Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to internet using explorer or win update.


  • This topic is locked This topic is locked
10 replies to this topic

#1 kalebbroo

kalebbroo

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 20 September 2010 - 02:41 PM

I cannot connect to the internet using Windows explorer, windows update, iTunes ect.. Firefox connects just fine... Ive scanned with MAMB, superantispyware, and drweb-cureit. I still cannot connect to the internet using anything but Firefox.... Please help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:36:54, on 9/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Keyboard OSD Utility] "C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe" /lang en
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8878 bytes

Edit: Moved topic from Networking to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:09 AM

Posted 27 September 2010 - 08:16 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 kalebbroo

kalebbroo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 30 September 2010 - 11:05 PM

I fixed the problem I was having, I unchecked a box in internet explorer and then everything started to work again. Am I infected with any malware or un-needed programs that will cause me harm in the future? thx for all the help!



OTL logfile created on: 9/30/2010 11:55:22 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kalebbroo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178.55 Gb Total Space | 46.57 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 97.01 Gb Free Space | 20.83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 59.03 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KALEBBROO-LAP
Current User Name: Kalebbroo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/30 23:52:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kalebbroo\Desktop\OTL.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 15:25:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/16 09:51:05 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 09:51:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 09:50:40 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/15 23:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/09/04 17:16:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/08/29 02:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/15 22:48:22 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/07/15 22:48:14 | 000,057,672 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2009/07/15 19:36:48 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2009/06/17 07:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/04/13 16:51:07 | 000,407,088 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/30 23:52:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kalebbroo\Desktop\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/15 19:36:54 | 000,013,624 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/20 15:25:16 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 09:51:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2010/07/16 09:51:05 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/16 09:50:40 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 09:40:33 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/01 13:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/26 14:28:52 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/08/06 22:58:52 | 000,286,256 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/15 12:19:58 | 000,030,760 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/08/08 21:39:46 | 000,060,928 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/07/27 23:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/27 00:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/04/13 10:07:43 | 000,087,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007/03/28 11:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/09/04 17:16:14 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/11 22:49:59] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/04/13 10:07:43 | 000,087,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..network.proxy.backup.ftp: "169.254.144.130"
FF - prefs.js..network.proxy.backup.ftp_port: 1080
FF - prefs.js..network.proxy.backup.gopher: "169.254.144.130"
FF - prefs.js..network.proxy.backup.gopher_port: 1080
FF - prefs.js..network.proxy.backup.socks: "169.254.144.130"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: "169.254.144.130"
FF - prefs.js..network.proxy.backup.ssl_port: 1080
FF - prefs.js..network.proxy.ftp: "169.254.144.130"
FF - prefs.js..network.proxy.ftp_port: 1080
FF - prefs.js..network.proxy.gopher: "169.254.144.130"
FF - prefs.js..network.proxy.gopher_port: 1080
FF - prefs.js..network.proxy.http: "169.254.144.130"
FF - prefs.js..network.proxy.http_port: 1080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "169.254.144.130"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "169.254.144.130"
FF - prefs.js..network.proxy.ssl_port: 1080


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/26 00:18:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/21 16:50:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/21 16:50:03 | 000,000,000 | ---D | M]

[2010/06/16 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Extensions
[2010/06/16 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/09/30 16:57:07 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Firefox\Profiles\8pjsl3fa.default\extensions
[2010/03/19 19:26:23 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Firefox\Profiles\8pjsl3fa.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/07/15 16:46:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Firefox\Profiles\8pjsl3fa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/29 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Firefox\Profiles\8pjsl3fa.default\extensions\netvideohunter@netvideohunter.com
[2010/08/29 23:28:47 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Firefox\Profiles\8pjsl3fa.default\extensions\tab@search.com
[2010/01/20 16:15:44 | 000,000,923 | ---- | M] () -- C:\Users\Kalebbroo\AppData\Roaming\Mozilla\Firefox\Profiles\8pjsl3fa.default\searchplugins\conduit.xml
[2010/05/20 00:28:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/20 00:28:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/12 03:34:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

O1 HOSTS File: ([2010/09/20 12:49:06 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Keyboard OSD Utility] C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe (Quanta Computer, INC.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3053696384-2782561170-223376197-1000..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-3053696384-2782561170-223376197-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-3053696384-2782561170-223376197-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | RH-D | M] - E:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/30 23:52:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Kalebbroo\Desktop\OTL.exe
[2010/09/30 22:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/09/30 22:19:53 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Google
[2010/09/29 22:14:29 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\Desktop\psp
[2010/09/29 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\Desktop\Render
[2010/09/29 21:14:01 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\My Movie
[2010/09/26 22:07:18 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Roaming\Media Player Classic
[2010/09/25 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Adobe
[2010/09/21 16:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/21 01:10:33 | 000,000,000 | ---D | C] -- C:\047e4f326f89e4532233d854be
[2010/09/20 14:57:26 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Alienware
[2010/09/20 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\AirVideoServer
[2010/09/20 14:06:04 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/20 14:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/20 14:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/20 14:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/20 13:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/20 13:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/20 13:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/20 13:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/20 13:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/20 11:34:09 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Apple Computer
[2010/09/20 03:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/09/20 03:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/20 02:43:31 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\DoctorWeb
[2010/09/13 23:18:45 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\Documents\InstantCDDVD
[2010/09/13 22:48:46 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\Documents\Pinnacle Studio
[2010/09/13 22:48:05 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Pinnacle
[2010/09/13 22:43:08 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/09/13 22:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilderSE
[2010/09/13 22:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle
[2010/09/13 22:39:32 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Downloaded Installations
[2010/09/13 22:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2010/09/13 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2010/09/13 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging
[2010/09/13 22:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2010/09/13 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14
[2010/09/13 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2010/09/13 22:33:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2010/09/13 22:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2010/09/13 22:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2010/08/29 23:28:48 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\qahahpmbe
[2010/08/29 23:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 01:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tansee iPhone Copy
[2010/08/12 01:32:55 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\.shsh
[2010/07/30 20:31:06 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Roaming\Publish Providers
[2010/07/30 20:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Roaming\Sony
[2010/07/30 20:15:36 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Sony
[2010/07/30 20:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010/07/30 18:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeroInstall.bak
[2010/07/27 18:21:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2010/07/25 18:36:36 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Local\Microsoft Games
[2010/07/24 15:55:30 | 000,000,000 | ---D | C] -- C:\Users\Kalebbroo\AppData\Roaming\W Photo Studio Viewer
[2010/07/16 09:51:04 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/12 21:29:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 90 Days ==========

[2010/09/30 23:55:00 | 002,359,296 | -HS- | M] () -- C:\Users\Kalebbroo\NTUSER.DAT
[2010/09/30 23:52:43 | 000,133,632 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\RKUnhookerLE.EXE
[2010/09/30 23:52:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kalebbroo\Desktop\OTL.exe
[2010/09/30 23:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 23:00:00 | 065,495,753 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/30 22:24:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/29 22:54:36 | 051,950,308 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Presentation LUT 1.avi
[2010/09/29 22:51:02 | 000,003,112 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\reference list visual aid.rtf
[2010/09/29 22:50:42 | 000,010,258 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\reference list visual aid.odt
[2010/09/29 22:26:23 | 042,662,425 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Presentation LUT 1.flv
[2010/09/29 22:16:58 | 000,000,253 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\My Movie.scn
[2010/09/29 22:16:54 | 000,189,496 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\My Movie.avi.A.index
[2010/09/29 22:16:54 | 000,148,320 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\My Movie.avi.index
[2010/09/29 22:16:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/09/29 22:16:15 | 061,932,304 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\My Movie.avi
[2010/09/29 22:10:23 | 000,020,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/29 22:10:23 | 000,020,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/29 22:07:02 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/29 22:07:02 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/29 22:07:02 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/29 22:02:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/29 22:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/29 22:02:25 | 3219,939,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/29 22:01:09 | 002,121,016 | -H-- | M] () -- C:\Users\Kalebbroo\AppData\Local\IconCache.db
[2010/09/29 21:23:02 | 042,658,668 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\My Movie.flv
[2010/09/29 16:43:18 | 000,019,649 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Script LUT1.odt
[2010/09/27 00:32:00 | 008,905,388 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\DHD-v1.3.ipa
[2010/09/25 21:28:10 | 000,007,802 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Reference List LUT1.rtf
[2010/09/25 17:27:22 | 000,019,229 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Reference List LUT1.odt
[2010/09/25 15:56:36 | 000,021,828 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\outline 2 LUT1.rtf
[2010/09/25 15:56:15 | 000,021,194 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\outline 2 LUT1.odt
[2010/09/23 17:20:56 | 000,055,115 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Visual Aid.JPG
[2010/09/20 12:49:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/20 04:04:42 | 000,001,437 | ---- | M] () -- C:\Users\Kalebbroo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/20 01:56:37 | 000,365,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/14 11:08:50 | 000,459,743 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\stargateanimateddesktopv20HD.gif
[2010/09/13 22:47:54 | 000,094,640 | ---- | M] () -- C:\Users\Kalebbroo\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/13 22:36:45 | 000,001,218 | ---- | M] () -- C:\Users\Kalebbroo\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2010/09/12 21:01:27 | 001,959,923 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Visual Aid.rtf
[2010/09/12 20:15:40 | 000,005,602 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\3 Questions and Answers.rtf
[2010/09/12 20:14:50 | 000,003,695 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Visual Aid Description.rtf
[2010/09/12 20:14:01 | 000,003,609 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Presenter's Script.rtf
[2010/09/12 20:07:12 | 000,045,292 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\visual aid LUT1.odg
[2010/09/12 19:59:42 | 000,010,898 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Presenter's Script.odt
[2010/09/12 19:09:30 | 000,021,810 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\outline LUT1.rtf
[2010/09/12 19:06:34 | 000,022,345 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\outline LUT1.odt
[2010/09/12 18:09:27 | 000,012,948 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\3 Questions and Answers.odt
[2010/09/03 00:22:32 | 001,764,034 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\DSCF1273.JPG
[2010/09/01 00:36:52 | 000,072,533 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/01 00:36:48 | 000,072,533 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2010/08/31 19:21:53 | 000,001,274 | ---- | M] () -- C:\Users\Kalebbroo\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2010/08/27 21:30:27 | 000,013,671 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Visual Aid Description.odt
[2010/08/25 18:47:00 | 000,000,600 | ---- | M] () -- C:\Users\Kalebbroo\AppData\Roaming\winscp.rnd
[2010/08/24 22:29:22 | 000,000,967 | ---- | M] () -- C:\Users\Kalebbroo\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/24 16:35:56 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/08/23 21:05:09 | 001,416,546 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\OPAD Feb 2009 final.pdf
[2010/08/21 23:09:27 | 000,073,728 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\2631_FAQs_4.jpg
[2010/08/20 17:57:43 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2010/08/14 01:30:00 | 000,002,217 | ---- | M] () -- C:\Users\Kalebbroo\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft iPhone Ringtone Maker.lnk
[2010/08/12 00:59:37 | 031,132,511 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Harry Potter Spells.flv
[2010/08/11 12:42:15 | 000,372,340 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\coupon-print.jpg
[2010/08/06 23:44:29 | 567,806,840 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/30 20:19:58 | 000,002,592 | ---- | M] () -- C:\Users\Kalebbroo\Documents\Register Vegas Pro.htm
[2010/07/30 18:52:05 | 000,001,024 | ---- | M] () -- C:\Users\Kalebbroo\.rnd
[2010/07/16 09:51:05 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/16 09:51:04 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/16 09:50:40 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/11 10:48:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2010/07/11 10:11:37 | 393,629,695 | ---- | M] () -- C:\Users\Kalebbroo\Desktop\Animusical Ultimate.iso

========== Files Created - No Company Name ==========

[2010/09/30 23:52:43 | 000,133,632 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\RKUnhookerLE.EXE
[2010/09/30 22:19:58 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 22:19:58 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/29 22:53:40 | 051,950,308 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Presentation LUT 1.avi
[2010/09/29 22:51:00 | 000,003,112 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\reference list visual aid.rtf
[2010/09/29 22:50:41 | 000,010,258 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\reference list visual aid.odt
[2010/09/29 22:21:41 | 042,662,425 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Presentation LUT 1.flv
[2010/09/29 22:16:54 | 000,189,496 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\My Movie.avi.A.index
[2010/09/29 22:16:54 | 000,148,320 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\My Movie.avi.index
[2010/09/29 22:16:54 | 000,000,253 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\My Movie.scn
[2010/09/29 22:15:18 | 061,932,304 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\My Movie.avi
[2010/09/29 21:15:33 | 042,658,668 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\My Movie.flv
[2010/09/28 19:03:01 | 000,019,649 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Script LUT1.odt
[2010/09/27 00:28:10 | 008,905,388 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\DHD-v1.3.ipa
[2010/09/25 21:28:09 | 000,007,802 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Reference List LUT1.rtf
[2010/09/23 16:08:40 | 000,021,828 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\outline 2 LUT1.rtf
[2010/09/20 04:00:56 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/20 04:00:56 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/19 19:58:02 | 000,019,229 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Reference List LUT1.odt
[2010/09/19 17:42:33 | 000,021,194 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\outline 2 LUT1.odt
[2010/09/14 11:08:50 | 000,459,743 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\stargateanimateddesktopv20HD.gif
[2010/09/13 22:36:45 | 000,001,218 | ---- | C] () -- C:\Users\Kalebbroo\Application Data\Microsoft\Internet Explorer\Quick Launch\Pinnacle Studio 14.lnk
[2010/09/13 22:31:42 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/09/12 21:01:26 | 001,959,923 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Visual Aid.rtf
[2010/09/12 20:57:05 | 000,055,115 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Visual Aid.JPG
[2010/09/12 20:15:39 | 000,005,602 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\3 Questions and Answers.rtf
[2010/09/12 20:14:48 | 000,003,695 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Visual Aid Description.rtf
[2010/09/12 20:13:59 | 000,003,609 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Presenter's Script.rtf
[2010/09/03 10:14:30 | 001,764,034 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\DSCF1273.JPG
[2010/08/27 21:40:25 | 000,010,898 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Presenter's Script.odt
[2010/08/27 21:31:27 | 000,012,948 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\3 Questions and Answers.odt
[2010/08/27 21:19:43 | 000,013,671 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Visual Aid Description.odt
[2010/08/23 21:05:09 | 001,416,546 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\OPAD Feb 2009 final.pdf
[2010/08/21 23:09:26 | 000,073,728 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\2631_FAQs_4.jpg
[2010/08/20 11:23:16 | 000,000,089 | ---- | C] () -- C:\Users\Kalebbroo\umbrella0.log
[2010/08/19 23:34:29 | 000,045,292 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\visual aid LUT1.odg
[2010/08/19 22:49:10 | 000,021,810 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\outline LUT1.rtf
[2010/08/12 00:52:53 | 031,132,511 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Harry Potter Spells.flv
[2010/08/11 12:42:13 | 000,372,340 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\coupon-print.jpg
[2010/08/08 18:26:11 | 000,022,345 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\outline LUT1.odt
[2010/08/02 02:55:35 | 567,806,840 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/30 20:19:58 | 000,002,592 | ---- | C] () -- C:\Users\Kalebbroo\Documents\Register Vegas Pro.htm
[2010/07/30 18:52:04 | 000,001,024 | ---- | C] () -- C:\Users\Kalebbroo\.rnd
[2010/07/11 10:48:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2010/07/11 10:07:55 | 393,629,695 | ---- | C] () -- C:\Users\Kalebbroo\Desktop\Animusical Ultimate.iso
[2010/05/20 00:33:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/26 23:58:09 | 000,000,000 | ---- | C] () -- C:\Users\Kalebbroo\AppData\Local\prvlcl.dat
[2010/04/12 02:05:23 | 000,005,632 | ---- | C] () -- C:\Users\Kalebbroo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 00:13:10 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/03/14 23:22:10 | 000,000,600 | ---- | C] () -- C:\Users\Kalebbroo\AppData\Roaming\winscp.rnd
[2009/11/25 13:40:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/15 19:40:30 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

========== LOP Check ==========

[2010/04/28 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\CmapTools
[2010/05/03 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/03/16 01:50:01 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Disney Mix It Plug-in
[2010/05/07 01:46:19 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\mkvtoolnix
[2010/03/12 15:51:37 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\OpenOffice.org
[2010/07/30 20:31:06 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Publish Providers
[2010/07/30 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Sony
[2010/04/12 02:12:09 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\Thinstall
[2010/06/16 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\TomTom
[2010/08/14 01:23:40 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\ToneFXsCreator
[2010/09/29 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\uTorrent
[2010/07/24 15:55:50 | 000,000,000 | ---D | M] -- C:\Users\Kalebbroo\AppData\Roaming\W Photo Studio Viewer
[2009/07/14 01:08:49 | 000,024,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 9/30/2010 11:55:22 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kalebbroo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178.55 Gb Total Space | 46.57 Gb Free Space | 26.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 97.01 Gb Free Space | 20.83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 465.76 Gb Total Space | 59.03 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KALEBBROO-LAP
Current User Name: Kalebbroo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3053696384-2782561170-223376197-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998EA7D2-CE6A-1C6B-1960-FD11EBE1534A}" = ATI Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6A0D119-EC87-4202-A488-AC57FF2CDD34}" = OSD Utility
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{FD95ACB4-E09F-4B5A-B976-C7F6FDD2A6F9}" = Mix Central Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Air Video Server" = Air Video Server 2.4.2
"AnyDVD" = AnyDVD
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"HaaliMkx" = Haali Media Splitter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MKVtoolnix" = MKVtoolnix 3.3.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"TomTom HOME" = TomTom HOME 2.7.6.2056
"ToneFXsCreator" = ToneFXsCreator 1.0
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"uTorrent" = µTorrent
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.7
"Xilisoft iPhone Ringtone Maker" = Xilisoft iPhone Ringtone Maker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3053696384-2782561170-223376197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2010 10:07:24 PM | Computer Name = Kalebbroo-LAP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/27/2010 10:07:24 PM | Computer Name = Kalebbroo-LAP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13104

Error - 9/27/2010 10:07:24 PM | Computer Name = Kalebbroo-LAP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13104

Error - 9/28/2010 5:26:33 PM | Computer Name = Kalebbroo-LAP | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/29/2010 1:52:40 PM | Computer Name = Kalebbroo-LAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2010 2:28:15 PM | Computer Name = Kalebbroo-LAP | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/29/2010 10:01:12 PM | Computer Name = Kalebbroo-LAP | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/29/2010 10:02:55 PM | Computer Name = Kalebbroo-LAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/29/2010 10:04:54 PM | Computer Name = Kalebbroo-LAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/30/2010 12:31:45 AM | Computer Name = Kalebbroo-LAP | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 4/28/2010 8:58:59 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 8:58:59 PM - Error connecting to the internet. 8:58:59 PM - Unable
to contact server..

Error - 4/28/2010 8:59:46 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 8:59:46 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 4/28/2010 9:00:07 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 9:00:07 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 4/28/2010 9:00:28 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 9:00:28 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 4/28/2010 9:01:27 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 9:01:26 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 5/1/2010 7:47:34 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 7:47:34 PM - Error connecting to the internet. 7:47:34 PM - Unable
to contact server..

Error - 5/1/2010 7:48:08 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 7:48:03 PM - Error connecting to the internet. 7:48:03 PM - Unable
to contact server..

Error - 5/1/2010 8:48:47 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 8:48:47 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 5/1/2010 9:51:50 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 9:51:49 PM - Error connecting to the internet. 9:51:49 PM - Unable
to contact server..

Error - 5/1/2010 10:52:38 PM | Computer Name = Kalebbroo-LAP | Source = MCUpdate | ID = 0
Description = 10:52:38 PM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')


< End of report >


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:53 PM, on 9/30/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Keyboard OSD Utility] "C:\Program Files\Keyboard Manager\OSD Utility\OSDManager.exe" /lang en
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9303 bytes


#4 kalebbroo

kalebbroo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 30 September 2010 - 11:09 PM

When I try to run rootkit unhooker I get Error loading driver, NTSTATUS code: 0xC000036B

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:09 AM

Posted 01 October 2010 - 04:46 AM

Hi, the proxy is indeed unchecked, but lets remove it altogether.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :otl
    IE - HKU\S-1-5-21-3053696384-2782561170-223376197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | RH-D | M] - E:\autorun -- [ FAT32 ]

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 kalebbroo

kalebbroo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 01 October 2010 - 09:05 AM

All processes killed
========== OTL ==========
HKU\S-1-5-21-3053696384-2782561170-223376197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
E:\autorun.inf moved successfully.
File not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kalebbroo
->Temp folder emptied: 1201627901 bytes
->Temporary Internet Files folder emptied: 29259086 bytes
->Java cache emptied: 2936279 bytes
->FireFox cache emptied: 97594548 bytes
->Flash cache emptied: 194401 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2027678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 797067218 bytes

Total Files Cleaned = 2,032.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10012010_100156

Files\Folders moved on Reboot...
C:\Users\Kalebbroo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:09 AM

Posted 01 October 2010 - 10:09 AM

Hi, do you have any problems left?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:09 AM

Posted 04 October 2010 - 04:45 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 kalebbroo

kalebbroo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 04 October 2010 - 04:39 PM

G:\Maxtor backup\KALEB\C\apps!!\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi][Full+Plug-in][WwW.ZoNaTorrent.CoM].iso a variant of Win32/Keygen.AR application deleted - quarantined

this was the only thing it found.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:09 AM

Posted 05 October 2010 - 03:38 AM

As you can see, good idea to leave torrents since there is a good chance they will get your computer infected (besides all legal issues involved).

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Run OTL and click the Cleanup button. Allow a reboot. This will remove all logs and tools.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:09 AM

Posted 10 October 2010 - 05:19 AM

Since this issue seems to be resolved, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users