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Templates [2008/09/28 14:09:44 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx1\Videos [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\AppData [2009/04/01 18:54:34 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Mcx2\Application Data [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Cookies [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Desktop [2009/04/01 18:59:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\Documents [2009/04/01 18:54:15 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\Downloads [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\Favorites [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\Links [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\Local Settings [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Music [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\My Documents [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\NetHood [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\ntuser.dat ()
O4 - Startup: C:\Users\Mcx2\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Mcx2\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Mcx2\ntuser.dat{2642f821-3f73-11df-afa7-001c25898e2c}.TM.blf ()
O4 - Startup: C:\Users\Mcx2\ntuser.dat{2642f821-3f73-11df-afa7-001c25898e2c}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Mcx2\ntuser.dat{2642f821-3f73-11df-afa7-001c25898e2c}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Mcx2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
O4 - Startup: C:\Users\Mcx2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Mcx2\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Mcx2\ntuser.ini ()
O4 - Startup: C:\Users\Mcx2\Pictures [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Mcx2\PrintHood [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Recent [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Saved Games [2006/11/02 11:23:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Mcx2\SendTo [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Start Menu [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Templates [2009/04/01 18:54:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Mcx2\Videos [2006/11/02 11:23:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Desktop [2010/06/04 17:31:43 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\desktop [2010/06/04 17:31:43 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2009/06/23 20:52:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2010/03/01 10:29:44 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2006/11/02 11:23:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009/05/02 08:44:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2006/11/02 13:50:50 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2010/06/02 12:24:15 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009/05/02 08:44:36 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1379310552-3699071534-3854482625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\web\wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/16 15:40:40 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/04 17:27:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/04 17:27:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/04 17:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2010/06/04 16:10:44 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/06/04 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Big Momma\Office Genuine Advantage
[2010/06/04 13:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/03 13:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 20:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/02 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/06/02 13:00:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/01 08:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/04/03 23:58:54 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/03 23:58:53 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/03 23:58:52 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/03 23:58:51 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/03 23:58:50 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/03 23:57:50 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/03 23:57:50 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/03 23:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/03 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/11 15:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010/03/11 15:25:14 | 000,090,624 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010/03/11 15:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/11 15:25:10 | 000,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/03/11 15:24:47 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010/03/11 15:24:47 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010/03/11 15:24:47 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010/03/11 15:24:47 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010/03/11 15:24:47 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010/03/11 15:24:47 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010/03/11 15:24:47 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010/03/11 15:23:40 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010/03/11 15:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/03/11 15:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2007/09/14 04:38:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/04 19:03:24 | 016,777,216 | -HS- | M] () -- C:\Users\Big Momma\ntuser.dat
[2010/06/04 18:19:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1379310552-3699071534-3854482625-1000UA.job
[2010/06/04 17:14:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/04 17:14:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 17:14:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 17:14:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/04 17:13:54 | 000,524,288 | -HS- | M] () -- C:\Users\Big Momma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/04 17:13:54 | 000,065,536 | -HS- | M] () -- C:\Users\Big Momma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/03 09:19:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1379310552-3699071534-3854482625-1000Core.job
[2010/06/01 18:23:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/01 18:23:21 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/01 18:23:21 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/11 11:32:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/08 08:22:23 | 001,721,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 21:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 21:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 21:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 21:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 21:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/14 17:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/03 23:58:55 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/03 23:43:10 | 000,002,776 | -HS- | M] () -- C:\ProgramData\8s32
[2010/04/03 22:33:59 | 000,001,248 | -HS- | M] () -- C:\ProgramData\2975001584
[2010/03/18 17:50:33 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/11 15:22:52 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/02 18:50:46 | 000,000,363 | ---- | C] () -- \rkill.log
[2010/06/02 14:59:07 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2010/06/02 12:58:41 | 000,000,109 | ---- | C] () -- \mbam-error.txt
[2010/05/28 12:25:09 | 2460,831,744 | -HS- | C] () --
[2010/04/03 23:58:55 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/03 22:34:11 | 000,002,776 | -HS- | C] () -- C:\ProgramData\8s32
[2010/04/03 22:33:56 | 000,001,248 | -HS- | C] () -- C:\ProgramData\2975001584
[2010/03/18 17:50:33 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/11 15:23:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/03/11 15:23:40 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/03/11 15:22:52 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/10/29 23:20:49 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/09/25 23:42:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/25 23:39:09 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008/09/07 12:52:06 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/07 12:52:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/03/11 12:47:24 | 000,884,736 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter.dll
[2008/02/05 11:31:50 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HDX4MediaReveal.dll
[2007/10/12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/09/14 05:40:30 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/09/14 04:38:26 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/09/14 03:53:55 | 000,000,697 | ---- | C] () -- C:\Windows\generic.ini
[2007/09/14 03:53:55 | 000,000,110 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/04/26 00:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/26 00:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/26 00:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/26 00:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/26 00:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/26 00:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 23:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/04/03 23:57:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\Alwil Software
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009/02/21 00:39:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\eBay
[2009/08/26 17:47:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
[2008/09/25 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\EPSON
[2007/09/14 04:58:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSobi
[2010/06/02 18:32:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\F-Secure
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2008/09/08 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\My Movies
[2010/03/11 15:26:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC Suite
[2010/03/01 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2008/09/28 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\SuperEasy Software
[2010/02/21 17:39:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006/11/02 14:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2008/09/25 23:46:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\UDL
[2008/09/29 10:43:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2007/09/14 04:34:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/12/24 23:37:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/09/07 06:53:20 | 000,000,000 | -H-D | M] -- C:\Users\Big Momma\AppData
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\Application Data
[2010/05/31 15:40:19 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Contacts
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\Cookies
[2010/06/04 18:59:00 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Desktop
[2010/05/17 10:44:08 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Documents
[2010/05/30 23:11:20 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Downloads
[2008/09/07 06:53:21 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Favorites
[2010/05/31 15:40:30 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Links
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\Local Settings
[2009/12/24 23:41:37 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Music
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\My Documents
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\NetHood
[2010/05/14 18:32:40 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Pictures
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\PrintHood
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\Recent
[2008/12/10 13:44:16 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Saved Games
[2010/05/31 15:40:29 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Searches
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\SendTo
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\Start Menu
[2008/09/07 06:52:53 | 000,000,000 | -HSD | M] -- C:\Users\Big Momma\Templates
[2010/01/12 00:25:13 | 000,000,000 | ---D | M] -- C:\Users\Big Momma\Tracing
[2010/06/02 12:24:15 | 000,000,000 | R--D | M] -- C:\Users\Big Momma\Videos
[2006/11/02 12:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2006/11/02 14:02:03 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006/11/02 11:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010/06/02 19:54:21 | 000,000,000 | -H-D | M] -- C:\Users\FIXIIIIING!!!!\AppData
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\Application Data
[2010/06/02 19:54:09 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Contacts
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\Cookies
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Desktop
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Documents
[2010/06/02 20:04:39 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Downloads
[2010/06/02 19:54:22 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Favorites
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Links
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\Local Settings
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Music
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\My Documents
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\NetHood
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Pictures
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\PrintHood
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\Recent
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Saved Games
[2010/06/02 19:54:21 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Searches
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\SendTo
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\Start Menu
[2010/06/02 19:30:55 | 000,000,000 | -HSD | M] -- C:\Users\FIXIIIIING!!!!\Templates
[2010/06/02 19:54:20 | 000,000,000 | R--D | M] -- C:\Users\FIXIIIIING!!!!\Videos
[2010/02/21 17:57:12 | 000,000,000 | -H-D | M] -- C:\Users\Fixit\AppData
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\Application Data
[2010/02/21 17:56:59 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Contacts
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\Cookies
[2010/06/02 12:58:45 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Desktop
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Documents
[2010/02/21 18:20:22 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Downloads
[2010/02/21 17:57:13 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Favorites
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Links
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\Local Settings
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Music
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\My Documents
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\NetHood
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Pictures
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\PrintHood
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\Recent
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Saved Games
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Searches
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\SendTo
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\Start Menu
[2010/02/21 17:56:35 | 000,000,000 | -HSD | M] -- C:\Users\Fixit\Templates
[2010/02/21 17:57:12 | 000,000,000 | R--D | M] -- C:\Users\Fixit\Videos
[2008/09/28 14:09:51 | 000,000,000 | -H-D | M] -- C:\Users\Mcx1\AppData
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\Application Data
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\Cookies
[2008/09/28 14:15:11 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Desktop
[2008/09/28 14:09:44 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Documents
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Downloads
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Favorites
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Links
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\Local Settings
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Music
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\My Documents
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\NetHood
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Pictures
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\PrintHood
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\Recent
[2006/11/02 11:23:35 | 000,000,000 | ---D | M] -- C:\Users\Mcx1\Saved Games
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\SendTo
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\Start Menu
[2008/09/28 14:09:44 | 000,000,000 | -HSD | M] -- C:\Users\Mcx1\Templates
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx1\Videos
[2009/04/01 18:54:34 | 000,000,000 | -H-D | M] -- C:\Users\Mcx2\AppData
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\Application Data
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\Cookies
[2009/04/01 18:59:57 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Desktop
[2009/04/01 18:54:15 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Documents
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Downloads
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Favorites
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Links
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\Local Settings
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Music
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\My Documents
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\NetHood
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Pictures
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\PrintHood
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\Recent
[2006/11/02 11:23:35 | 000,000,000 | ---D | M] -- C:\Users\Mcx2\Saved Games
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\SendTo
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\Start Menu
[2009/04/01 18:54:15 | 000,000,000 | -HSD | M] -- C:\Users\Mcx2\Templates
[2006/11/02 11:23:35 | 000,000,000 | R--D | M] -- C:\Users\Mcx2\Videos
[2010/06/04 17:31:43 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2009/06/23 20:52:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2010/03/01 10:29:44 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006/11/02 11:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009/05/02 08:44:23 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010/06/02 12:24:15 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009/05/02 08:44:36 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2010/06/04 16:01:42 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/09/08 00:18:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/09/08 00:18:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/09/08 00:18:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Users\All Users\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >




Extras.txt:

OTL Extras logfile created on: 04/06/2010 18:59:52 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Big Momma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 6.27 Gb Free Space | 5.62% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.20 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGMOMMA-PC
Current User Name: Big Momma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1379310552-3699071534-3854482625-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" [2009/12/07 12:37:01 | 000,000,000 | ---D | M]
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04583A05-F46E-4990-B2AF-051D7F492318}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{05FD7997-6EE1-42AA-B4F7-06BABA7A33F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06BFBA21-BDA9-4D4E-8DE3-C22DD745CDCC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{08E4342A-D9FE-4C8C-9116-D071D88FDC61}" = rport=10244 | protocol=6 | dir=out | app=system |
"{0A227C1A-6138-43CB-966B-2B3FE6CDAD62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12532729-0621-4E2B-BBF9-8AEDBF999842}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{18D9C6A6-D891-48C6-87A1-493701EADAF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BB64E42-D833-4E9F-90C8-F1699F813746}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BED5C08-9101-4FED-B5D1-4B8FF905A5D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21F215B9-E567-4268-A697-267C09A92FD2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21FE1BB8-6E84-4FBE-8EA0-0261A3D1F2AE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{239B6374-20CF-4B44-B9E0-7A612190B3D9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{24F445E6-6025-4666-9C2B-4C566EF47FFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AA20922-E5C0-4D5C-94E6-811963E86290}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D3236AB-B51E-4BC6-8091-F5770A2A126F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2F2A39FF-C709-484E-8182-415CA2CF4E30}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3222791C-F565-4841-B10E-C256F919B364}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33D170AA-D3B1-4CC9-A27B-21EEC416EC09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D52F408-3F6B-49D1-9B59-8BFA146606E1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4D8F256B-26EC-49FA-A424-7C1E72EEBBDE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4E2D7E5C-A3DB-4A78-908A-4EB613BB6FDE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{514F58B0-5A64-4974-80DB-268383689901}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5218D363-277B-447F-926C-D049DC508CEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C6B4441-27EF-41E4-9F8A-6C22B7B170A8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5C8887CA-DE49-42D0-87BE-A499E38564F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65431C26-9E3A-4AC0-A5AB-1C4F6B08709D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{7F65F425-DB43-4C38-8658-BEF781E8A925}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82E5198A-D98E-49C8-A0C4-44827EFA0EB8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{83A46EA7-B394-46E4-96CE-0FCA664A47A0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{89395EDC-E25C-42B4-989E-BD46AA0558CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D738FFA-D9D6-40B4-96FD-D031AA5359F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F47D5C7-43C6-4E20-BE2D-20E9F60022E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A842FE60-42D7-43E7-A64C-BA62D9377139}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B22DD356-2E75-4CAB-9CE9-18A9883AD724}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B540EF44-EF31-42AE-9A90-639341A2E235}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC58A001-F428-4A9B-8B8F-FD185135028D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3C44F39-D16D-4090-91CE-5E7167A5ED53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6DD102A-FD56-40F9-AC5A-A7A2A19F633F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C93B7A8F-E2E5-4AE8-8495-0F3729F369AE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D8E6BC07-5363-4035-BB82-EC4544668947}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D9FF7EC7-CE91-47EE-98CF-E6D25AC64487}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB4B44EB-A927-46CC-A1CB-59377349C60C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0CAE6C-C531-470F-A0E5-F968F4F0710A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F3646607-AFE7-4A0F-99D5-80A10ABE1FD8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F4921443-8C4E-4CE2-B7EF-04305C3ADE3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F842D667-DEDD-4E69-A22E-8E5AB0A81F9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8EF2772-8D24-4813-8C08-AF6F043395F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD433A73-7384-4800-8E78-1A90AB81E314}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019BD195-1242-4434-B44D-B511E47B81C7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0357A4B0-6E3B-4AD7-9C46-7BEC47544C40}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{07EAD5AA-E697-4076-8FDF-38EF9AE5F820}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C81D9E4-5787-41EF-BAB3-DA85FD754680}" = protocol=6 | dir=in | app=c:\users\big momma\appdata\local\cyberdefender internet security\antispyware\cdas994c.exe |
"{0C868BE3-566D-4F6C-814B-BE50658688A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17E1A1CE-6FB3-41C3-989E-CC655EAF450A}" = protocol=6 | dir=in | app=c:\users\big momma\appdata\local\temp\7zs7d47.tmp\symnrt.exe |
"{1D9694B4-0875-48E6-A757-8FBFF2A4E2BC}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{2C6B00A3-16A9-44A1-A743-46254E5E376C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2E2A24EE-0A2C-4EDA-ACA1-22BBCE1CC833}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2F8CF422-4B7C-4B29-9A57-6092C0E2C5E0}" = protocol=17 | dir=in | app=c:\users\big momma\appdata\local\temp\7zs48a1.tmp\symnrt.exe |
"{326A7988-8338-4CE8-BD24-F0474287ECBF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{3C50E347-4582-4B4F-B54A-04A01708446E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{43B84E22-E8E2-4A66-BDC1-8A5C5AA2363B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48C4529A-D0C4-4E7B-A6A5-ACA0E25F22CF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{48FE7A78-5320-4980-AB45-549192BCC397}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{4C6D2EDF-8CC6-477E-8340-B30A2172C61D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{51F972C9-12FD-43E5-B8D5-CD20A3E46616}" = protocol=17 | dir=in | app=c:\users\big momma\appdata\local\temp\7zs7d47.tmp\symnrt.exe |
"{53A7E85A-1EC2-48E0-AEA9-B743EF14C98C}" = protocol=6 | dir=in | app=c:\acer\empowering technology\acer.empowering.framework.supervisor.exe |
"{70313D0E-2D73-4A56-AFD6-6DE194F07AED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{740FFC87-FD92-4DA2-A173-EA03EFDD0BE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EE18BE6-ACC2-4F48-A11A-BAF577B75CFF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{83838734-2C82-4256-BBE5-ACCB56F0E67F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{85CBA43F-BAE3-4DDA-B044-A4D103CBC956}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88A55684-A9E6-4620-AFFF-29CE916DD837}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93441DE5-7A93-412D-AF07-694C9D838D19}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{93E5DB4F-DDF1-4058-B789-756B3B3E48D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{956149CE-211A-4264-A905-44133F22E09E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{96D22DC4-8B6F-4530-AD00-3E4F1386AB82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9763CCD0-485C-453A-AC29-F42126FEF875}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9984079F-FC03-44E2-9CE2-A86BF18F83AD}" = protocol=17 | dir=in | app=c:\acer\empowering technology\acer.empowering.framework.supervisor.exe |
"{9A8350FA-C7D3-4F6E-B3B2-AE319ECCF6DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9CC66100-F44F-470D-9DD9-3474B510B560}" = protocol=17 | dir=in | app=c:\users\big momma\appdata\local\cyberdefender internet security\antispyware\cdas994c.exe |
"{9DD62583-8A0F-4A5D-A2AF-586DE4A4630D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF5464A1-51BE-4983-A0D3-18BEF456D4AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B18354C5-FBCC-49BE-9FA1-DCD4CA785D0B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{B1D68E07-1F9A-471B-AF38-E4275F82A006}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B56D3BF4-3F81-4B33-85F3-23EB7C3A8D5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B73EF888-C20D-4045-894B-C02C0EEEE503}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BC7C567B-218F-4B25-A8B2-15C2229F168E}" = protocol=6 | dir=out | app=system |
"{BE67AEB3-05BC-4287-9540-F834488C8654}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C139B19C-3BCC-4F92-A44B-C96B32FE4638}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C15F388C-598D-40D7-83C2-B6C34CEA0E67}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C172202E-DCB2-46C8-BA05-ECD46EC25645}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C183C350-11F4-479E-9019-B1D4EA4C32C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C397CCF1-E241-4F22-98A5-E04B5B6701E9}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C56ED875-1C09-453C-AB6E-C5C74DDAD8A6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{C88045B5-8FB6-4B49-9062-991F7FDCD324}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9C73C4D-8157-4F27-8EBB-5582EE6B5DC6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CF732F57-3145-4B17-93BE-2F7519B3CD4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3C07399-1C7C-4151-B6BD-7E12C1349C13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D68084A4-DBFD-4256-B4FC-F39CC0E31798}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{DC17A9B8-CC9A-4DBE-92D7-E28BD466C5F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDECB73F-1F0B-452B-8822-1744DD2A6EE8}" = protocol=6 | dir=in | app=c:\users\big momma\appdata\local\temp\7zs48a1.tmp\symnrt.exe |
"{ED571893-4C1A-4C23-89F5-636D631368FD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FBAF6877-D9E6-4D53-8E49-3400A791CD9A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3E0A1F89-FC27-42E9-8DB5-82726B3C4937}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{624681CF-2297-4A58-A1E7-EEEB701B8501}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{73023815-286A-4ACF-81AE-F7811D837E78}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7E47590E-0DFA-42B8-B6C1-18F6FF638A50}C:\program files\steam\steamapps\j2k9\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\j2k9\counter-strike source\hl2.exe |
"TCP Query User{91F1D9BB-EE17-4901-A760-124D36CED31C}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{9B15DB4C-8E9A-47D5-A643-06D4FECF79C7}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D1311313-D780-46BF-852E-824EDA18E236}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{00B99229-0416-471C-9129-FF315903DC74}C:\program files\steam\steamapps\j2k9\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\j2k9\counter-strike source\hl2.exe |
"UDP Query User{15162C91-C030-4494-8868-9F91078C7C42}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{40B035B4-CF63-4079-875C-75BC36B6B85E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{5DB5CC48-E4DC-44C4-B315-2738B88A3061}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{85DB29DC-2358-4D8F-A0BD-5A5E2913539C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BB0FE0E7-D642-40E6-A033-F2A0AB7C5D42}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F439657F-1909-491B-B5E8-818F01C23281}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 240" = Counter-Strike: Source
"Video Converter" = Video Converter
"Videora iPod Converter" = Videora iPod Converter 5.04
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/05/2009 06:30:40 | Computer Name = BigMomma-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3399 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10d0 Start Time: 01c9e047305b7f43 Termination Time: 6

Error - 30/05/2009 13:02:04 | Computer Name = BigMomma-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, time stamp 0x49f1091d,
faulting module xul.dll, version 1.9.0.3399, time stamp 0x49f10982, exception code
0xc0000005, fault offset 0x0009ab74, process id 0x13b0, application start time 0x01c9e1480529b67c.

Error - 01/06/2009 15:55:58 | Computer Name = BigMomma-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module studiorender.dll, version 0.0.0.0, time stamp 0x47140813, exception
code 0xc0000005, fault offset 0x0003198a, process id 0xd24, application start time
0x01c9e2e687865f23.

Error - 03/06/2009 16:03:43 | Computer Name = BigMomma-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x47e2d72b,
exception code 0xc0000005, fault offset 0x0ef7e8e4, process id 0x174c, application
start time 0x01c9e472fb665a80.

Error - 04/06/2009 04:16:57 | Computer Name = BigMomma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 04/06/2009 11:35:38 | Computer Name = BigMomma-PC | Source = ESENT | ID = 455
Description = Catalog Database (1592) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb000D8.log.

Error - 04/06/2009 11:35:38 | Computer Name = BigMomma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 04/06/2009 16:50:13 | Computer Name = BigMomma-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4445c334,
faulting module studiorender.dll, version 0.0.0.0, time stamp 0x47140813, exception
code 0xc0000005, fault offset 0x0003198a, process id 0x16a4, application start time
0x01c9e53ecc31a589.

Error - 06/06/2009 12:16:19 | Computer Name = BigMomma-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/06/2009 06:43:59 | Computer Name = BigMomma-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 28/09/2008 08:56:15 | Computer Name = BigMomma-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 28/09/2008 09:00:02 | Computer Name = BigMomma-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 11/12/2008 11:22:23 | Computer Name = BigMomma-PC | Source = ehReplay | ID = 701
Description =

Error - 11/12/2008 11:22:23 | Computer Name = BigMomma-PC | Source = ehReplay | ID = 700
Description =

Error - 11/12/2008 11:22:50 | Computer Name = BigMomma-PC | Source = ehReplay | ID = 701
Description =

Error - 15/01/2009 19:00:12 | Computer Name = BigMomma-PC | Source = McrMgr | ID = 109
Description =

Error - 02/04/2009 14:32:25 | Computer Name = BigMomma-PC | Source = McrMgr | ID = 109
Description =

Error - 02/04/2009 14:39:36 | Computer Name = BigMomma-PC | Source = McrMgr | ID = 109
Description =

Error - 21/04/2009 05:50:24 | Computer Name = BigMomma-PC | Source = McrMgr | ID = 109
Description =

Error - 28/04/2009 05:21:53 | Computer Name = BigMomma-PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 04/06/2010 11:03:43 | Computer Name = BigMomma-PC | Source = DCOM | ID = 10005
Description =

Error - 04/06/2010 11:03:50 | Computer Name = BigMomma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04/06/2010 11:03:50 | Computer Name = BigMomma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04/06/2010 11:03:50 | Computer Name = BigMomma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04/06/2010 11:03:50 | Computer Name = BigMomma-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/06/2010 11:05:16 | Computer Name = BigMomma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04/06/2010 11:16:47 | Computer Name = BigMomma-PC | Source = DCOM | ID = 10005
Description =

Error - 04/06/2010 11:20:46 | Computer Name = BigMomma-PC | Source = DCOM | ID = 10005
Description =

Error - 04/06/2010 11:54:13 | Computer Name = BigMomma-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001C25898E2C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/06/2010 12:14:38 | Computer Name = BigMomma-PC | Source = HTTP | ID = 15016
Description =


< End of report >



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:06 AM

Posted 06 June 2010 - 08:51 PM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 07 June 2010 - 06:39 AM

Thanks Shannon, no worries about the delay I'm just grateful places like this are available and your volunteers help PC numpties like me ;)

My original post:

I'm using Windows Vista. Version 6 (Build 6001: Service Pack 1).

A month or so ago I had some problems with the fake Windows Security virus ( calling itself Vista Security 2010 I think ) on my system, I was able to find some advice online and managed to remove it. Then 2 days ago I performed a System Restore as I was having problems with my wireless router ( turns out it was a faulty wire connection) but I think it's possible I have re-infected with this virus although it is not behaving in the same manner.

So far the things I have noticed that are not working correctly:

Recycle Bin-the icon doesn't change to 'full' when I send things to it and when I click to empty it, it displays this message, " Are you sure you want to permanently delete all of these items?" It would usually state the number of items. If I open the bin after filling it, it shows 0 objects.

Taskbar-I am unable to unlock it.

Start Menu- Switches itself back to Windows Vista view although I have selected Classic.

Windows Defender does not show in sys tray even though when opened it says it's working. After I removed the fake Security Virus, Defender would pop up in sys tray saying it had blocked some start up programs, it hasn't done this since I Restored.

Desktop- 2 Control Panel icons have appeared there and I can not delete them.

Icon for my son's Counter-Strike (the Steam thingy) is a blank white box.

Also, the icon for Windows Security Centre-looks like a shield with 4 different coloured quarters- is showing up in Control Panel in the bottom right corner of some of the other folder icons, specifically:

Add Hardware
Device Manager
iSCSI Initiator
Parental Controls

It also appears on the install button of Mbam when I try to re-install and run it. I have tried removing and re-installing it several times but that icon keeps showing up and I don't trust it! I have also tried Rkill, but the only thing it killed was itself. I have tried both of these programs in Safe Mode too- with the same outcome. The little icon thing even pops up there. I tried renaming the file ( as per the instructions on a thread here), but the same thing happened. I was unable to change the file extension as I couldn't get the hidden menu to show.

I tried downloading the scanner from Housecall, but the icon popped up on that too. I run Avast and tried the scanner on that but it finds nothing. The Windows Live One Care Safety scanner did find 1 severe threat and 270 odd reg keys (? I think, my brain is getting frazzled) but there was no tick-box or info on the severe threat and no way I could see to clean it.

I think that's it! I realise these problems aren't that disruptive, but I am concerned about what might be going on behind the scenes.

********************************

Have Run DDS and GMER as requested, logs attached and thanks again smile.gif

DDS (Ver_10-03-17.01) - NTFSx86
Run by Big Momma at 11:54:27.43 on 07/06/2010
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1170 [GMT 1:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {4A4EEF6F-AABF-4295-A58E-F6D804B4C1C3}
SP: CyberDefender Internet Security *enabled* (Updated) {2A0CF9CB-43D8-4EFC-B77A-62103DEFED80}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Big Momma\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://en.uk.acer.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\users\bigmom~1\appdata\local\temp\E_SC1FA.tmp" /EF "HKCU"
mRun: [Skytel] Skytel.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
StartupFolder: c:\users\bigmom~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bigmom~1\appdata\roaming\mozilla\firefox\profiles\aij045t2.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\users\big momma\appdata\roaming\mozilla\firefox\profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\FFExternalAlert.dll
FF - component: c:\users\big momma\appdata\roaming\mozilla\firefox\profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\RadioWMPCore.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-3 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-3 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-3 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-3-11 233472]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-11 36608]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-9-14 46592]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2007-9-14 454520]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-3-11 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-3-11 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-3-11 121856]

=============== Created Last 30 ================

2010-06-04 16:27:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 16:27:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 16:27:05 0 dc----w- c:\program files\Malwarebytes' Anti-Malware2
2010-06-04 15:10:44 0 d--h--w- c:\windows\PIF
2010-06-03 12:25:24 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 19:19:56 0 dc----w- c:\program files\ESET
2010-06-02 17:32:07 0 d-----w- c:\programdata\F-Secure
2010-06-02 12:00:38 0 d-----w- c:\windows\pss
2010-06-01 07:57:54 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-31 05:26:02 12 ----a-w- c:\users\bigmom~1\appdata\roaming\lkbvmy.dat
2010-05-26 05:21:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-11 22:37:56 738304 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-05-27 07:00:36 171886163 ----a-w- c:\windows\DUMP48b2.tmp
2010-05-16 08:26:45 182986323 ----a-w- c:\windows\DUMP2e5f.tmp
2010-05-12 10:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-02 20:05:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-02 20:05:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-02 20:05:33 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-24 22:47:10 4172 ----a-w- c:\users\bigmom~1\appdata\roaming\wklnhst.dat
2008-09-16 15:26:24 174 --sha-w- c:\program files\desktop.ini
2008-09-16 14:38:20 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-15 08:09:22 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-01-15 08:09:22 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-15 08:09:22 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-02-23 02:19:48 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-02-21 06:58:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2006-03-04 10:50:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:55:34.61 ===============





Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:02:06 PM

Posted 07 June 2010 - 10:01 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.



==============================



1. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.
Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:
  1. Leave your computer alone while ComboFix is running.
  2. ComboFix will restart your computer if malware is found; allow it to do so.
  3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  4. Please do not mouseclick combofix's window while its running because it may call it to stall.
  5. ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 07 June 2010 - 10:53 AM

Hi semapi and thanks for your help.

Downloaded and ran Combofix, at the start it found " CyberDefenderInternetSecurity" running, I managed to locate the folder but was unable to disable it, not showing in Task Manger and at the moment I don't have control of the Recycle Bin so my attempt to delete is was futile.

ComboFix 10-06-06.05 - Big Momma 07/06/2010 16:36:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1272 [GMT 1:00]
Running from: c:\users\Big Momma\Desktop\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {4A4EEF6F-AABF-4295-A58E-F6D804B4C1C3}
SP: CyberDefender Internet Security *enabled* (Updated) {2A0CF9CB-43D8-4EFC-B77A-62103DEFED80}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\BIGMOM~1\AppData\Local\temp
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\Big Momma\AppData\Local\temp
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\Fixit\AppData\Local\temp
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Local\temp
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 22:33 . 2010-06-02 18:33 52224 ----a-w- c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\FFExternalAlert.dll
2010-06-06 22:33 . 2010-06-02 18:33 101376 ----a-w- c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\RadioWMPCore.dll
2010-06-04 16:27 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 16:27 . 2010-06-04 16:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware2
2010-06-04 16:27 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 15:10 . 2010-06-04 15:10 -------- d--h--w- c:\windows\PIF
2010-06-04 12:23 . 2010-06-04 15:20 -------- dc----w- c:\program files\Windows Live Safety Center
2010-06-03 14:20 . 2010-06-03 14:20 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Local\Apple
2010-06-03 12:25 . 2010-06-04 15:01 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 19:19 . 2010-06-02 19:19 -------- dc----w- c:\program files\ESET
2010-06-02 19:03 . 2010-06-02 19:03 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Local\Mozilla
2010-06-02 18:57 . 2010-06-02 18:57 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Roaming\Malwarebytes
2010-06-02 17:32 . 2010-06-02 17:32 -------- d-----w- c:\programdata\F-Secure
2010-06-02 11:58 . 2010-06-02 11:58 -------- d-----w- c:\users\Fixit\AppData\Roaming\Malwarebytes
2010-06-02 11:57 . 2010-06-02 11:57 -------- d-----w- c:\users\Fixit\AppData\Roaming\Apple Computer
2010-06-01 07:57 . 2010-06-01 07:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-26 05:21 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 17:32 . 2010-05-14 17:32 -------- d-----w- c:\users\BIGMOM~1\AppData\Roaming\EPSON
2010-05-14 17:32 . 2010-05-14 17:32 -------- d-----w- c:\users\Big Momma\AppData\Roaming\EPSON
2010-05-11 22:37 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 15:01 . 2010-01-04 19:08 -------- dc----w- c:\program files\Microsoft Silverlight
2010-06-02 19:08 . 2008-09-06 22:25 -------- d-----w- c:\users\BIGMOM~1\AppData\Roaming\uTorrent
2010-06-02 19:08 . 2008-09-06 22:25 -------- d-----w- c:\users\Big Momma\AppData\Roaming\uTorrent
2010-06-02 18:54 . 2010-06-02 18:54 103520 ----a-w- c:\users\FIXIIIIING!!!!\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-02 18:54 . 2010-06-02 18:54 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Roaming\Apple Computer
2010-06-02 18:45 . 2010-02-21 16:27 680 ----a-w- c:\users\BIGMOM~1\AppData\Local\d3d9caps.dat
2010-06-02 18:45 . 2010-02-21 16:27 680 ----a-w- c:\users\Big Momma\AppData\Local\d3d9caps.dat
2010-06-02 11:57 . 2010-02-21 16:58 103520 ----a-w- c:\users\Fixit\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 14:32 . 2009-11-12 09:16 -------- d-----w- c:\programdata\McAfee Security Scan
2010-05-31 13:53 . 2008-12-26 20:40 -------- dc----w- c:\program files\Steam
2010-05-31 05:26 . 2010-05-31 05:26 12 ----a-w- c:\users\BIGMOM~1\AppData\Roaming\lkbvmy.dat
2010-05-31 05:26 . 2010-05-31 05:26 12 ----a-w- c:\users\Big Momma\AppData\Roaming\lkbvmy.dat
2010-05-27 07:00 . 2008-03-21 08:03 171886163 ----a-w- c:\windows\DUMP48b2.tmp
2010-05-16 08:26 . 2008-03-21 08:03 182986323 ----a-w- c:\windows\DUMP2e5f.tmp
2010-05-13 18:18 . 2008-12-26 20:40 -------- dc----w- c:\program files\Common Files\Steam
2010-05-12 23:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 23:49 . 2007-09-14 03:30 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 10:21 . 2009-10-03 04:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 20:59 . 2010-04-03 22:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-04-03 22:58 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-04-03 22:58 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-04-03 22:58 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-04-03 22:58 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-04-03 22:58 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-17 07:31 . 2010-02-03 11:02 -------- d-----w- c:\programdata\NOS
2010-04-14 16:47 . 2010-04-03 22:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-24 22:47 . 2008-09-25 15:57 4172 ----a-w- c:\users\BIGMOM~1\AppData\Roaming\wklnhst.dat
2010-03-24 22:47 . 2008-09-25 15:57 4172 ----a-w- c:\users\Big Momma\AppData\Roaming\wklnhst.dat
2010-03-22 06:15 . 2008-09-07 05:53 103520 ----a-w- c:\users\BIGMOM~1\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-22 06:15 . 2008-09-07 05:53 103520 ----a-w- c:\users\Big Momma\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-18 16:49 . 2010-03-18 16:49 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-11 14:25 . 2010-03-11 14:25 1180672 ----a-w- c:\users\Big Momma\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-03-04 10:50 . 2006-03-04 10:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-14 535336]

c:\users\BIGMOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 23:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-06 04:48 57344 -c--a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379310552-3699071534-3854482625-1000Core.job
- c:\users\Big Momma\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-01 20:04]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379310552-3699071534-3854482625-1000UA.job
- c:\users\Big Momma\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-01 20:04]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\BIGMOM~1\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\FFExternalAlert.dll
FF - component: c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 16:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000085B5BB392230E30687 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-07 16:45:05
ComboFix-quarantined-files.txt 2010-06-07 15:45
ComboFix2.txt 2009-06-17 13:49

Pre-Run: 5,362,524,160 bytes free
Post-Run: 5,688,942,592 bytes free

- - End Of File - - 19ABAB1976DC955B370ADB68C250FDE4


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:02:06 PM

Posted 07 June 2010 - 11:11 AM

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.  
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 07 June 2010 - 01:21 PM

Sorry for the delay, seems there was a lot to scan.

At the end of the scan I clicked the report button but it just had a small list as opposed to a report. I copied the name of the virus it found (which I had to delete) Hope I did it right...


******************

Autoscan: completed 2 minutes ago (events: 6, objects: 732535, time: 01:39:33)
07/06/2010 17:25:47 Task started
07/06/2010 17:34:58 Detected: Exploit.OSX.Smid.c C:\Documents and Settings\Big Momma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3fecdd5b-7a261740/AppletX.class
07/06/2010 17:51:25 Deleted: Exploit.OSX.Smid.c C:\Documents and Settings\Big Momma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3fecdd5b-7a261740/AppletX.class
07/06/2010 18:54:36 Detected: Exploit.OSX.Smid.c D:\BIGMOMMA-PC\Backup Set 2010-06-07 092827\Backup Files 2010-06-07 092827\Backup files 23.zip/C\Users\Big Momma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3fecdd5b-7a261740/AppletX.class
07/06/2010 18:58:00 Deleted: Exploit.OSX.Smid.c D:\BIGMOMMA-PC\Backup Set 2010-06-07 092827\Backup Files 2010-06-07 092827\Backup files 23.zip/C\Users\Big Momma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3fecdd5b-7a261740/AppletX.class
07/06/2010 19:05:20 Task completed


07/06/2010 17:34:58 C:\Documents and Settings\Big Momma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3fecdd5b-7a261740/AppletX.class
07/06/2010 18:54:36 D:\BIGMOMMA-PC\Backup Set 2010-06-07 092827\Backup Files 2010-06-07 092827\Backup files 23.zip/C\Users\Big Momma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\3fecdd5b-7a261740/AppletX.class


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:02:06 PM

Posted 08 June 2010 - 09:47 AM

Hi,

Do you recognize these user accounts?
  1. Mcx2
  2. Fixit
  3. FIXIIIIING!!!!

=============================


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or CyberDefender Internet Security.


=============================


1. Download TFC (Temp File Cleaner) to your desktop.
  • Close any other windows.
  • Double click the TFC icon to run the program.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once it's finished it should reboot your machine, if not, do this yourself to ensure a complete clean.
Note: TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.




2. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
File::
c:\users\BIGMOM~1\AppData\Roaming\lkbvmy.dat
c:\users\Big Momma\AppData\Roaming\lkbvmy.dat
c:\windows\DUMP48b2.tmp
c:\windows\DUMP2e5f.tmp

DDS::
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

FileLook::
c:\windows\system32\ActiveToolBand.dll

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


4. Save this as CFScript.txt, in the same location as ComboFix.exe




5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 June 2010 - 11:05 AM

Hi sempai and thanks again.

Valid User Accounts on this system:

1. Big Momma
2. Fixit
3. FIXIIIIING!!!!

I do not recognise Mcx2 and I'm sure that's not good.

Re the anti virus, I have deleted Avast now but can not remove CyberDefender at all, it's not in the Add/Remove programs list, it doesn't appear in the program list in the Start Menu. The only path I found was: CyberDefender Internet Security ( C:\Users\Big Momma\AppData\Local) and when I opened it there was a folder but it was empty. I deleted the folder anyway but it was still running somehow. I couldn't find anything that looked like it in Task manager either. As it is I don't think anything I am sending to the Recycle Bin is being deleted at the moment because it's not behaving as it should.

QUOTE
Recycle Bin-the icon doesn't change to 'full' when I send things to it and when I click to empty it, it displays this message, " Are you sure you want to permanently delete all of these items?" It would usually state the number of items. If I open the bin after filling it, it shows 0 objects.


Here's the Combofix log:



ComboFix 10-06-06.05 - Big Momma 08/06/2010 16:11:19.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1173 [GMT 1:00]
Running from: c:\users\Big Momma\Desktop\ComboFix.exe
Command switches used :: c:\users\Big Momma\Desktop\CFScript.txt.txt
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {4A4EEF6F-AABF-4295-A58E-F6D804B4C1C3}
SP: CyberDefender Internet Security *enabled* (Updated) {2A0CF9CB-43D8-4EFC-B77A-62103DEFED80}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Big Momma\AppData\Roaming\lkbvmy.dat"
"c:\users\BIGMOM~1\AppData\Roaming\lkbvmy.dat"
"c:\windows\DUMP2e5f.tmp"
"c:\windows\DUMP48b2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Big Momma\AppData\Roaming\lkbvmy.dat
c:\users\BIGMOM~1\AppData\Roaming\lkbvmy.dat

.
((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))
.

2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\Big Momma\AppData\Local\temp
2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\Fixit\AppData\Local\temp
2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Local\temp
2010-06-08 15:16 . 2010-06-08 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-08 15:01 . 2010-06-08 15:01 -------- d-----w- c:\users\Big Momma\AppData\Local\CyberDefender Internet Security
2010-06-07 16:24 . 2010-06-07 16:24 -------- d-----w- c:\programdata\Kaspersky Lab
2010-06-06 22:33 . 2010-06-02 18:33 52224 ----a-w- c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\FFExternalAlert.dll
2010-06-06 22:33 . 2010-06-02 18:33 101376 ----a-w- c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\RadioWMPCore.dll
2010-06-04 16:27 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-04 16:27 . 2010-06-04 16:27 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware2
2010-06-04 16:27 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 15:10 . 2010-06-04 15:10 -------- d--h--w- c:\windows\PIF
2010-06-04 12:23 . 2010-06-04 15:20 -------- dc----w- c:\program files\Windows Live Safety Center
2010-06-03 14:20 . 2010-06-03 14:20 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Local\Apple
2010-06-03 12:25 . 2010-06-04 15:01 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 19:19 . 2010-06-02 19:19 -------- dc----w- c:\program files\ESET
2010-06-02 19:03 . 2010-06-02 19:03 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Local\Mozilla
2010-06-02 18:57 . 2010-06-02 18:57 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Roaming\Malwarebytes
2010-06-02 17:32 . 2010-06-02 17:32 -------- d-----w- c:\programdata\F-Secure
2010-06-02 11:58 . 2010-06-02 11:58 -------- d-----w- c:\users\Fixit\AppData\Roaming\Malwarebytes
2010-06-02 11:57 . 2010-06-02 11:57 -------- d-----w- c:\users\Fixit\AppData\Roaming\Apple Computer
2010-06-01 07:57 . 2010-06-01 07:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-26 05:21 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 17:32 . 2010-05-14 17:32 -------- d-----w- c:\users\Big Momma\AppData\Roaming\EPSON
2010-05-11 22:37 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 15:01 . 2010-01-04 19:08 -------- dc----w- c:\program files\Microsoft Silverlight
2010-06-02 19:08 . 2008-09-06 22:25 -------- d-----w- c:\users\Big Momma\AppData\Roaming\uTorrent
2010-06-02 18:54 . 2010-06-02 18:54 103520 ----a-w- c:\users\FIXIIIIING!!!!\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-02 18:54 . 2010-06-02 18:54 -------- d-----w- c:\users\FIXIIIIING!!!!\AppData\Roaming\Apple Computer
2010-06-02 18:45 . 2010-02-21 16:27 680 ----a-w- c:\users\Big Momma\AppData\Local\d3d9caps.dat
2010-06-02 11:57 . 2010-02-21 16:58 103520 ----a-w- c:\users\Fixit\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-31 14:32 . 2009-11-12 09:16 -------- d-----w- c:\programdata\McAfee Security Scan
2010-05-31 13:53 . 2008-12-26 20:40 -------- dc----w- c:\program files\Steam
2010-05-13 18:18 . 2008-12-26 20:40 -------- dc----w- c:\program files\Common Files\Steam
2010-05-12 23:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 23:49 . 2007-09-14 03:30 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 10:21 . 2009-10-03 04:54 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-17 07:31 . 2010-02-03 11:02 -------- d-----w- c:\programdata\NOS
2010-03-24 22:47 . 2008-09-25 15:57 4172 ----a-w- c:\users\Big Momma\AppData\Roaming\wklnhst.dat
2010-03-22 06:15 . 2008-09-07 05:53 103520 ----a-w- c:\users\Big Momma\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-18 16:49 . 2010-03-18 16:49 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-11 14:25 . 2010-03-11 14:25 1180672 ----a-w- c:\users\Big Momma\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-03-04 10:50 . 2006-03-04 10:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\ActiveToolBand.dll ---
Company: HiTRUST
File Description: ActiveToolBand Module
File Version: 2, 5, 2, 0
Product Name:
Copyright: Copyright 2005
Original Filename: ActiveToolBand.dll
File size: 299008
Created time: 2007-04-25 23:33
Modified time: 2007-04-25 23:33
MD5: A356C37D72AC22BDFBE421E7A96B51D6
SHA1: 4FCC0F116B84164091C8CA12E061217BAE67C8DC


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-14 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 23:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-06 04:48 57344 -c--a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 454520]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379310552-3699071534-3854482625-1000Core.job
- c:\users\Big Momma\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-01 20:04]

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379310552-3699071534-3854482625-1000UA.job
- c:\users\Big Momma\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-01 20:04]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\BIGMOM~1\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\FFExternalAlert.dll
FF - component: c:\users\Big Momma\AppData\Roaming\Mozilla\Firefox\Profiles\aij045t2.default\extensions\{efdf2911-4a8d-4745-947f-2807dd9fb418}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-08 16:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-08 16:18:03
ComboFix-quarantined-files.txt 2010-06-08 15:18
ComboFix2.txt 2010-06-07 15:45
ComboFix3.txt 2009-06-17 13:49

Pre-Run: 8,385,138,688 bytes free
Post-Run: 8,255,246,336 bytes free

- - End Of File - - 180690C37A44741AF5B7298AD9CE90BD

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:02:06 PM

Posted 08 June 2010 - 05:38 PM

Hi,

You need to keep one of your Anti Virus program. Can you please download and install CyberDefender Internet Security again, it's damaged and we need to fix it. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 June 2010 - 06:01 PM

Hi sempai and thanks for your continued help. I don't remember ever installing CyberDefender Internet Security and when I googled it WOT shows most of the sites as unreliable. However I realise it needs fixing so I have downloaded it and it started scanning right away. I stopped the scan and will wait to hear back from you smile.gif

#12 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 June 2010 - 03:47 AM

Just an update, when I switched on this morning there was a Windows Security Alert, blocking CyberDefender:

" Windows Firewall has blocked this program from accepting incoming network connections. If you unblock this program it will be unblocked on all public networks that you connect to. This program has already been blocked or unblocked on a different network location."

I closed it without changing the settings.

CyberDefender then popped up with a warning I was infected with:

Adware.DoubleD
Adware.PurityScan

saying they were registry keys and a severe threat. I just closed the box without making any changes.

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:02:06 PM

Posted 09 June 2010 - 05:17 AM

Hi KateWales,

Since you did not installed it, please go to Control Panel > Add removed programs and remove it, its uninstaller should now appear on the program list.

Please run this Avast uninstall utility => http://www.avast.com/uninstall-utility

Then restart your PC and reinstall Avast! as your Anti Virus Program. => http://www.avast.com/eng/avast_4_home.html


==============================


Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 KateWales

KateWales
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 June 2010 - 08:56 AM

Hello again smile.gif

Right, managed to uninstall CyberDefender.
Cleaned up Avast (instructions said in Safe Mode so I did).
Re-installed Avast.
Updated Mbam and ran a full scan but there was nothing to clean:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4183

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18372

09/06/2010 14:27:37
mbam-log-2010-06-09 (14-27-37).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 324890
Time elapsed: 1 hour(s), 18 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:02:06 PM

Posted 09 June 2010 - 09:06 AM

Hi,

Your PC looks clean, how is it running now?


Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
  • Click on I Agree.
  • If an Active X warning box will appear Click on Install.
    Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
    "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
    Click on that and select: Install Active x.
  • Now Click On Start Scan. Please wait as it might take some time.
  • If it found anything when it finished click Click here to export the scan report
  • Give the report a name and save it. The file will be a .HTML file.
  • Please attach the file to your reply.
  • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
  • Highlight the file and click Open then press the green UPLOAD button.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users