Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus. Browser pages unable to connect when connection is fine.


  • This topic is locked This topic is locked
15 replies to this topic

#1 babybash78

babybash78

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 October 2010 - 02:24 PM

I received a message from my ISP stating that malicious activity had been reported from my IP. I have run Malware Bytes, Stopzilla, Emsisoft and AVG scans several times. Malware Bytes keeps showing Rootkit.Agent. I removed it restart and it comes back. AVG shows nothing. Stopzilla and Emsisoft have showed 3 or 4 various Trojans. I have removed, restarted and had several clean scans. I will scan again and another infection will be found. The symptom that I am noticing the most is that my browser will not load pages off and on and I have to refresh several times to get the page working. This is happening on both my PC and my netbook. My PC is running Windows Vista 32 bit and my netbook is running Windows XP. I have no idea what to do beyond using the software that I have been using. I made a HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:04:29 PM, on 10/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Emsisoft Anti-Malware\a2start.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe
c:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ead452aa90b0) (gupdate1c9ead452aa90b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7038 bytes


Any help is much appreciated!

Allison

BC AdBot (Login to Remove)

 


#2 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:10:00 AM

Posted 20 October 2010 - 02:35 PM

Hi Allison,

:welcome: to Bleeping Computer.
My name is SpySentinel and I will be helping you with your malware problem.


Step #1

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Step #2

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#3 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 October 2010 - 03:15 PM

Thank you for your help! Here is step 1 and I'm off to do Step 2 B)

---OTL---

OTL logfile created on: 10/20/2010 3:54:55 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Allison\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 107.44 Gb Free Space | 36.05% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.

Computer Name: ALLISON-PC | User Name: Allison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Allison\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - c:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Allison\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (szserver) -- c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager-092308-165331) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\A840.tmp File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (dniuxm) -- C:\Windows\System32\drivers\hkuqvgt.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (szkgfs) -- C:\Windows\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (szkg5) -- C:\Windows\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\Windows\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce™ -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 E5 3A B1 8A E7 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Informative Google Search"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_FLVTube_results&prt=flvtubetb01ff&clid=35c949334a1c4a76a509ec25b019bdd6&subid=1856&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: bnftclt592@benefitbar.com:3.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 19:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/19 11:52:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/27 17:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/12 19:27:24 | 000,000,000 | ---D | M]

[2009/05/28 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Mozilla\Extensions
[2010/10/20 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\extensions
[2010/09/13 11:53:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 23:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/17 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\extensions\bnftclt592@benefitbar.com
[2010/10/18 19:14:17 | 000,002,572 | ---- | M] () -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\searchplugins\informative-google-search.xml
[2009/09/17 12:53:19 | 000,001,417 | ---- | M] () -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\searchplugins\web-search-flylady.xml
[2010/10/18 19:13:31 | 000,004,140 | ---- | M] () -- C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\9de1nusm.default\searchplugins\youtube.xml
[2010/10/20 12:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 15:30:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/03/01 10:28:37 | 002,445,312 | ---- | M] (DNAML Pty Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
[2010/10/16 20:35:53 | 000,008,603 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\flvtube.xml

O1 HOSTS File: ([2010/10/19 00:09:34 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - c:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Allison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Allison\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/05/12 04:18:43 | 000,000,000 | ---D | M] - D:\AutoRunSource -- [ CDFS ]
O32 - AutoRun File - [2005/12/23 09:12:36 | 002,073,600 | R--- | M] (Longtion) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/28 04:37:48 | 000,022,486 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2006/05/14 18:24:13 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk - C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe - (Palo Alto Software)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Users^Allison^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpFolder: C:^Users^Vernard.Allison-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: Creative MediaSource Go - hkey= - key= - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
MsConfig - StartUpReg: Nikon Transfer Monitor - hkey= - key= - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
MsConfig - StartUpReg: PrintUtil - hkey= - key= - C:\Program Files\HP\HP Print Utility\PrintUtil.exe (Hewlett-Packard)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/20 15:50:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Allison\Desktop\OTL.exe
[2010/10/20 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/19 12:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/10/19 11:57:33 | 000,000,000 | ---D | C] -- C:\Users\Allison\AppData\Roaming\AVG10
[2010/10/19 11:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/19 11:51:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/19 11:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/19 03:33:42 | 000,000,000 | ---D | C] -- C:\Users\Allison\AppData\Roaming\EurekaLog
[2010/10/19 03:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/10/19 03:31:32 | 000,000,000 | ---D | C] -- C:\Users\Allison\Documents\Anti-Malware
[2010/10/19 00:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/10/19 00:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/10/19 00:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/10/18 23:59:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/18 23:50:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/18 23:41:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/18 18:53:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/18 18:46:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/18 18:40:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/18 18:39:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/18 16:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/17 16:59:00 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2010/10/17 16:59:00 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2010/10/17 16:59:00 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2010/10/17 16:59:00 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2010/10/17 16:59:00 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2010/10/17 16:58:58 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2010/10/17 16:58:58 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2010/10/17 16:58:58 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2010/10/17 16:58:58 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2010/10/17 16:58:58 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2010/10/17 16:58:56 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2010/10/17 16:58:56 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2010/10/16 10:50:31 | 000,000,000 | ---D | C] -- C:\d5e7f95afa3faa556206d70f390d
[2010/09/27 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\Allison\Desktop\wordpress
[2010/09/27 17:43:15 | 000,000,000 | ---D | C] -- C:\bef162779fa83b8b5485f26bc7bd1d
[2010/09/13 16:27:40 | 000,025,680 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2010/09/07 03:49:00 | 000,298,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/07 03:48:56 | 000,034,384 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/07 03:48:54 | 000,249,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/07 03:48:50 | 000,026,064 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/09/03 10:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/03 09:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/03 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/30 14:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2010/08/30 14:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenPrint32 v3
[2010/08/30 14:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2010/08/25 14:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinMend
[2010/08/25 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Allison\AppData\Local\Promosoft Corporation
[2010/08/19 21:42:38 | 000,123,472 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2010/08/19 21:42:38 | 000,027,216 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2010/08/19 21:42:36 | 000,030,288 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSFilter.sys
[2010/08/05 18:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/02 08:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/08/02 08:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

========== Files - Modified Within 90 Days ==========

[2010/10/20 16:01:44 | 000,842,752 | ---- | M] () -- C:\Windows\System32\drivers\dnkfl.sys
[2010/10/20 15:56:39 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/10/20 15:55:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 15:55:53 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/20 15:50:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Allison\Desktop\OTL.exe
[2010/10/20 15:29:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/20 15:08:14 | 000,000,000 | ---- | M] () -- C:\Users\Allison\AppData\Local\prvlcl.dat
[2010/10/20 15:01:58 | 000,002,527 | ---- | M] () -- C:\Users\Allison\Desktop\HiJackThis.lnk
[2010/10/20 14:53:16 | 000,000,108 | ---- | M] () -- C:\index.ini
[2010/10/20 14:02:43 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/20 14:02:43 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/20 13:56:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/20 13:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/20 13:55:41 | 3210,670,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/20 11:11:15 | 097,270,799 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/20 08:00:02 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SyncBack Nightly.job
[2010/10/19 00:09:34 | 000,000,042 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/19 00:09:21 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat
[2010/10/18 23:38:07 | 000,000,853 | ---- | M] () -- C:\Users\Allison\Desktop\ComboFix - Shortcut.lnk
[2010/10/18 08:00:04 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SyncBack Weekly.job
[2010/10/17 16:59:00 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2010/10/17 16:59:00 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2010/10/17 16:59:00 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2010/10/17 16:59:00 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2010/10/17 16:59:00 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2010/10/17 16:58:58 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2010/10/17 16:58:58 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2010/10/17 16:58:58 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2010/10/17 16:58:58 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2010/10/17 16:58:58 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2010/10/17 16:58:56 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2010/10/17 16:58:56 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2010/10/17 10:03:41 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\WinMendRegistryCleanerForAllison.job
[2010/10/16 20:36:48 | 000,000,120 | ---- | M] () -- C:\Users\Allison\AppData\Local\Sbubewazuco.dat
[2010/10/16 20:36:48 | 000,000,000 | ---- | M] () -- C:\Users\Allison\AppData\Local\Ehezimife.bin
[2010/10/16 19:17:51 | 000,000,300 | ---- | M] () -- C:\Windows\stsf.bat
[2010/10/16 11:07:58 | 000,534,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/06 14:56:06 | 000,157,184 | ---- | M] () -- C:\Users\Allison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 10:15:23 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\SyncBack Monthly.job
[2010/09/28 17:56:11 | 000,183,662 | ---- | M] () -- C:\Users\Allison\Documents\SP32-20100928-175543.jpg
[2010/09/28 17:55:21 | 000,116,557 | ---- | M] () -- C:\Users\Allison\Documents\SP32-20100928-175521.jpg
[2010/09/27 17:40:26 | 000,001,750 | ---- | M] () -- C:\Users\Allison\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/09/03 11:06:45 | 000,000,184 | ---- | M] () -- C:\Users\Allison\Documents\cc_20100903_110641.reg
[2010/09/03 11:03:45 | 000,004,892 | ---- | M] () -- C:\Users\Allison\Documents\cc_20100903_110337.reg
[2010/08/21 01:19:50 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSFilter.sys
[2010/08/19 11:42:00 | 000,848,749 | ---- | M] () -- C:\Users\Allison\Desktop\IMG00058.jpg

========== Files Created - No Company Name ==========

[2010/10/20 15:52:57 | 000,000,440 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/10/20 15:01:15 | 000,002,527 | ---- | C] () -- C:\Users\Allison\Desktop\HiJackThis.lnk
[2010/10/20 14:39:49 | 000,000,108 | ---- | C] () -- C:\index.ini
[2010/10/20 11:11:15 | 097,270,799 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/10/19 00:09:21 | 000,016,384 | -H-- | C] () -- C:\SZKGFS.dat
[2010/10/18 23:38:07 | 000,000,853 | ---- | C] () -- C:\Users\Allison\Desktop\ComboFix - Shortcut.lnk
[2010/10/18 18:46:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/18 18:46:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/18 18:46:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/16 20:36:48 | 000,000,120 | ---- | C] () -- C:\Users\Allison\AppData\Local\Sbubewazuco.dat
[2010/10/16 20:36:48 | 000,000,000 | ---- | C] () -- C:\Users\Allison\AppData\Local\Ehezimife.bin
[2010/10/16 19:17:51 | 000,000,300 | ---- | C] () -- C:\Windows\stsf.bat
[2010/10/16 17:53:33 | 000,842,752 | ---- | C] () -- C:\Windows\System32\drivers\dnkfl.sys
[2010/09/28 17:56:11 | 000,183,662 | ---- | C] () -- C:\Users\Allison\Documents\SP32-20100928-175543.jpg
[2010/09/28 17:55:21 | 000,116,557 | ---- | C] () -- C:\Users\Allison\Documents\SP32-20100928-175521.jpg
[2010/09/27 17:40:26 | 000,001,750 | ---- | C] () -- C:\Users\Allison\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/03 11:06:44 | 000,000,184 | ---- | C] () -- C:\Users\Allison\Documents\cc_20100903_110641.reg
[2010/09/03 11:03:41 | 000,004,892 | ---- | C] () -- C:\Users\Allison\Documents\cc_20100903_110337.reg
[2010/08/25 14:52:41 | 000,000,546 | ---- | C] () -- C:\Windows\tasks\WinMendRegistryCleanerForAllison.job
[2010/08/21 01:19:50 | 000,000,000 | ---- | C] () -- C:\install.rdf
[2010/08/19 11:41:58 | 000,848,749 | ---- | C] () -- C:\Users\Allison\Desktop\IMG00058.jpg
[2010/03/01 10:28:37 | 000,241,744 | ---- | C] () -- C:\Windows\System32\DNLEng.dll
[2010/01/06 13:40:57 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2010/01/04 17:43:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2010/01/04 17:43:01 | 000,000,268 | RH-- | C] () -- C:\Users\Allison\AppData\Roaming\Hybrid Basic
[2010/01/04 17:43:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/01/04 17:43:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2010/01/04 17:40:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hybrid Morph
[2010/01/04 17:40:54 | 000,000,268 | RH-- | C] () -- C:\Users\Allison\AppData\Roaming\Horn Section
[2010/01/04 17:40:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/01/04 17:40:54 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Images
[2009/12/06 23:09:16 | 000,000,000 | ---- | C] () -- C:\Users\Allison\AppData\Local\prvlcl.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/15 23:19:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/09 15:56:19 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/06/07 13:12:27 | 008,244,598 | ---- | C] () -- C:\Users\Allison\AppData\Roaming\bppenu11.log
[2009/05/30 11:06:21 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/05/30 11:06:21 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/05/29 07:49:57 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/05/29 05:11:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/28 23:23:54 | 000,777,728 | ---- | C] () -- C:\Windows\System32\SSLSVC.DLL
[2009/05/28 23:23:54 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009/05/28 23:23:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2009/05/28 23:23:54 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/05/28 23:23:53 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2009/05/28 23:23:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2009/05/28 23:06:07 | 000,000,581 | ---- | C] () -- C:\ProgramData\Installer.log
[2009/05/28 21:54:09 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2009/05/28 20:46:23 | 000,001,532 | ---- | C] () -- C:\Users\Allison\AppData\Roaming\wklnhst.dat
[2009/05/28 20:41:05 | 000,157,184 | ---- | C] () -- C:\Users\Allison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/28 20:41:05 | 000,004,096 | -H-- | C] () -- C:\Users\Allison\AppData\Local\keyfile3.drm
[2009/05/28 20:41:05 | 000,000,095 | ---- | C] () -- C:\Users\Allison\AppData\Local\fusioncache.dat
[2009/05/28 15:16:29 | 000,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2009/05/28 15:16:29 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2009/05/28 15:16:29 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2009/05/28 15:16:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2009/05/28 15:16:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2009/05/28 14:44:59 | 000,000,680 | ---- | C] () -- C:\Users\Allison\AppData\Local\d3d9caps.dat
[2008/07/26 14:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/29 15:08:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2009/05/28 20:07:25 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\acccore
[2009/11/14 11:56:35 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Auslogics
[2009/05/28 20:46:34 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Avery
[2010/10/19 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\AVG10
[2010/06/17 04:19:55 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Azureus
[2010/10/18 12:49:43 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\BitTorrent
[2009/06/07 13:15:37 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\bppenu11
[2009/06/23 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Canneverbe_Limited
[2009/05/28 20:47:43 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/28 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Delicious IE Extension
[2010/04/15 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\E-centives
[2010/10/19 03:33:42 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\EurekaLog
[2009/05/28 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\fhnetwork.com
[2009/05/28 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\GlobalSCAPE
[2009/06/08 17:43:41 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\ImgBurn
[2009/05/28 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Leadertech
[2009/05/28 20:48:00 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\LimeWire
[2009/08/19 13:42:25 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Mediaparts Interactive
[2009/05/28 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Memeo
[2009/05/28 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\mioObjects
[2010/01/06 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Nikon
[2009/06/07 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Palo Alto Software
[2009/05/28 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Quark
[2009/05/28 20:49:47 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Template
[2009/05/28 23:21:34 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Thinstall
[2009/05/30 12:35:14 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\VistaCodecs
[2009/05/28 20:50:10 | 000,000,000 | ---D | M] -- C:\Users\Allison\AppData\Roaming\Weezo
[2010/10/20 13:54:38 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/01 10:15:23 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\SyncBack Monthly.job
[2010/10/20 08:00:02 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\SyncBack Nightly.job
[2010/10/18 08:00:04 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\SyncBack Weekly.job
[2010/10/17 10:03:41 | 000,000,546 | ---- | M] () -- C:\Windows\Tasks\WinMendRegistryCleanerForAllison.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/28 15:31:14 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/19 00:02:37 | 000,017,511 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/20 13:55:41 | 3210,670,080 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/20 14:53:16 | 000,000,108 | ---- | M] () -- C:\index.ini
[2010/08/21 01:19:50 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2009/05/28 20:06:49 | 000,000,353 | -H-- | M] () -- C:\IPH.PH
[2010/08/21 01:33:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/10/20 13:55:39 | 3524,284,416 | -HS- | M] () -- C:\pagefile.sys
[2010/10/19 00:09:21 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/06/15 23:25:30 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/02/06 14:03:10 | 000,001,682 | -H-- | M] () -- C:\Users\Allison\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2009/05/30 11:51:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/30 12:16:39 | 000,000,221 | -HS- | M] () -- C:\Users\Allison\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/20 15:50:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Allison\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/05/28 14:45:17 | 000,000,402 | -HS- | M] () -- C:\Users\Allison\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/01/04 17:40:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Hybrid Morph
[2010/01/04 17:43:01 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Icons
[2010/01/04 17:40:54 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Images
[2009/05/28 23:06:07 | 000,000,581 | ---- | M] () -- C:\ProgramData\Installer.log
[2010/01/04 17:43:01 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Instrument Library

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 17:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/20 15:56:59 | 004,718,592 | -HS- | M] () -- C:\Users\Allison\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2009/05/28 22:06:52 | 000,000,000 | ---D | M] -- C:\Program Files\2BrightSparks
[2009/05/28 22:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2009/11/05 09:45:02 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/05/28 20:06:47 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/05/28 22:09:31 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/19 11:42:20 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/10/18 12:51:26 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2010/09/03 09:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/05/28 23:24:01 | 000,000,000 | ---D | M] -- C:\Program Files\Bradbury
[2009/06/07 13:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Business Plan Pro
[2010/09/03 10:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/10/19 00:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/05/30 13:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/05/30 12:09:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2009/05/28 15:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/09/03 09:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/01/02 22:29:54 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Flick
[2010/10/20 13:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft Anti-Malware
[2009/07/03 09:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE
[2010/03/04 19:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/10/23 09:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/10/20 14:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\HyperSnap 6
[2009/05/28 23:04:13 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2009/07/03 09:33:07 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/05/28 15:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/16 11:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/10 14:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/09/27 17:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/27 17:45:18 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/11 12:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/05/28 23:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/05/28 23:23:45 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/08/21 01:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/11 12:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/05/29 00:29:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/05/28 23:54:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/05/28 23:54:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/05/28 23:51:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/05/30 12:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/23 17:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/21 08:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/20 15:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/05/28 23:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/11 12:53:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/05/29 00:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/01/04 17:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2009/06/07 15:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Palo Alto Software
[2010/08/21 01:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/05/28 21:41:06 | 000,000,000 | R--D | M] -- C:\Program Files\Program Files
[2010/09/27 17:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/05/28 23:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/02 15:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2009/05/29 07:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/08/30 14:10:51 | 000,000,000 | ---D | M] -- C:\Program Files\ScreenPrint32 v3
[2009/08/13 09:21:59 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/10/18 16:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Sophos
[2010/09/03 11:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/10/19 12:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\STOPzilla!
[2009/05/30 13:13:09 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2010/10/20 15:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/08/21 01:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\V-Book Compiler
[2009/05/28 23:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/08/21 01:44:15 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/05/30 12:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\VistaCodecPack
[2010/08/21 01:43:32 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2009/06/15 23:32:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/06/15 23:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/06/15 23:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/06/15 23:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/09/27 17:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/16 11:05:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/15 23:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/14 10:41:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/10/19 11:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/08/25 14:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\WinMend
[2010/10/19 11:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/08/30 14:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2006/09/18 17:43:58 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-16 14:58:22

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

---Extras---
OTL Extras logfile created on: 10/20/2010 3:54:55 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Allison\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 107.44 Gb Free Space | 36.05% Space Free | Partition Type: NTFS
Drive D: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.

Computer Name: ALLISON-PC | User Name: Allison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D5F5AE1-0FCE-4E6C-A9C6-A333724D7B2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1EDE9570-C9DF-4E74-8279-155451C120AD}" = lport=138 | protocol=17 | dir=in | app=system |
"{22D0635C-8A78-4C7F-BA81-160338D59D8B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3067A94D-35EA-4852-8E71-A64BC8ECD2F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B3AC6AB-BA69-4AB0-AF85-8A6B343E2617}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B5131E8-54FC-4DC1-98B1-EAE73B54A714}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DDC3EC5-0E63-4619-B433-6F9771557E97}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E7760BE-AF8A-4D62-849D-88740FE0D2FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{625CC0F6-5B03-4531-A916-84784A4F92DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{665AA28E-91EF-43ED-BA95-F11503A83FBB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6D38D872-9DD0-499D-96D4-421CA09B01D6}" = lport=137 | protocol=17 | dir=in | app=system |
"{6E39243B-A120-41F6-8DDF-B24B84DEC253}" = lport=139 | protocol=6 | dir=in | app=system |
"{717352A3-4619-4AF5-BEA5-969210F65615}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78FE1404-32FC-415C-848E-94B1C6E1A592}" = rport=445 | protocol=6 | dir=out | app=system |
"{8088063F-E3BB-445F-9CD7-F621187B5AB9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8915DFB9-A765-4D0E-B84C-939DC972D026}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97D5870E-8A84-4A06-9513-E39CCA47C2F9}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2BE3D98-0C0C-4DFB-B563-B824D0FA79F4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A67D5FEB-FAA0-479D-A2A0-EAB8197A0F9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A6AC8A4B-08DC-4484-A0C7-EDEE6DE31906}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD0019E2-36FC-42AA-964B-44099E18581B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B5AF52FC-56CE-433C-825A-8B5D115D1824}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B95C04C4-AC50-451E-B55D-1A5A58886982}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5009C07-74AE-4C5B-8AF5-50454CA52283}" = rport=138 | protocol=17 | dir=out | app=system |
"{D7C88153-4146-4912-8F88-8EC6F0EA4412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4D1A628-D000-4F86-8239-48E3D7C6301C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F728F536-6E8B-4C94-A67D-831D2B74BA78}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB7E7F5B-531D-40A8-8DAD-A0C71C53D866}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045A2736-22D3-4311-97B5-11547EFB2847}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0EFA6349-FD55-4387-9D3C-FFF73F636FDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10EFF33D-CB31-40A4-A236-A2BA68DB7F04}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{18C6DD8D-1717-493F-9FF1-6DDF9E76E646}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F86D55D-67C4-4ACB-85F0-94D2258BB940}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{1F88BB46-5C13-49AE-B9AE-0C12DD894191}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{24FC4ED4-C4FF-4766-AE58-71EC8A86F3A7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2866EF11-FE1E-435C-AB53-F1AF700BCFBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A30AA81-ED59-4146-820C-4E684920A6B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FEE43F2-D84F-471B-846C-BA54DA19C767}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{4465CDC2-F784-43A0-90AA-BA6C60CD2F78}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{501648CD-B53F-44CE-84A2-59D6BC097100}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{53917517-5CFF-4928-8486-29E40FC8AD2C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56FADBB6-2567-4BED-90F1-B8F1BF2BE79A}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{57CAB169-74C1-4578-B388-227A0FE3285A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{580BF1BE-D411-4E0B-AED2-E1C1180BA865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58C59E4B-AEA2-4B40-98B9-D4063FAA8B63}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{616D1C3F-F525-4F83-A3C7-1407DBE3C152}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A4B3A30-CDDC-415C-9DB6-D3810611C0D9}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6BB0BB2C-ECAE-449D-BF1B-6FBBC4633B2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85C54C38-3A32-441B-8F64-F1C3761026C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86E5A7FF-285E-4560-ADCD-CDA6135189DA}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{86F5237B-CBC0-4DE7-A12A-C71FB460405F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{9172CCBF-63D5-48AC-905F-C7605A4FF776}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A4920188-5342-4CEC-BEB5-49E21EE8D985}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6C91CCC-012C-47C6-B6D2-961120E12B41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9684AA7-7CA8-4940-8A29-BA7B09D3B22C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A9E0E4A4-9F5E-47A4-84C5-5FF06989373D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AAE58A0B-8A55-4682-A0E0-8992124AE7DD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{AB2AA3D6-7C7D-46A1-85EE-E5169CA1DBFA}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{AD934035-9390-45A9-957C-1D833D2E4060}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{BFF38C6C-6358-4035-AE76-10075B541A42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4214271-830F-4237-A4E2-B429495D138B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C426DAC2-9E75-456B-82DD-82CDD9828B14}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C46F7B03-13A2-44BC-A5EF-56D6AB026051}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4C1FD57-C19F-4543-8350-7A832652E2A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C538E330-3FEA-42D3-8B9D-0A75F1125E05}" = protocol=6 | dir=out | app=system |
"{DA145541-0332-468D-AA67-8F63D7A805E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA6A766D-9D37-4389-81F2-C2B9F077039F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDAF877D-A4DA-482F-ADD4-532BB70E0013}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{EA8295E6-FBD9-4671-A5CE-AA18A685C087}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F36E3AF0-01B6-4219-AA5F-C0CE54B325DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F425F617-BA09-498C-BF4B-D14CDD36AD76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5279D5B-8210-4F68-BE1E-5BA738C92899}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{FA5921B0-E1B3-45C2-B2D8-5B0D79AE5316}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE3B0E84-29D0-40AA-853E-5229C403BE12}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{FF3B7877-D4DD-4C30-B4E9-4EB2467F3DB3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1AF02E6C-7310-4E8E-A18D-AC8AD0F122EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1F8C726B-1D4A-4593-A4E2-06B3AACC655F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2FDDD8F5-1F5B-4DE2-963B-F920CC5542C4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{4D9CBDFC-83BF-4725-9248-3954AD84FB5D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{519F428A-ABAE-4CFE-8E7B-F0B8A2B30EAB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{5705FAAE-B8AF-4158-8B84-B36FE80523ED}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{8CE8BE43-2DD2-45AF-AC2F-BB6035EDC598}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{8D4FF902-CCD1-4BDE-A32B-D401A080FDA1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{181ABC3B-343F-48A3-872B-07E4CE83793B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{19188B06-9C67-45CA-812E-3E4049530E84}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{28F96904-C2DE-4254-9B58-E837E28FFDF3}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{2F35B5F7-CAD3-4D11-AAE4-51AFFE8C97B8}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{49542D2B-518E-4B95-B4F9-1FF6CEA2DFB9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7161A1C1-7C4E-4110-AF20-05AA098D3DC9}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{FEC08F16-D40C-43C4-9FCE-7EE219CE3EC9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FFBA5126-52F7-46AD-9738-CFE96B281B90}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{304B576D-A16E-4983-A5E5-53E40806DFB5}" = STOPzilla
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7C20E7-37DA-4DBF-B1C1-0F207633C178}" = Marketing Plan Pro 9.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{704BA20C-E4D5-4265-92B4-9768345AB76B}" = AVG 2011
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}" = AVG 2011
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E0E01E6-8F0B-428B-9A06-668104DA6872}" = Business Plan Pro 11.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BAD00139-E284-4F6C-AA94-FB637462DEEB}" = Palo Alto Software's Application Manager 8.2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"AC3Filter_is1" = AC3Filter 1.60b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_6" = AIM 6
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = ScreenPrint32 v3.5
"SyncBack_is1" = SyncBack
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"VLC media player" = VLC media player 1.0.1
"WinMend Registry Cleaner_is1" = WinMend Registry Cleaner 1.5.3
"WinRAR archiver" = WinRAR archiver
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/20/2010 11:10:20 AM | Computer Name = Allison-PC | Source = VSS | ID = 8194
Description =

Error - 10/20/2010 11:10:39 AM | Computer Name = Allison-PC | Source = VSS | ID = 12301
Description =

Error - 10/20/2010 11:10:39 AM | Computer Name = Allison-PC | Source = System Restore | ID = 8193
Description =

Error - 10/20/2010 11:13:10 AM | Computer Name = Allison-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 10/20/2010 11:13:22 AM | Computer Name = Allison-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 10/20/2010 11:13:22 AM | Computer Name = Allison-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 10/20/2010 11:13:42 AM | Computer Name = Allison-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x800706be.

Error - 10/20/2010 11:13:42 AM | Computer Name = Allison-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x800706be).

Error - 10/20/2010 2:01:00 PM | Computer Name = Allison-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 10/20/2010 2:01:01 PM | Computer Name = Allison-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6002.18005, time
stamp 0x49e02459, faulting module TQUERY.DLL, version 7.0.6002.18005, time stamp
0x49e0382e, exception code 0xc0000005, fault offset 0x0001ea42, process id 0xe28,
application start time 0x01cb70801afc55d6.

[ System Events ]
Error - 10/20/2010 1:32:25 AM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/20/2010 11:10:23 AM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/20/2010 11:10:23 AM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/20/2010 11:13:22 AM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 10/20/2010 11:13:22 AM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/20/2010 11:13:53 AM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 10/20/2010 1:57:21 PM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/20/2010 2:01:10 PM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/20/2010 2:48:29 PM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/20/2010 2:48:34 PM | Computer Name = Allison-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

#4 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:10:00 AM

Posted 20 October 2010 - 03:32 PM

You're welcome :)


You are using peer-to-peer programs, specifically BitTorrent and LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    [2010/08/21 01:44:15 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
    [2010/10/16 20:36:48 | 000,000,120 | ---- | C] () -- C:\Users\Allison\AppData\Local\Sbubewazuco.dat
    [2010/10/16 20:36:48 | 000,000,000 | ---- | C] () -- C:\Users\Allison\AppData\Local\Ehezimife.bin
    [2010/10/16 19:17:51 | 000,000,300 | ---- | C] () -- C:\Windows\stsf.bat
    [2010/10/16 17:53:33 | 000,842,752 | ---- | C] () -- C:\Windows\System32\drivers\dnkfl.sys
    [2010/10/19 00:09:21 | 000,016,384 | -H-- | M] () -- C:\SZKGFS.dat
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done


Also post the Gmer log as well.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#5 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 October 2010 - 08:56 PM

I will uninstall them. I didn't even realize Limewire was on my computer. Here is the gmer log and I will go do the other step now. Thank you again!

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-20 21:53:53
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Allison\AppData\Local\Temp\kxddqfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xACF46780] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xACF46830] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xACF468D0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xACF46970] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 820F3B54 4 Bytes [80, 67, F4, AC] {AND BYTE [EDI-0xc], 0xac}
.text ntkrnlpa.exe!KeSetEvent + 621 820F3D84 8 Bytes [30, 68, F4, AC, D0, 68, F4, ...] {XOR [EAX-0xc], CH; LODSB ; SHR BYTE [EAX-0xc], 0x1; LODSB }
.text ntkrnlpa.exe!KeSetEvent + 681 820F3DE4 4 Bytes [70, 69, F4, AC] {JO 0x6b; HLT ; LODSB }
? System32\Drivers\dnkfl.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[312] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 56, 00]
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[312] WS2_32.dll!connect 760E40D9 6 Bytes JMP 715D0F5A
.text C:\Windows\system32\Dwm.exe[312] WS2_32.dll!WSALookupServiceNextW 760E455D 6 Bytes JMP 71630F5A
.text C:\Windows\system32\Dwm.exe[312] WS2_32.dll!WSALookupServiceBeginW 760E4E93 6 Bytes JMP 71660F5A
.text C:\Windows\system32\Dwm.exe[312] WS2_32.dll!WSALookupServiceEnd 760E5564 6 Bytes JMP 71600F5A
.text C:\Windows\system32\Dwm.exe[312] WS2_32.dll!listen 760E8CD7 6 Bytes JMP 715A0F5A
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[972] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Windows\ehome\ehmsas.exe[972] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 18, 00] {OR AL, [EAX]; SBB [EAX], AL}
.text C:\Windows\ehome\ehmsas.exe[972] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\ehome\ehmsas.exe[972] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Windows\ehome\ehmsas.exe[972] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1188] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[1188] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 11, 00] {OR AL, [EAX]; ADC [EAX], EAX}
.text C:\Windows\system32\taskeng.exe[1188] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[1188] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[1188] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[1188] WS2_32.dll!connect 760E40D9 6 Bytes JMP 71570F5A
.text C:\Windows\system32\taskeng.exe[1188] WS2_32.dll!WSALookupServiceNextW 760E455D 6 Bytes JMP 715D0F5A
.text C:\Windows\system32\taskeng.exe[1188] WS2_32.dll!WSALookupServiceBeginW 760E4E93 6 Bytes JMP 71630F5A
.text C:\Windows\system32\taskeng.exe[1188] WS2_32.dll!WSALookupServiceEnd 760E5564 6 Bytes JMP 715A0F5A
.text C:\Windows\system32\taskeng.exe[1188] WS2_32.dll!listen 760E8CD7 6 Bytes JMP 71660F5A
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[1504] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Windows\ehome\ehtray.exe[1504] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 74, 01] {OR AL, [EAX]; JZ 0x5}
.text C:\Windows\ehome\ehtray.exe[1504] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\ehome\ehtray.exe[1504] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Windows\ehome\ehtray.exe[1504] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2100] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Windows\Explorer.EXE[2100] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 80, 00]
.text C:\Windows\Explorer.EXE[2100] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\Explorer.EXE[2100] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Windows\Explorer.EXE[2100] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\Explorer.EXE[2100] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Windows\Explorer.EXE[2100] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Windows\Explorer.EXE[2100] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Windows\Explorer.EXE[2100] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\Explorer.EXE[2100] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2100] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Windows\Explorer.EXE[2100] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[2100] WS2_32.dll!connect 760E40D9 6 Bytes JMP 71760F5A
.text C:\Windows\Explorer.EXE[2100] WS2_32.dll!WSALookupServiceNextW 760E455D 6 Bytes JMP 717C0F5A
.text C:\Windows\Explorer.EXE[2100] WS2_32.dll!WSALookupServiceBeginW 760E4E93 6 Bytes JMP 717F0F5A
.text C:\Windows\Explorer.EXE[2100] WS2_32.dll!WSALookupServiceEnd 760E5564 6 Bytes JMP 71790F5A
.text C:\Windows\Explorer.EXE[2100] WS2_32.dll!listen 760E8CD7 6 Bytes JMP 71820F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 1D, 00]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2564] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
? C:\Windows\System32\svchost.exe[2856] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
? C:\Windows\System32\svchost.exe[2876] image checksum mismatch; time/date stamp mismatch;
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[3576] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Windows\System32\hkcmd.exe[3576] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 29, 00] {OR AL, [EAX]; SUB [EAX], EAX}
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Windows\System32\hkcmd.exe[3576] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\hkcmd.exe[3576] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\hkcmd.exe[3576] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [6D, 71]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [73, 71] {JAE 0x73}
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [6A, 71] {PUSH 0x71}
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [70, 71] {JO 0x73}
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 8B, 00] {OR AL, [EAX]; MOV EAX, [EAX]}
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] WS2_32.dll!connect 760E40D9 6 Bytes JMP 71AE001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] WS2_32.dll!WSALookupServiceNextW 760E455D 6 Bytes JMP 71A2001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] WS2_32.dll!WSALookupServiceBeginW 760E4E93 6 Bytes JMP 71A5001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] WS2_32.dll!WSALookupServiceEnd 760E5564 6 Bytes JMP 719F001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] WS2_32.dll!listen 760E8CD7 6 Bytes JMP 71A8001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 7179001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 717C001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 7182001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 7188001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 717F001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 7185001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!mouse_event 7633044E 6 Bytes JMP 719C001E
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!SendInput + 4 76332F79 2 Bytes [96, 71]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3612] USER32.dll!keybd_event 7635D972 6 Bytes JMP 7199001E
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 1D, 00]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] WS2_32.dll!connect 760E40D9 6 Bytes JMP 71790F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] WS2_32.dll!WSALookupServiceNextW 760E455D 6 Bytes JMP 717F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] WS2_32.dll!WSALookupServiceBeginW 760E4E93 6 Bytes JMP 71820F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] WS2_32.dll!WSALookupServiceEnd 760E5564 6 Bytes JMP 717C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3620] WS2_32.dll!listen 760E8CD7 6 Bytes JMP 71760F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [7C, 71] {JL 0x73}
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [82, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [79, 71] {JNS 0x73}
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [85, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 3B, 00] {OR AL, [EAX]; CMP EAX, [EAX]}
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[5636] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [78, 71] {JS 0x73}
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [7E, 71] {JLE 0x73}
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [75, 71] {JNZ 0x73}
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [7B, 71] {JNP 0x73}
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [81, 71]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, B9, 01]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71850F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71880F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 718E0F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71940F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 718B0F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71910F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!mouse_event 7633044E 6 Bytes JMP 719D0F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!SendInput + 4 76332F79 2 Bytes [96, 71]
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] USER32.dll!keybd_event 7635D972 6 Bytes JMP 719A0F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] WS2_32.dll!connect 760E40D9 6 Bytes JMP 71AF0F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] WS2_32.dll!WSALookupServiceNextW 760E455D 6 Bytes JMP 71A30F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] WS2_32.dll!WSALookupServiceBeginW 760E4E93 6 Bytes JMP 71A60F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] WS2_32.dll!WSALookupServiceEnd 760E5564 6 Bytes JMP 71A00F5A
.text c:\Program Files\STOPzilla!\STOPzilla.exe[5728] WS2_32.dll!listen 760E8CD7 6 Bytes JMP 71A90F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtCreateFile 770643D4 3 Bytes [FF, 25, 1E]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtCreateFile + 4 770643D8 2 Bytes [87, 71]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtDeleteValueKey 770647F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtDeleteValueKey + 4 770647F8 2 Bytes [8D, 71]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtOpenFile 77064BB4 3 Bytes [FF, 25, 1E]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtOpenFile + 4 77064BB8 2 Bytes [84, 71]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtOpenProcess 77064C34 3 Bytes [FF, 25, 1E]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtOpenProcess + 4 77064C38 2 Bytes [8A, 71]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtSetValueKey 77065454 3 Bytes [FF, 25, 1E]
.text C:\Users\Allison\Desktop\gmer.exe[6316] ntdll.dll!NtSetValueKey + 4 77065458 2 Bytes [90, 71]
.text C:\Users\Allison\Desktop\gmer.exe[6316] kernel32.dll!LoadLibraryExW + 248 750A9351 4 Bytes [0A, 00, 3A, 00] {OR AL, [EAX]; CMP AL, [EAX]}
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!PostMessageA 7630F8F8 6 Bytes JMP 719D0F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!SendMessageA 7630F956 6 Bytes JMP 71A30F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!PostMessageW 7631A175 6 Bytes JMP 719A0F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!SendMessageW 76320AED 6 Bytes JMP 71A00F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!mouse_event 7633044E 6 Bytes JMP 71AC0F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!SendInput 76332F75 3 Bytes [FF, 25, 1E]
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!SendInput + 4 76332F79 2 Bytes [A5, 71]
.text C:\Users\Allison\Desktop\gmer.exe[6316] USER32.dll!keybd_event 7635D972 6 Bytes JMP 71A90F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] ADVAPI32.dll!CreateServiceW 764B9EB4 6 Bytes JMP 71940F5A
.text C:\Users\Allison\Desktop\gmer.exe[6316] ADVAPI32.dll!CreateServiceA 764F72A1 6 Bytes JMP 71970F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 869E9760

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] dnkfl <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\dnkfl@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\dnkfl@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dnkfl@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dnkfl@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\dnkfl@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\dnkfl@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\dnkfl@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\dnkfl@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 5
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlModified 3
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlErrors 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlRetries 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@CrawlType 5
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl6.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@CheckPoint 0x04 0x08 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6@LogStartAddId 3
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@CrawlNumberInProgress 6
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@LastCrawlType 1

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00585.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00586.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00587.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00588.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00589.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0058A.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0058B.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0058C.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0058D.log 131072 bytes

---- EOF - GMER 1.0.15 ----

#6 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 October 2010 - 08:58 PM

I uninstalled BitTorrent, but I don't see Limewire. How do I uninstall it if it isn't in my program list and I don't see it in the Program Files?

#7 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 20 October 2010 - 10:03 PM

Here is what popped up after reboot from the OTL fix:

All processes killed
========== OTL ==========
No active process named ViewpointService.exe was found!
Error: No service named Viewpoint Manager Service was found to stop!
Service\Driver key Viewpoint Manager Service not found.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Folder C:\Program Files\Viewpoint\ not found.
File C:\Users\Allison\AppData\Local\Sbubewazuco.dat not found.
File C:\Users\Allison\AppData\Local\Ehezimife.bin not found.
File C:\Windows\stsf.bat not found.
File C:\Windows\System32\drivers\dnkfl.sys not found.
File C:\SZKGFS.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Allison
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6495883 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vernard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vernard.Allison-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10602856 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 367185296 bytes

Total Files Cleaned = 367.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10202010_225835

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#8 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:10:00 AM

Posted 21 October 2010 - 01:24 PM

It may just be a leftover folder for LimeWire if it is already uninstalled.


Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.




Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#9 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 21 October 2010 - 02:17 PM

Step One - Done

Step Two -

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4904

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

10/21/2010 3:12:23 PM
mbam-log-2010-10-21 (15-12-23).txt

Scan type: Quick scan
Objects scanned: 181886
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\dnkfl.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

#10 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 21 October 2010 - 07:27 PM

Here is the result of the ESET Scan:

C:\Program Files\Program Files\AVG\AVG8\avgtoolbar.dll probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined
C:\Program Files\Program Files\Zoom Player\zpupdate.exe probably a variant of Win32/Agent.HKBQSAG trojan cleaned by deleting - quarantined
C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined


Just let me know what to do next :)

#11 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 23 October 2010 - 12:41 AM

The computer won't boot up anymore, says that this file is missing, damaged, or corrupt.

\Windows\System32\Drivers\dnkfl.sys

So, I guess I have to reformat and start over?

#12 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:10:00 AM

Posted 24 October 2010 - 01:32 PM

Can you boot into safe mode?
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#13 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 24 October 2010 - 01:44 PM

No, it gives me the same screen. I also tried the load last working configuration and I get the same thing.

#14 babybash78

babybash78
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 26 October 2010 - 03:31 PM

I was able to repair it using the disk, but I'm still having problems with the malware. Are there other steps or should I just wipe it clean?

Thanks!

Allison

#15 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:10:00 AM

Posted 27 October 2010 - 08:23 PM

Hi Allison,

Sorry for the delay.

I see you have combofix. Please delete it from your desktop, then:

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users