Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection


  • This topic is locked This topic is locked
32 replies to this topic

#1 lkh

lkh

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 23 April 2011 - 05:29 PM

Takes over Internet Explorer...hides C: drive and Desktop...turns off Task Manager...and plays audio in the background. Have tried Malwarebytes several times, but virus restarts.
Spybot identifies: Fraud.Windows.Recovery

This seems particularly sticky....Help....and thanks in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 01 May 2011 - 08:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 01 May 2011 - 11:59 AM

hi mryti

thanks for responding

i cleaned up a number of issues, but continue to get audio ads, pop ups and lots of script errors

following are the tests you requested: (i'm not seeing the "watch topic" button you referred to)

OTL logfile created on: 5/1/2011 11:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\LKH\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 138.68 Gb Free Space | 59.57% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.57 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive G: | 55.93 Gb Total Space | 23.24 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 48.91 Gb Free Space | 16.41% Space Free | Partition Type: NTFS

Computer Name: MIDWESTMAIN | User Name: LKH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 11:12:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\LKH\Desktop\OTL.exe
PRC - [2011/04/27 11:44:57 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/03/16 11:08:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/25 18:48:06 | 000,087,344 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/01/27 16:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010/11/20 07:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/14 23:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
PRC - [2010/04/26 11:06:44 | 000,096,112 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2010/02/02 12:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe
PRC - [2008/12/09 06:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 11:12:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\LKH\Desktop\OTL.exe
MOD - [2011/04/24 21:19:08 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 11:44:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/26 10:37:01 | 002,146,496 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/03/16 11:08:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/25 18:48:06 | 000,087,344 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/01/27 16:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/14 23:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe)
SRV - [2010/06/18 16:02:20 | 001,423,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\No-IP\DUC30.exe -- (NoIPDUCService3)
SRV - [2010/04/07 00:50:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/02 12:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/02/24 12:05:16 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Disabled | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/18 19:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/16 11:08:34 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/02/09 09:34:26 | 000,159,536 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2011/01/06 05:11:00 | 000,024,280 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk32.sys -- (ElRawDisk)
DRV - [2010/11/22 18:16:27 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/23 04:11:28 | 000,316,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/16 12:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\beep.sys -- (Beep)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/06/30 05:38:28 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/09/01 01:03:02 | 000,272,424 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv64xx.sys -- (mv64xx)
DRV - [2007/12/17 18:14:04 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;192.168.*.*

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/09 12:47:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/09 12:47:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/27 14:03:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/25 12:10:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
O4 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck.qualys.com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 11:12:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\LKH\Desktop\OTL.exe
[2011/04/30 19:48:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 19:47:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/30 19:40:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/30 19:39:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/30 19:27:11 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LKH\Desktop\tdsskiller.exe
[2011/04/30 19:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/30 19:18:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/30 19:18:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/30 19:18:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/30 13:51:07 | 001,940,656 | ---- | C] (ParetoLogic Inc.) -- C:\Users\LKH\Desktop\RegCureSetup_RW.exe
[2011/04/29 10:55:36 | 189,819,600 | ---- | C] (Acronis) -- C:\Users\LKH\Desktop\ATIH2011_trial_en-US.exe
[2011/04/29 09:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/04/29 09:22:47 | 015,804,600 | ---- | C] ({code:GDConstant|CompanyName} ) -- C:\Users\LKH\Desktop\RecoverMyFiles-Setup.exe
[2011/04/29 08:36:25 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/04/29 08:36:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/04/29 00:14:53 | 000,024,280 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\elrawdsk32.sys
[2011/04/28 19:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Easy
[2011/04/28 19:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2011/04/28 19:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/04/28 11:56:02 | 000,000,000 | ---D | C] -- C:\Users\LKH\Desktop\Restored Files
[2011/04/28 10:46:11 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2011/04/28 10:42:54 | 282,427,301 | ---- | C] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\LKH\Desktop\UBCD4WinV360.exe
[2011/04/27 23:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart NTFS Recovery
[2011/04/27 23:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Solutions
[2011/04/27 23:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Directory Snoop 5.0
[2011/04/27 23:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Briggs Softworks
[2011/04/27 23:39:07 | 001,759,304 | ---- | C] ( ) -- C:\Users\LKH\Desktop\ds95.exe
[2011/04/27 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Investigator
[2011/04/27 23:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Investigator
[2011/04/27 23:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Investigator
[2011/04/27 23:32:06 | 001,447,000 | ---- | C] (Smart PC Solutions ) -- C:\Users\LKH\Desktop\fatrecovery.exe
[2011/04/27 23:31:25 | 001,485,568 | ---- | C] (Smart PC Solutions ) -- C:\Users\LKH\Desktop\ntfsrecovery.exe
[2011/04/27 23:30:36 | 002,451,576 | ---- | C] (Piriform Ltd) -- C:\Users\LKH\Desktop\rcsetup140.exe
[2011/04/27 23:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
[2011/04/27 23:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\File Scavenger 3.2
[2011/04/27 23:19:33 | 001,599,000 | ---- | C] (QueTek Consulting Corporation) -- C:\Users\LKH\Desktop\32fsu32.exe
[2011/04/27 16:29:28 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/04/27 14:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/04/27 14:01:34 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Qualys
[2011/04/27 13:38:07 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\LKH\Desktop\BlitzBlank.exe
[2011/04/27 13:00:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/27 13:00:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/27 13:00:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/27 12:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/27 12:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011/04/27 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/04/27 11:50:31 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\LKH\Desktop\Rooter.exe
[2011/04/27 11:46:49 | 000,000,000 | ---D | C] -- C:\Users\LKH\Desktop\SysProt
[2011/04/27 10:01:32 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/04/27 10:01:32 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/04/27 10:01:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/04/27 10:01:25 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 10:01:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/04/27 10:00:56 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/26 15:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/26 15:38:12 | 000,000,000 | ---D | C] -- C:\Users\LKH\Documents\Anti-Malware
[2011/04/26 15:34:23 | 102,196,656 | ---- | C] (Emsi Software GmbH ) -- C:\Users\LKH\Desktop\EmsisoftAntiMalwareSetup.exe
[2011/04/25 15:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2011/04/25 11:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/24 21:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/04/24 21:25:53 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/04/24 21:25:52 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/24 21:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/04/24 21:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/04/24 21:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/24 21:18:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/24 20:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011/04/24 20:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/24 13:34:43 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Local\temp
[2011/04/24 13:23:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/24 12:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/24 12:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/24 12:23:04 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Tific
[2011/04/24 12:23:04 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Local\Tific
[2011/04/24 12:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/24 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/24 12:12:42 | 000,000,000 | ---D | C] -- C:\Users\LKH\Documents\RegRun2
[2011/04/24 12:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2011/04/24 11:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/24 11:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/04/23 17:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/04/23 17:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011/04/23 17:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2011/04/23 17:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2011/04/23 17:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/04/23 11:59:11 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/23 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/22 17:03:32 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/04/22 17:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/04/22 16:58:20 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Malwarebytes
[2011/04/22 16:58:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/22 16:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/22 16:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/22 16:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/22 14:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for Weatherbug
[2011/04/22 14:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Client
[2011/04/22 14:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\UltimaDownloads
[2011/04/22 13:28:48 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Sammsoft
[2011/04/22 11:56:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys
[2011/04/21 14:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2011/04/19 11:25:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/19 11:25:25 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/19 11:25:17 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/19 11:25:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/19 11:25:10 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/19 11:25:10 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/19 11:24:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/18 07:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/04/13 11:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/13 11:17:54 | 000,000,000 | ---D | C] -- C:\Users\LKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/04/13 10:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/04/08 11:50:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/08 11:50:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/08 11:50:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/08 11:50:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/08 11:50:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/08 11:50:37 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/08 11:50:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/08 11:50:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 11:50:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/08 11:50:37 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/08 11:50:37 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/08 11:50:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/08 11:50:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/08 11:50:37 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/08 11:50:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/08 11:50:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/08 11:50:37 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/08 11:50:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/08 11:50:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/08 11:50:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/08 11:50:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/08 11:50:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/08 11:50:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/08 11:50:37 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/08 11:50:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/08 11:50:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/08 11:50:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/08 11:50:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/08 11:50:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/08 11:50:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/08 11:50:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/08 11:50:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/08 11:50:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/08 11:50:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/08 11:50:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/08 11:50:37 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/08 11:50:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/08 11:50:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/08 11:50:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/04 12:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aficio SP C430DN_C431DN
[2011/04/04 11:52:26 | 000,000,000 | ---D | C] -- C:\Users\LKH\Desktop\en
[2011/04/02 09:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\RICOH
[2011/04/02 09:34:02 | 001,527,808 | ---- | C] (RICOH CO., LTD.) -- C:\Windows\System32\DNC43dat.dll
[2011/04/02 09:34:02 | 000,073,728 | ---- | C] (RICOH CO.,Ltd.) -- C:\Windows\System32\mfricres.dll
[2011/04/02 09:34:02 | 000,057,344 | ---- | C] (RICOH CO.,Ltd.) -- C:\Windows\System32\ricdb32.dll
[2011/04/02 09:34:02 | 000,032,768 | ---- | C] (RICOH CO.,Ltd.) -- C:\Windows\System32\rica8Elm.dll
[2011/04/02 09:06:18 | 000,000,000 | R--D | C] -- C:\Windows\System32\Generic
[2011/04/02 09:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\R_MANUAL

========== Files - Modified Within 30 Days ==========

[2011/05/01 11:12:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\LKH\Desktop\OTL.exe
[2011/05/01 11:02:59 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/01 10:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/01 03:55:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 19:38:40 | 004,334,077 | R--- | M] () -- C:\Users\LKH\Desktop\ComboFix.exe
[2011/04/30 19:34:40 | 001,006,778 | ---- | M] () -- C:\Users\LKH\Desktop\rkill.com
[2011/04/30 19:33:41 | 000,294,400 | ---- | M] () -- C:\Users\LKH\Desktop\exeHelper.com
[2011/04/30 19:27:06 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LKH\Desktop\tdsskiller.exe
[2011/04/30 19:18:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/30 19:18:47 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/30 19:18:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/30 19:18:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/30 15:23:11 | 000,000,512 | ---- | M] () -- C:\Users\LKH\Desktop\MBR.dat
[2011/04/30 15:03:13 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011/04/30 14:24:11 | 000,013,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 14:24:11 | 000,013,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/30 14:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 14:16:20 | 2408,931,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 13:51:01 | 001,940,656 | ---- | M] (ParetoLogic Inc.) -- C:\Users\LKH\Desktop\RegCureSetup_RW.exe
[2011/04/29 15:39:43 | 001,554,764 | ---- | M] () -- C:\Users\LKH\Desktop\600 E Northwest Hwy, DesPlaines Signed Laese & Guaranty.pdf
[2011/04/29 15:34:57 | 000,541,025 | ---- | M] () -- C:\Users\LKH\Desktop\600 E Signed Guaranty.PDF
[2011/04/29 15:32:38 | 000,418,822 | ---- | M] () -- C:\Users\LKH\Desktop\600 E Insur Change.PDF
[2011/04/29 15:31:40 | 000,173,024 | ---- | M] () -- C:\Users\LKH\Desktop\600 E Sig Page.PDF
[2011/04/29 15:30:16 | 000,159,035 | ---- | M] () -- C:\Users\LKH\Desktop\3100 S Homan 2nd Check.PDF
[2011/04/29 12:28:48 | 000,062,782 | ---- | M] () -- C:\Users\LKH\Desktop\600 E Guaranty (Final).pdf
[2011/04/29 11:16:00 | 000,059,374 | ---- | M] () -- C:\Users\LKH\Desktop\Guaranty (Final).PDF
[2011/04/29 11:15:51 | 000,888,016 | ---- | M] () -- C:\Users\LKH\Desktop\Lease (final signed by LL).PDF
[2011/04/29 10:57:29 | 189,819,600 | ---- | M] (Acronis) -- C:\Users\LKH\Desktop\ATIH2011_trial_en-US.exe
[2011/04/29 09:44:26 | 000,001,697 | ---- | M] () -- C:\Users\LKH\Desktop\RecoverMyFiles.exe - Shortcut.lnk
[2011/04/29 09:43:50 | 000,001,194 | ---- | M] () -- C:\Users\LKH\Desktop\Recover My Files.lnk
[2011/04/29 09:22:56 | 015,804,600 | ---- | M] ({code:GDConstant|CompanyName} ) -- C:\Users\LKH\Desktop\RecoverMyFiles-Setup.exe
[2011/04/29 08:56:47 | 017,977,016 | ---- | M] () -- C:\Users\LKH\Desktop\SeaToolsforWindowsSetup-1205.exe
[2011/04/29 08:51:48 | 003,411,350 | ---- | M] () -- C:\Users\LKH\Desktop\testdisk-6.12-WIP.win.zip
[2011/04/29 08:45:21 | 002,666,609 | ---- | M] () -- C:\Users\LKH\Desktop\gdbnt.zip
[2011/04/29 08:36:25 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/04/29 08:36:24 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/04/29 08:36:10 | 004,079,975 | ---- | M] () -- C:\Users\LKH\Desktop\SetupOGT900.exe
[2011/04/28 19:14:19 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/04/28 10:45:43 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\LKH\Desktop\UBCD4WinV360.exe
[2011/04/28 10:29:09 | 000,030,842 | ---- | M] () -- C:\Users\LKH\Desktop\backup.reg
[2011/04/28 09:31:26 | 000,002,057 | ---- | M] () -- C:\Users\LKH\Desktop\Click To Find and Fix PC Errors.lnk
[2011/04/28 09:31:26 | 000,001,288 | ---- | M] () -- C:\Users\LKH\Desktop\Smart NTFS Recovery.lnk
[2011/04/27 23:39:23 | 000,001,143 | ---- | M] () -- C:\Users\LKH\Desktop\DS-NTFS.lnk
[2011/04/27 23:39:22 | 000,001,138 | ---- | M] () -- C:\Users\LKH\Desktop\DS-FAT.lnk
[2011/04/27 23:39:03 | 001,759,304 | ---- | M] ( ) -- C:\Users\LKH\Desktop\ds95.exe
[2011/04/27 23:35:06 | 000,001,041 | ---- | M] () -- C:\Users\LKH\Desktop\Disk Investigator.lnk
[2011/04/27 23:34:29 | 000,277,939 | ---- | M] () -- C:\Users\LKH\Desktop\diskdigger.zip
[2011/04/27 23:31:58 | 001,447,000 | ---- | M] (Smart PC Solutions ) -- C:\Users\LKH\Desktop\fatrecovery.exe
[2011/04/27 23:31:20 | 001,485,568 | ---- | M] (Smart PC Solutions ) -- C:\Users\LKH\Desktop\ntfsrecovery.exe
[2011/04/27 23:30:19 | 002,451,576 | ---- | M] (Piriform Ltd) -- C:\Users\LKH\Desktop\rcsetup140.exe
[2011/04/27 23:19:25 | 001,599,000 | ---- | M] (QueTek Consulting Corporation) -- C:\Users\LKH\Desktop\32fsu32.exe
[2011/04/27 18:27:18 | 000,196,987 | ---- | M] () -- C:\Users\LKH\Desktop\Charlotte Lease.pdf
[2011/04/27 18:21:09 | 000,165,377 | ---- | M] () -- C:\Users\LKH\Desktop\Charlotte Sale.pdf
[2011/04/27 14:03:15 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/04/27 14:02:58 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/04/27 14:02:48 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/04/27 14:02:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/04/27 14:02:47 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/04/27 13:46:08 | 000,133,632 | ---- | M] () -- C:\Users\LKH\Desktop\RKUnhookerLE.EXE
[2011/04/27 13:38:04 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\LKH\Desktop\BlitzBlank.exe
[2011/04/27 12:53:04 | 000,080,384 | ---- | M] () -- C:\Users\LKH\Desktop\MBRCheck.exe
[2011/04/27 12:03:26 | 002,057,568 | ---- | M] () -- C:\Users\LKH\Desktop\SecurityTaskManager_Setup.exe
[2011/04/27 11:50:26 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\LKH\Desktop\Rooter.exe
[2011/04/27 11:46:33 | 000,354,396 | ---- | M] () -- C:\Users\LKH\Desktop\SysProt.zip
[2011/04/27 11:43:20 | 000,879,081 | ---- | M] () -- C:\Users\LKH\Desktop\SecurityCheck.exe
[2011/04/26 15:38:28 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/04/26 15:37:43 | 102,196,656 | ---- | M] (Emsi Software GmbH ) -- C:\Users\LKH\Desktop\EmsisoftAntiMalwareSetup.exe
[2011/04/26 13:38:32 | 000,007,638 | ---- | M] () -- C:\Users\LKH\AppData\Local\resmon.resmoncfg
[2011/04/26 12:52:43 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/04/26 12:26:23 | 000,701,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/26 12:26:23 | 000,134,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 15:19:07 | 000,290,190 | ---- | M] () -- C:\Users\LKH\Desktop\861 N Liberty, Elgin Bayview Opinion Fee.PDF
[2011/04/25 15:14:10 | 004,596,432 | ---- | M] () -- C:\Users\LKH\Desktop\removeitpro_trialv7.exe
[2011/04/25 15:12:13 | 007,767,633 | ---- | M] () -- C:\Users\LKH\Desktop\mvc.zip
[2011/04/25 12:10:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/25 11:25:57 | 000,000,840 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/04/25 10:55:37 | 000,001,176 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/04/25 02:09:32 | 357,454,759 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/24 21:25:53 | 001,308,464 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/24 21:25:51 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/04/24 12:12:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/24 12:12:43 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2011/04/24 12:12:43 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2011/04/22 22:39:40 | 000,504,657 | ---- | M] () -- C:\Users\LKH\Desktop\unhide.exe
[2011/04/19 15:57:24 | 000,000,598 | ---- | M] () -- C:\Windows\ricdb.ini
[2011/04/19 13:25:19 | 000,456,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/18 19:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/04/18 05:23:39 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/04/14 13:22:05 | 000,051,423 | ---- | M] () -- C:\Users\LKH\Documents\1000 crossroads
[2011/04/13 11:33:47 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/04/13 11:25:18 | 000,001,298 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/04/09 10:35:31 | 000,009,290 | -HS- | M] () -- C:\ProgramData\1050jcc8s4114qmjdm0v8mn8cwkp30y42rx25trg7ffoq
[2011/04/08 11:50:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/04/08 11:50:37 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/08 11:50:37 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/04/08 11:50:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/08 11:50:37 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/08 11:50:37 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/08 11:50:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/04/08 11:50:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/08 11:50:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/08 11:50:37 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/04/08 11:50:37 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/08 11:50:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/04/08 11:50:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/04/08 11:50:37 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/04/08 11:50:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/08 11:50:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/04/08 11:50:37 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/04/08 11:50:37 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/04/08 11:50:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/04/08 11:50:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/04/08 11:50:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/08 11:50:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/04/08 11:50:37 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/08 11:50:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/04/08 11:50:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/04/08 11:50:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/08 11:50:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/04/08 11:50:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/04/08 11:50:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/04/08 11:50:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/08 11:50:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/08 11:50:37 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/08 11:50:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/08 11:50:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/04/08 11:50:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/04/08 11:50:37 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/08 11:50:37 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/04/08 11:50:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/08 11:50:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/08 11:50:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/04 16:28:12 | 000,000,078 | ---- | M] () -- C:\Windows\setscan.ini

========== Files Created - No Company Name ==========

[2011/04/30 19:38:36 | 004,334,077 | R--- | C] () -- C:\Users\LKH\Desktop\ComboFix.exe
[2011/04/30 19:34:44 | 001,006,778 | ---- | C] () -- C:\Users\LKH\Desktop\rkill.com
[2011/04/30 19:33:48 | 000,294,400 | ---- | C] () -- C:\Users\LKH\Desktop\exeHelper.com
[2011/04/30 15:23:11 | 000,000,512 | ---- | C] () -- C:\Users\LKH\Desktop\MBR.dat
[2011/04/29 15:39:43 | 001,554,764 | ---- | C] () -- C:\Users\LKH\Desktop\600 E Northwest Hwy, DesPlaines Signed Laese & Guaranty.pdf
[2011/04/29 15:34:53 | 000,541,025 | ---- | C] () -- C:\Users\LKH\Desktop\600 E Signed Guaranty.PDF
[2011/04/29 15:32:35 | 000,418,822 | ---- | C] () -- C:\Users\LKH\Desktop\600 E Insur Change.PDF
[2011/04/29 15:31:38 | 000,173,024 | ---- | C] () -- C:\Users\LKH\Desktop\600 E Sig Page.PDF
[2011/04/29 15:30:13 | 000,159,035 | ---- | C] () -- C:\Users\LKH\Desktop\3100 S Homan 2nd Check.PDF
[2011/04/29 12:28:48 | 000,062,782 | ---- | C] () -- C:\Users\LKH\Desktop\600 E Guaranty (Final).pdf
[2011/04/29 11:16:00 | 000,059,374 | ---- | C] () -- C:\Users\LKH\Desktop\Guaranty (Final).PDF
[2011/04/29 11:15:51 | 000,888,016 | ---- | C] () -- C:\Users\LKH\Desktop\Lease (final signed by LL).PDF
[2011/04/29 09:44:26 | 000,001,697 | ---- | C] () -- C:\Users\LKH\Desktop\RecoverMyFiles.exe - Shortcut.lnk
[2011/04/29 09:41:20 | 000,001,194 | ---- | C] () -- C:\Users\LKH\Desktop\Recover My Files.lnk
[2011/04/29 08:56:41 | 017,977,016 | ---- | C] () -- C:\Users\LKH\Desktop\SeaToolsforWindowsSetup-1205.exe
[2011/04/29 08:51:46 | 003,411,350 | ---- | C] () -- C:\Users\LKH\Desktop\testdisk-6.12-WIP.win.zip
[2011/04/29 08:45:23 | 002,666,609 | ---- | C] () -- C:\Users\LKH\Desktop\gdbnt.zip
[2011/04/29 08:36:20 | 004,079,975 | ---- | C] () -- C:\Users\LKH\Desktop\SetupOGT900.exe
[2011/04/28 19:14:19 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2011/04/28 10:29:09 | 000,030,842 | ---- | C] () -- C:\Users\LKH\Desktop\backup.reg
[2011/04/27 23:48:36 | 000,504,657 | ---- | C] () -- C:\Users\LKH\Desktop\unhide.exe
[2011/04/27 23:39:43 | 000,002,057 | ---- | C] () -- C:\Users\LKH\Desktop\Click To Find and Fix PC Errors.lnk
[2011/04/27 23:39:43 | 000,001,288 | ---- | C] () -- C:\Users\LKH\Desktop\Smart NTFS Recovery.lnk
[2011/04/27 23:39:23 | 000,001,143 | ---- | C] () -- C:\Users\LKH\Desktop\DS-NTFS.lnk
[2011/04/27 23:39:22 | 000,001,138 | ---- | C] () -- C:\Users\LKH\Desktop\DS-FAT.lnk
[2011/04/27 23:35:06 | 000,001,041 | ---- | C] () -- C:\Users\LKH\Desktop\Disk Investigator.lnk
[2011/04/27 23:34:31 | 000,277,939 | ---- | C] () -- C:\Users\LKH\Desktop\diskdigger.zip
[2011/04/27 18:27:38 | 000,196,987 | ---- | C] () -- C:\Users\LKH\Desktop\Charlotte Lease.pdf
[2011/04/27 18:21:09 | 000,165,377 | ---- | C] () -- C:\Users\LKH\Desktop\Charlotte Sale.pdf
[2011/04/27 14:03:15 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/04/27 13:46:14 | 000,133,632 | ---- | C] () -- C:\Users\LKH\Desktop\RKUnhookerLE.EXE
[2011/04/27 13:00:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/27 13:00:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/27 13:00:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/27 13:00:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/27 13:00:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/27 12:53:10 | 000,080,384 | ---- | C] () -- C:\Users\LKH\Desktop\MBRCheck.exe
[2011/04/27 12:03:31 | 002,057,568 | ---- | C] () -- C:\Users\LKH\Desktop\SecurityTaskManager_Setup.exe
[2011/04/27 11:46:35 | 000,354,396 | ---- | C] () -- C:\Users\LKH\Desktop\SysProt.zip
[2011/04/27 11:43:27 | 000,879,081 | ---- | C] () -- C:\Users\LKH\Desktop\SecurityCheck.exe
[2011/04/26 15:38:28 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/04/25 15:19:03 | 000,290,190 | ---- | C] () -- C:\Users\LKH\Desktop\861 N Liberty, Elgin Bayview Opinion Fee.PDF
[2011/04/25 15:14:15 | 004,596,432 | ---- | C] () -- C:\Users\LKH\Desktop\removeitpro_trialv7.exe
[2011/04/25 15:12:13 | 007,767,633 | ---- | C] () -- C:\Users\LKH\Desktop\mvc.zip
[2011/04/25 11:05:28 | 000,000,840 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/04/25 10:55:13 | 000,001,176 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/04/25 01:07:50 | 357,454,759 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/25 00:07:06 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/04/24 12:12:43 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2011/04/24 11:14:08 | 001,308,464 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/24 10:05:51 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/22 12:51:34 | 000,007,638 | ---- | C] () -- C:\Users\LKH\AppData\Local\resmon.resmoncfg
[2011/04/14 13:22:01 | 000,051,423 | ---- | C] () -- C:\Users\LKH\Documents\1000 crossroads
[2011/04/13 10:37:29 | 000,002,843 | ---- | C] () -- C:\Users\LKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/04/09 10:33:54 | 000,009,290 | -HS- | C] () -- C:\ProgramData\1050jcc8s4114qmjdm0v8mn8cwkp30y42rx25trg7ffoq
[2011/04/08 11:50:37 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/04 10:58:50 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2011/04/02 09:34:05 | 000,000,598 | ---- | C] () -- C:\Windows\ricdb.ini
[2011/03/09 12:40:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/12/12 15:55:57 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010/12/12 15:55:57 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010/12/12 15:25:37 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/23 13:34:24 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/07/02 09:36:11 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/16 14:36:33 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/03/16 12:02:46 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/03/11 21:28:57 | 000,000,628 | ---- | C] () -- C:\Windows\kofax200.ini
[2010/03/11 21:28:53 | 000,000,078 | ---- | C] () -- C:\Windows\setscan.ini
[2010/03/11 18:13:14 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/11 18:13:14 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CCE9DC218D.sys
[2010/03/11 18:02:00 | 000,028,787 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/03/11 16:49:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/09 15:06:40 | 011,384,320 | R--- | C] () -- C:\Windows\System32\BGP870.dll
[2009/10/13 14:04:06 | 000,012,288 | ---- | C] () -- C:\Windows\System32\hpnvr83.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 12:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,456,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,701,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,134,578 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/13 09:56:26 | 000,246,272 | R--- | C] () -- C:\Windows\System32\Bluebeam JPX Library.dll
[2008/11/06 11:29:26 | 000,678,912 | R--- | C] () -- C:\Windows\System32\Bluebeam Javascript Library.dll
[2007/12/28 02:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/03/08 22:03:58 | 000,000,972 | ---- | C] () -- C:\Windows\System32\PT27L.INI
[2006/02/21 19:25:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PT27F.DLL
[2003/09/17 14:00:56 | 000,266,327 | ---- | C] () -- C:\Windows\System32\ADErrorHandling.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/05/10 17:30:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\JPEG32.DLL
[2001/09/28 14:44:58 | 000,257,536 | ---- | C] () -- C:\Windows\System32\BiImg.dll
[2001/04/02 20:21:52 | 000,413,760 | ---- | C] () -- C:\Windows\System32\MPG4c32.dll
[2001/02/22 00:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2001/02/22 00:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1999/02/05 18:29:10 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Avaspi32.dll
[1997/10/31 03:54:44 | 000,060,928 | ---- | C] () -- C:\Windows\System32\DiIQDBNT.dll
[1997/06/02 19:08:34 | 000,060,712 | ---- | C] () -- C:\Windows\System32\BUICISIS.DLL
[1994/09/30 16:34:54 | 000,011,934 | ---- | C] () -- C:\Windows\System32\PIXPNR.DLL
[1994/09/30 16:34:52 | 000,012,126 | ---- | C] () -- C:\Windows\System32\PIXPCZ.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 244 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 5/1/2011 11:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\LKH\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 138.68 Gb Free Space | 59.57% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 465.57 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive G: | 55.93 Gb Total Space | 23.24 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 48.91 Gb Free Space | 16.41% Space Free | Partition Type: NTFS

Computer Name: MIDWESTMAIN | User Name: LKH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2147FABD-6F19-4306-91FF-AEDDF7DBA437}" = hpg8300
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Scanjet 8300
"{42756145-9997-4D28-809B-8756BFD00107}" = Microsoft Digital Image Pro 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{53FFC100-04FA-11E0-BC73-001AA037B01E}" = Google Earth Pro
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{60C7374C-B546-45DE-A578-2E29BA8C3F1C}" = Moto Helper Service
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A35E74B-68AD-4054-B93A-FEB7B687114C}" = Kofax VirtualReScan 4.50
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93824D92-644F-48A8-B4DF-1A15F1DFF3B5}" = HP Scanjet 8300 Series Specialized Document Scanning
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FB34FD-0B84-44A1-8683-B5EFFBF56D7A}" = ScanSoft PaperPort 10
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3FA1DCD-FDA7-451C-849E-18E7B13D1F14}" = Mototools Software Update
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E90F57DF-C1FE-40D1-B9DB-5D30BB785010}" = Bluebeam PDF Revu Standard v8.0.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE18E4CF-6732-470B-A526-3FE205AC69D5}" = CompanionLink
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4FD218F-FC1D-4F64-961D-7D0D357DB373}" = Aficio SP C430DN/C431DN Manuals
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5977DF9-7CA4-4305-9B48-1D8F723C5AC9}" = HP Smart Document Scan Software
"{FB29B583-945C-4094-BB4B-3A405574C560}" = Motorola Mobile Drivers Installation 5.0.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.11 beta
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 7.2
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"Directory Snoop_is1" = Directory Snoop 5.11 (Trial Version)
"Disk Investigator" = Disk Investigator 1.61
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ESET Online Scanner" = ESET Online Scanner v3
"Everything" = Everything 1.2.1.371
"ffdshow_is1" = ffdshow
"FreeFileViewer_is1" = Free File Viewer 2011
"Gadwin PrintScreen" = Gadwin PrintScreen
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Scanjet 8300 Document ISIS/TWAIN" = HP Scanjet 8300 Document ISIS/TWAIN
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1A4FE289-8B58-4FC5-8CE8-109A542CE0A7}" = ACT! by Sage 2009 (11.0)
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallShield_{E90F57DF-C1FE-40D1-B9DB-5D30BB785010}" = Bluebeam PDF Revu Standard v8.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MotoHelper" = MotoHelper 2.0.46 Driver 5.0.0
"MS Access 97 Runtime Edition" = MS Access 97 Runtime Edition
"NoIPDUC" = No-IP DUC
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ODIR_is1" = ODIR
"PictureIt_PI2_v10" = Microsoft Digital Image Pro 10
"PokerStars.net" = PokerStars.net
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"RealPlayer 12.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva
"Registry Easy_is1" = Registry Easy v5.6
"Revo Uninstaller" = Revo Uninstaller 1.91
"Security Task Manager" = Security Task Manager 1.8c
"Setup Support for Weatherbug" = Setup Support for Weatherbug 1.0
"Smart NTFS Recovery_is1" = Smart NTFS Recovery v4.4
"Trusted Software Assistant_is1" = File Type Assistant
"UBCD4Win_is1" = UBCD4Win 3.60
"Unlocker" = Unlocker 1.9.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2997555766-561918444-3558394800-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2011 03:04:10 AM | Computer Name = MidwestMain | Source = Windows Backup | ID = 4104
Description =

Error - 2/19/2011 06:02:05 PM | Computer Name = MidwestMain | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 2/19/2011 06:13:54 PM | Computer Name = MidwestMain | Source = Windows Search Service | ID = 3100
Description =

Error - 2/19/2011 06:18:01 PM | Computer Name = MidwestMain | Source = Windows Search Service | ID = 3100
Description =

Error - 2/19/2011 06:22:01 PM | Computer Name = MidwestMain | Source = Windows Search Service | ID = 3100
Description =

Error - 2/19/2011 06:34:12 PM | Computer Name = MidwestMain | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 2/19/2011 07:07:24 PM | Computer Name = MidwestMain | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 2/19/2011 07:37:21 PM | Computer Name = MidwestMain | Source = VSS | ID = 13
Description =

Error - 2/19/2011 07:37:21 PM | Computer Name = MidwestMain | Source = VSS | ID = 8193
Description =

Error - 2/19/2011 07:39:37 PM | Computer Name = MidwestMain | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

[ System Events ]
Error - 5/1/2011 12:21:38 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 5/1/2011 12:21:58 PM | Computer Name = MidwestMain | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 01 May 2011 - 03:28 PM

Hi,

well it certainly looks as if you ran just about all the tools we have at our disosal for malware removal. One that you haven't run from what I can see is aswmbr, please try it now:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 01 May 2011 - 03:44 PM

Results of aswMBR.exe:

aswMBR version 0.9.5 Copyright© 2011 AVAST Software
Run date: 2011-04-30 15:22:08
-----------------------------
15:22:08.143 OS Version: Windows 6.1.7601 Service Pack 1
15:22:08.143 Number of processors: 8 586 0x1A04
15:22:08.143 ComputerName: MIDWESTMAIN UserName: LKH
15:22:23.233 Initialize success
15:22:35.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:22:35.604 Disk 0 Vendor: WDC_WD2500AAKS-00F0A0 12.01B02 Size: 238475MB BusType: 3
15:22:35.604 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
15:22:35.614 Disk 1 Vendor: ST3500410AS CC31 Size: 476940MB BusType: 3
15:22:35.614 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\DMI &SAMSUNG SV0602H &0&00063a27_d401b227_Instance00
15:22:35.614 Disk 2 Vendor: DMI_____ 4.38 Size: 57277MB BusType: 4
15:22:37.634 Disk 0 MBR read successfully
15:22:37.634 Disk 0 MBR scan
15:22:39.644 Disk 0 scanning sectors +488394752
15:22:39.684 Disk 0 scanning C:\Windows\system32\drivers
15:22:47.189 Service scanning
15:22:48.063 Disk 0 trace - called modules:
15:22:48.094 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x867211ed]<<
15:22:48.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f96e0]
15:22:48.094 3 CLASSPNP.SYS[8b9ac59e] -> nt!IofCallDriver -> [0x864a1918]
15:22:48.110 5 ACPI.sys[8b2ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857dc908]
15:22:48.110 \Driver\atapi[0x864e7f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867211ed
15:22:48.125 Scan finished successfully
15:23:11.470 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
15:23:11.480 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 15:40:08
-----------------------------
15:40:08.156 OS Version: Windows 6.1.7601 Service Pack 1
15:40:08.156 Number of processors: 8 586 0x1A04
15:40:08.157 ComputerName: MIDWESTMAIN UserName: LKH
15:40:11.843 Initialize success
15:40:20.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:40:20.452 Disk 0 Vendor: Size: 0MB BusType: 0
15:40:20.454 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
15:40:20.456 Disk 1 Vendor: Size: 0MB BusType: 0
15:40:20.458 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\DMI &SAMSUNG SV0602H &0&00063a27_d401b227_Instance00
15:40:20.460 Disk 2 Vendor: Size: 0MB BusType: 0
15:40:20.463 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007e
15:40:20.466 Disk 3 Vendor: Size: 0MB BusType: 0
15:40:22.473 Disk 0 MBR read successfully
15:40:22.476 Disk 0 MBR scan
15:40:22.479 Disk 0 Windows 7 default MBR code
15:40:22.483 Disk 0 MBR hidden
15:40:22.486 Disk 0 scanning C:\Windows\system32\drivers
15:40:26.330 Service scanning
15:40:27.142 Disk 0 trace - called modules:
15:40:27.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x867211ed]<<
15:40:27.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f96e0]
15:40:27.166 3 CLASSPNP.SYS[8b9ac59e] -> nt!IofCallDriver -> [0x864a1918]
15:40:27.172 5 ACPI.sys[8b2ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857dc908]
15:40:27.177 \Driver\atapi[0x864e7f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867211ed
15:40:27.182 Scan finished successfully
15:40:42.723 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
15:40:42.740 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 15:40:08
-----------------------------
15:40:08.156 OS Version: Windows 6.1.7601 Service Pack 1
15:40:08.156 Number of processors: 8 586 0x1A04
15:40:08.157 ComputerName: MIDWESTMAIN UserName: LKH
15:40:11.843 Initialize success
15:40:20.450 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:40:20.452 Disk 0 Vendor: Size: 0MB BusType: 0
15:40:20.454 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
15:40:20.456 Disk 1 Vendor: Size: 0MB BusType: 0
15:40:20.458 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\DMI &SAMSUNG SV0602H &0&00063a27_d401b227_Instance00
15:40:20.460 Disk 2 Vendor: Size: 0MB BusType: 0
15:40:20.463 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000007e
15:40:20.466 Disk 3 Vendor: Size: 0MB BusType: 0
15:40:22.473 Disk 0 MBR read successfully
15:40:22.476 Disk 0 MBR scan
15:40:22.479 Disk 0 Windows 7 default MBR code
15:40:22.483 Disk 0 MBR hidden
15:40:22.486 Disk 0 scanning C:\Windows\system32\drivers
15:40:26.330 Service scanning
15:40:27.142 Disk 0 trace - called modules:
15:40:27.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x867211ed]<<
15:40:27.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f96e0]
15:40:27.166 3 CLASSPNP.SYS[8b9ac59e] -> nt!IofCallDriver -> [0x864a1918]
15:40:27.172 5 ACPI.sys[8b2ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857dc908]
15:40:27.177 \Driver\atapi[0x864e7f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867211ed
15:40:27.182 Scan finished successfully
15:40:42.723 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
15:40:42.740 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR.txt"
15:42:33.522 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
15:42:33.527 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR.txt"

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 01 May 2011 - 05:46 PM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 01 May 2011 - 06:18 PM

Myrti:

re-ran aswMBR....did scan...then fix....log attached.

the tool did not report: 'Infection fixed successfully',
so i rebooted maually.

still getting audio ads & spcript errors

Larry

aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 18:04:18
-----------------------------
18:04:18.884 OS Version: Windows 6.1.7601 Service Pack 1
18:04:18.884 Number of processors: 8 586 0x1A04
18:04:18.899 ComputerName: MIDWESTMAIN UserName: LKH
18:04:19.336 Initialize success
18:04:21.785 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:04:21.785 Disk 0 Vendor: WDC_WD2500AAKS-00F0A0 12.01B02 Size: 238475MB BusType: 3
18:04:21.785 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:04:21.801 Disk 1 Vendor: ST3500410AS CC31 Size: 476940MB BusType: 3
18:04:21.801 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\DMI &SAMSUNG SV0602H &0&00063a27_d401b227_Instance00
18:04:21.801 Disk 2 Vendor: DMI_____ 4.38 Size: 57277MB BusType: 4
18:04:23.829 Disk 0 MBR read successfully
18:04:23.829 Disk 0 MBR scan
18:04:23.829 Disk 0 Windows 7 default MBR code
18:04:25.857 Disk 0 scanning sectors +488394752
18:04:25.873 Disk 0 scanning C:\Windows\system32\drivers
18:04:29.429 Service scanning
18:04:30.412 Disk 0 trace - called modules:
18:04:30.428 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x867211ed]<<
18:04:30.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f96e0]
18:04:30.443 3 CLASSPNP.SYS[8b9ac59e] -> nt!IofCallDriver -> [0x864a1918]
18:04:30.443 5 ACPI.sys[8b2ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857dc908]
18:04:30.459 \Driver\atapi[0x864e7f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867211ed
18:04:30.459 Scan finished successfully
18:04:53.094 Disk 0 Windows 601 MBR fixed successfully
18:05:33.779 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
18:05:33.795 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR2.txt"

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 02 May 2011 - 05:20 AM

Hi,

could you please reboot once more and run a scan with aswmbr again? If the infection persists we will overwrite the MBR manually.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 May 2011 - 10:18 AM

Myrti

Rebooted and re-ran aswMBR scan...then fix...same results

Larry

aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 18:04:18
-----------------------------
18:04:18.884 OS Version: Windows 6.1.7601 Service Pack 1
18:04:18.884 Number of processors: 8 586 0x1A04
18:04:18.899 ComputerName: MIDWESTMAIN UserName: LKH
18:04:19.336 Initialize success
18:04:21.785 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:04:21.785 Disk 0 Vendor: WDC_WD2500AAKS-00F0A0 12.01B02 Size: 238475MB BusType: 3
18:04:21.785 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:04:21.801 Disk 1 Vendor: ST3500410AS CC31 Size: 476940MB BusType: 3
18:04:21.801 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\DMI &SAMSUNG SV0602H &0&00063a27_d401b227_Instance00
18:04:21.801 Disk 2 Vendor: DMI_____ 4.38 Size: 57277MB BusType: 4
18:04:23.829 Disk 0 MBR read successfully
18:04:23.829 Disk 0 MBR scan
18:04:23.829 Disk 0 Windows 7 default MBR code
18:04:25.857 Disk 0 scanning sectors +488394752
18:04:25.873 Disk 0 scanning C:\Windows\system32\drivers
18:04:29.429 Service scanning
18:04:30.412 Disk 0 trace - called modules:
18:04:30.428 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x867211ed]<<
18:04:30.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f96e0]
18:04:30.443 3 CLASSPNP.SYS[8b9ac59e] -> nt!IofCallDriver -> [0x864a1918]
18:04:30.443 5 ACPI.sys[8b2ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857dc908]
18:04:30.459 \Driver\atapi[0x864e7f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867211ed
18:04:30.459 Scan finished successfully
18:04:53.094 Disk 0 Windows 601 MBR fixed successfully
18:05:33.779 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
18:05:33.795 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR2.txt"


aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-02 10:11:45
-----------------------------
10:11:45.412 OS Version: Windows 6.1.7601 Service Pack 1
10:11:45.412 Number of processors: 8 586 0x1A04
10:11:45.412 ComputerName: MIDWESTMAIN UserName: LKH
10:11:49.312 Initialize success
10:11:56.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:11:56.145 Disk 0 Vendor: WDC_WD2500AAKS-00F0A0 12.01B02 Size: 238475MB BusType: 3
10:11:56.145 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:11:56.145 Disk 1 Vendor: ST3500410AS CC31 Size: 476940MB BusType: 3
10:11:56.145 Disk 2 \Device\Harddisk2\DR2 -> \Device\Sbp2\DMI &SAMSUNG SV0602H &0&00063a27_d401b227_Instance00
10:11:56.145 Disk 2 Vendor: DMI_____ 4.38 Size: 57277MB BusType: 4
10:11:58.220 Disk 0 MBR read successfully
10:11:58.220 Disk 0 MBR scan
10:11:58.220 Disk 0 Windows 7 default MBR code
10:12:00.248 Disk 0 scanning sectors +488394752
10:12:00.295 Disk 0 scanning C:\Windows\system32\drivers
10:12:15.536 Service scanning
10:12:18.360 Disk 0 trace - called modules:
10:12:18.360 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8672b1ed]<<
10:12:18.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866fb758]
10:12:18.375 3 CLASSPNP.SYS[8b9b459e] -> nt!IofCallDriver -> [0x8651c918]
10:12:18.391 5 ACPI.sys[8b2933d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857d8908]
10:12:18.391 \Driver\atapi[0x864d8298] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8672b1ed
10:12:18.406 Scan finished successfully
10:12:41.354 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
10:12:41.370 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR.txt"
10:13:04.012 Disk 0 Windows 601 MBR fixed successfully
10:13:25.150 Disk 0 MBR has been saved successfully to "C:\Users\LKH\Desktop\MBR.dat"
10:13:25.166 The log file has been saved successfully to "C:\Users\LKH\Desktop\aswMBR2.txt"

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 02 May 2011 - 02:00 PM

Hi,

that means we will need to fix the PC manually. Do you have your Windows CD?

Is this a preinstalled PC? A Dell or Lenovo for exmaple?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 May 2011 - 02:07 PM

have windows 7 pro disks

home-built pc

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 02 May 2011 - 04:13 PM

Hi,

let's run FixMBR from recovery console then:

Please insert your Windows 7 installation media into your CD-Rom/DVD drive and reboot your computer. During the reboot and at boot up you should see Press Any key to Boot from CD/DVD.... If you see that please press any key to continue and continue and follow the next set of instructions on "Using the Windows CD Disk to Access the Win7 WinRE Environment". If not, please follow the next set of instructions on "How to Configure the System to Boot from CD/DVD" and then follow the steps to "Using the Vista CD Disk to Access the Vista WinRE Environment ".

How to Configure the system to boot from CD/DVD

Some machines will automatically attempt boot from the CD if a CD is inserted, if that is the case, please skip the instructions below...
  • Please reboot your machine or turn it on (Without the CD)
  • As soon as the BIOS is loaded begin tapping tapping the F2 or F12 or perhaps F9, F10 or F11 (try all of them if unsure, starting with F2)
  • Different Machines have different keys.
  • This will bring up the configuration options, please use your arrow keys to go to the Boot Tab.
  • In the Boot tab, there should be instructions on your right-hand side on how to move your CD/DVD as the top or First Priority
  • After you have moved CD/DVD at the top/first priority, please make sure you SAVE AND EXIT <- Important
  • It will now exit with Configuration settings saved.
Using the Win7 CD Disk to Access the Win7 WinRE Environment
  • Insert the Windows Windows7 disk in your computer.
  • Restart your computer so you are booting off of the CD.
  • During the reboot and boot up you will get a message saying: "Press any key to boot from CD", press Enter on your keyboard.
  • Select your language options, Time and Keyboard and press Next
  • At the next prompt press Posted Image
  • Select your Operating System (Windows 7; the main one) from the list, and then press Next
  • Now press the Command Prompt option.
  • Enter the following code line by line one at a time and pressing enter on your keyboard on each line.
  • Wait for each command to be completed before continuing with the next one.
    bootrec /fixmbr
  • Press the Restart button Posted Image and remove your Windows 7 disk from the DVD drive. Windows should now begin to load.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 May 2011 - 04:39 PM

Performed the above....

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:52 PM

Posted 02 May 2011 - 04:47 PM

Hi,

how are the audio advertisements doing? Did they go away?
I see you already ran unhide.exe, did it bring your desktop and such back? What other issues are you currently having? (Eg is Windows update working)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 lkh

lkh
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 May 2011 - 04:53 PM

Myrti:

The audio ads and script errors are still occuring...

Got rid of the other issues before we started this process.

Larry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users