Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Recovery Virus (Hides files)


  • This topic is locked This topic is locked
49 replies to this topic

#1 irritatedraven

irritatedraven

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 23 May 2011 - 06:01 PM

Hi, thanks in advance for your help.
I have followed the instructions on http://www.bleepingcomputer.com/forums/topic34773.html

My problem is this. I was infected on three different occassions over the past couple months with several different rogue fake virus softwares.
Windows XP Security Alert
Windows XP Security center
Windows XP Recovery Console

The first two were relatively easy to irradicate but the recovery console basically crippled my computer. Although I was able to get most of it out, it still has left me with some residual permissions issues. Some of the folders in my start menue still show as empty allthough I can still go to my program files and open them and repin them to my start menu.

I have already followed instructions on how to reset folder visibility, it helped, but some still show empty. It also has effected my Microsoft Security Essentials, It wont update. Even with a reinstall.
When attempting an update I get the following error:

Virus and Spyware Definition update failed Error code:0x80070424
As well as it telling me that my windows automatic updates are turned off and when I try to turn them on in the console, it tells me it cant turn them on, and to go to the control panel to do so, but when I do this, they are actually turned on there.

I also noticed in my DDS.txt there is AVG still running. A while back I had a horrible problem with AVG conflict that caused major computer issues. I had paid version of AVG and uninstalled it. Used the uninstall tools, even had a computer geek friend remove anything related to AVG from my registry and it is still showing in that dds. So any help on how to completely rid of that would be extremely helpful as well.

Bonus, we have figured out the source of the virus, my husband from process of elimination figured out it was thedailywh.at so whatever you do do not patronize that site. It is just a photo site, funny, stupid, or gross pics that I guess you are taking your chances on if douchebags upload photos with viruses imbedded. I never go to the site, my computer would always get infectedd while I was at work and I was about to bean him a good one until he figured out where he was getting it. I was extremely frustrated it was penetrating my microsoft security essentials.

I actually had to purchase hitmanpro just to get hte windows xp recovery consol irradicated just to be able to get my computer to function at all to clean it at least a little bit. So when I did a reinstall of MSE it said I already had a maleware product installed, but I paid for it, so I didnt want to uninstall it. If you tell me it is ok to remove it, I will do so, but it fixed what MBAM was unable to.

I have attached the files as requested and your help is greatly appreciated!

R

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Renee at 22:49:11 on 2011-05-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.778 [GMT -4:00]
.
AV: AVG Anti-Virus *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
c:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Renee\Desktop\virus software\may 2011 fixes\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
dRunOnce: [RunNarrator] Narrator.exe
IE: FVDToolbar Add Page - c:\program files\fvd suite\addons\ie\FVDToolbar.dll/IECONTEXT.DLL.HTM
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\renee\application data\mozilla\firefox\profiles\uq8cuw1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\fvd suite\addons\firefox\components\fvd_connector.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\renee\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: FVD Suite Toolbar: {fa46cb24-1d5b-4048-911a-2857a0944395} - c:\program files\fvd suite\addons\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslafd197e6;MpKslafd197e6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0627d564-6834-4c64-867f-f691a3731bb7}\MpKslafd197e6.sys [2011-5-22 28752]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2008-8-4 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-8-4 56960]
S1 mdondwdq;mdondwdq;\??\c:\windows\system32\drivers\mdondwdq.sys --> c:\windows\system32\drivers\mdondwdq.sys [?]
S1 MpKsl1c577b29;MpKsl1c577b29;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b8d2b9-c894-4a70-b620-69d8e8e0d858}\mpksl1c577b29.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b8d2b9-c894-4a70-b620-69d8e8e0d858}\MpKsl1c577b29.sys [?]
S1 MpKsl3a9dfef0;MpKsl3a9dfef0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{524e6799-8275-418f-85a7-38796617a533}\mpksl3a9dfef0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{524e6799-8275-418f-85a7-38796617a533}\MpKsl3a9dfef0.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\windows\temp\sas_selfextract\sasdifsv.sys --> c:\windows\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\windows\temp\sas_selfextract\saskutil.sys --> c:\windows\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 BIOSCHK;BIOSCHK;\??\c:\windows\temp\tii24.tmp\disk1\bioschk.sys --> c:\windows\temp\tii24.tmp\disk1\BIOSCHK.SYS [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-14 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]
.
=============== File Associations ===============
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-05-22 13:22:16 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0627d564-6834-4c64-867f-f691a3731bb7}\MpKslafd197e6.sys
2011-05-22 13:22:13 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-22 13:21:50 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0627d564-6834-4c64-867f-f691a3731bb7}\mpengine.dll
2011-05-21 20:45:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-19 16:52:34 -------- d-----w- c:\documents and settings\renee\application data\SUPERAntiSpyware.com
2011-05-11 01:17:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-11 00:31:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-02 19:06:52 -------- d-----w- c:\documents and settings\renee\mcrtix
.
==================== Find3M ====================
.
2011-05-22 21:52:44 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-28 04:52:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-28 04:52:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-28 04:49:15 167424 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-03-20 03:53:15 9394 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2008-08-06 01:36:48 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-07-27 02:16:22 44814336 ----a-w- c:\program files\common files\Photoshop.exe
2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2004-08-20 03:26:54 1216 --sh--w- c:\windows\Twunk_16.dll
2004-08-20 03:26:54 1216 --sh--w- c:\windows\Twunk_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 22:50:52.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 24 May 2011 - 04:53 AM

:welcome: to BC!

I have already followed instructions on how to reset folder visibility

What instructions?

I need another set of logs for this.

Step 1.
CKSCanner:

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
OTL-scan:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside

    Use Company Name WhiteList
    Skip Microsoft Files
    Use No-Company Name WhiteList
    LOP Check
    Purity Check

  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    drivers32
    %USERPROFILE%\..\*.
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Step 3.
Things I would like to see in your reply:

  • The content of CKFiles.txt from step 1.
  • The content of OTL.txt and Extras.txt from step 2.

Edited by heir, 24 May 2011 - 04:59 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 11:15 AM

Since my last post, I received an answer to an email I sent to Microsoft Support due to my
Microsoft Security Essentials being invaded and my computer being infected over and above
their software and my updates being disabled as well as my windows security. In addition to
me advising them of the problems I posted here. In the interim of following their directions, The
windows recovery virus repaired itself and reinfested my computer. I had to start all over with
the repairs. My computer was such a hot mess I wasnt even able to come here to check my post.

I had to install yet another anti maleware that I paid 40 some bucks for just to enable my
computer to make it usable to follow the instructions given by microsoft. I researched the xp
recovery and found that 'Gridlin Soft Trojen Killer' was a reliable software to remove it. There
was also instructions with video on how to edit registry to get my desktop back and unhinder
my start functions. However some files still are showing as 'empty' even though they are not,
I can go and get them the long way by going to my computer, program files etc etc.
But I would like the start menu repaired if at all possible.

I have reran the instructions here and have new logs for review. Sorry I had to redo these
things but I was reinfected and things changed before I could get back to the forum.
Microsoft Security Essentials support instructed me to update via their link, since my updates
were blocked, then run a full system scan, which found nothing after I ran the Gridlin soft.
also had video instructions on how to edit registry to remove desktop blocks and unhinder
Here:

http://trojan-killer.net/how-to-uninstall-windows-xp-recovery-virus-automatic-and-manual-guid
e-on-removal-of-windows-xp-recovery-scam/

Then I was at a place where I could follow the email instructions from Microsoft support, as

follows:

I used the manual update from
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
To make sure I had the most recent version of Microsoft Security Essentials since I wasn't able
to update.

Microsoft Security Essentials full scan found nothing threatening.

I ran MBAM new updated version, nothing found

Then ran online scan from http://www.eset.com/us/online-scanner/run
(found & cleaned some things)

Then Kaspersky from http://www.kaspersky.com/virusscanner
(online scan unavailable instructed to download fully functioning 30 day trial
It also found and removed a few problems.

On trouble shooting steps, in the email instructed me to check the time and date
the time date was correct

I then reset my Internet explorer browser settings

Internet Explorer was already my default browser

At the command prompt step when entering netsh winhttp reset proxy it gave an error
"netsh winhttp reset proxy" can not be found. When I tried again to update my Microsoft
security essentials, I got the same error as before.

Then I used the http://go.microsoft.com/?linkid=9665683

This prompted a restart of my computer and when my computer restarted I was able to update
my Microsoft security essentials and my windows update worked as well.

The only residual problem is there are still some folders in my start that show as 'empty' when
I mouse over them.

Now I am reposting the files that I have rerun since my microsoft fix to see if there is any
residual issues besides the empty folders on my start bar.

I already found the tools online in thread

http://www.bleepingcomputer.com/forums/topic399439.html (restore admin and restore

assessories) It didnt work.

I'm going to rerun the diagnostics I ran before now and be back to repost. Sorry again for the redo, I had no choice do to the reinfestation.

#4 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 11:42 AM

Since I did my reset internet options, I no longer have the 'attach function' on this forum. I had this problem a long time ago when I posted here. How do I reinable that?
I figure you would like my updated logs before we proceed with your new instructions, I think my computer is fairly cleaned since I am now able to update my microsoft security essentials and my windows security is now properly functioning as well, so I should be able to move on with your instructions from this point.

Im posting my DDS log, I can't attach my attach file since I dont have the attach function present and the GMER is currently running. It seems to take forever.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Renee at 12:22:15 on 2011-05-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1040 [GMT -4:00]
.
AV: AVG Anti-Virus *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Kaspersky Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Renee\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
dRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\renee\application data\mozilla\firefox\profiles\uq8cuw1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\fvd suite\addons\firefox\components\fvd_connector.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\renee\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_IEGetPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: FVD Suite Toolbar: {fa46cb24-1d5b-4048-911a-2857a0944395} - c:\program files\fvd suite\addons\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-5-26 475736]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl4ecda201;MpKsl4ecda201;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddf95c79-31f9-402b-b2a9-d7ea114b96bc}\MpKsl4ecda201.sys [2011-5-26 28752]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2008-8-4 45696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2008-8-4 56960]
S1 mdondwdq;mdondwdq;\??\c:\windows\system32\drivers\mdondwdq.sys --> c:\windows\system32\drivers\mdondwdq.sys [?]
S1 MpKsl1c577b29;MpKsl1c577b29;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b8d2b9-c894-4a70-b620-69d8e8e0d858}\mpksl1c577b29.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67b8d2b9-c894-4a70-b620-69d8e8e0d858}\MpKsl1c577b29.sys [?]
S1 MpKsl3a9dfef0;MpKsl3a9dfef0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{524e6799-8275-418f-85a7-38796617a533}\mpksl3a9dfef0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{524e6799-8275-418f-85a7-38796617a533}\MpKsl3a9dfef0.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\windows\temp\sas_selfextract\sasdifsv.sys --> c:\windows\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\windows\temp\sas_selfextract\saskutil.sys --> c:\windows\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 BIOSCHK;BIOSCHK;\??\c:\windows\temp\tii24.tmp\disk1\bioschk.sys --> c:\windows\temp\tii24.tmp\disk1\BIOSCHK.SYS [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-14 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]
.
=============== File Associations ===============
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-05-26 15:48:41 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddf95c79-31f9-402b-b2a9-d7ea114b96bc}\MpKsl4ecda201.sys
2011-05-26 15:18:05 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddf95c79-31f9-402b-b2a9-d7ea114b96bc}\mpengine.dll
2011-05-26 06:12:32 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2011-05-26 06:12:27 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-05-26 06:12:08 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-26 06:12:08 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-26 06:10:11 -------- d-----w- c:\program files\Kaspersky Lab
2011-05-26 06:10:11 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-05-26 06:05:45 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-05-25 23:36:20 -------- d-----w- c:\program files\ESET
2011-05-25 03:12:14 141120 ----a-w- c:\program files\unhider.exe
2011-05-22 13:22:13 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-21 20:45:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-19 16:52:34 -------- d-----w- c:\documents and settings\renee\application data\SUPERAntiSpyware.com
2011-05-11 01:17:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-11 00:31:30 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-02 19:06:52 -------- d-----w- c:\documents and settings\renee\mcrtix
.
==================== Find3M ====================
.
2011-05-25 15:02:36 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-28 04:52:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-28 04:52:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-28 04:49:15 167424 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-03-20 03:53:15 9394 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2008-08-06 01:36:48 262144 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2008-07-27 02:16:22 44814336 ----a-w- c:\program files\common files\Photoshop.exe
2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2004-08-20 03:26:54 1216 --sh--w- c:\windows\Twunk_16.dll
2004-08-20 03:26:54 1216 --sh--w- c:\windows\Twunk_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 12:29:26.78 ===============

#5 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 26 May 2011 - 12:26 PM

Since my last post, I received an answer to an email I sent to Microsoft Support due to my
Microsoft Security Essentials being invaded and my computer being infected over and above
their software and my updates being disabled as well as my windows security. In addition to
me advising them of the problems I posted here. In the interim of following their directions, The
windows recovery virus repaired itself and reinfested my computer. I had to start all over with
the repairs. My computer was such a hot mess I wasnt even able to come here to check my post.

Seeking help from two locations simultaneously is never a good idea. And following instructions from two locations at the same time is even worse.
Hopefully you haven't run any tool that empties the temp location. If you have there isn't much hope getting the Start menu and Desktop icons back.


I had to install yet another anti maleware that I paid 40 some bucks for just to enable my
computer to make it usable to follow the instructions given by microsoft. I researched the xp
recovery and found that 'Gridlin Soft Trojen Killer' was a reliable software to remove it. There
was also instructions with video on how to edit registry to get my desktop back and unhinder
my start functions. However some files still are showing as 'empty' even though they are not,
I can go and get them the long way by going to my computer, program files etc etc.
But I would like the start menu repaired if at all possible.

There is seldom need to buy a software for this. Seeking help at forums like this and follow the directions laid out to your issue usually solves them.



I have reran the instructions here and have new logs for review. Sorry I had to redo these
things but I was reinfected and things changed before I could get back to the forum.
Microsoft Security Essentials support instructed me to update via their link, since my updates
were blocked, then run a full system scan, which found nothing after I ran the Gridlin soft.
also had video instructions on how to edit registry to remove desktop blocks and unhinder
Here:

h ttp://trojan-killer.net/how-to-uninstall-windows-xp-recovery-virus-automatic-and-manual-guid
e-on-removal-of-windows-xp-recovery-scam/

That site gets blocked by WOT - Web Of Trust, flagging it as a bad site. Those instructions can't be trusted. Video instructions is also something that in general should be avoided to follow, especially on Youtube.

I used the manual update from
http://www.microsoft.com/security/portal/Definitions/ADL.aspx
To make sure I had the most recent version of Microsoft Security Essentials since I wasn't able
to update.

Microsoft Security Essentials full scan found nothing threatening.

Hopefully it didn't empty the temp location.

hen ran online scan from http://www.eset.com/us/online-scanner/run
(found & cleaned some things)

If the tool isn't uninstall the files are quarantined



Then Kaspersky from http://www.kaspersky.com/virusscanner
(online scan unavailable instructed to download fully functioning 30 day trial
It also found and removed a few problems.

Hopefully the temp folder is intact.



On trouble shooting steps, in the email instructed me to check the time and date
the time date was correct

I then reset my Internet explorer browser settings

Internet Explorer was already my default browser

At the command prompt step when entering netsh winhttp reset proxy it gave an error
"netsh winhttp reset proxy" can not be found. When I tried again to update my Microsoft
security essentials, I got the same error as before.

Then I used the http://go.microsoft.com/?linkid=9665683

This prompted a restart of my computer and when my computer restarted I was able to update
my Microsoft security essentials and my windows update worked as well.

An infected computer should in general NEVER be updated through Windows update until its clean.


The only residual problem is there are still some folders in my start that show as 'empty' when
I mouse over them.

Now I am reposting the files that I have rerun since my microsoft fix to see if there is any
residual issues besides the empty folders on my start bar.

I already found the tools online in thread

http://www.bleepingcomputer.com/forums/topic399439.html (restore admin and restore

assessories) It didnt work.

I'm going to rerun the diagnostics I ran before now and be back to repost. Sorry again for the redo, I had no choice do to the reinfestation.

Never ever follow instructions laid out to another computer.


And Again if you have emptied the temp folder along the way there isn't much hope I can give you.

If the temp locations are empty then the menu system has to be rebuilt.


Let's see what's left on this computer and what's hidden.

Please list the tools you used to try to solve this issue in case the tool have quarantined the temp location.


I have already followed instructions on how to reset folder visibility

What instructions?

I need another set of logs for this.

Step 1.
CKSCanner:

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
OTL-scan:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside

    Use Company Name WhiteList
    Skip Microsoft Files
    Use No-Company Name WhiteList
    LOP Check
    Purity Check

  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    drivers32
    %USERPROFILE%\..\*.
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Step 3.
Things I would like to see in your reply:

  • The content of CKFiles.txt from step 1.
  • The content of OTL.txt and Extras.txt from step 2.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#6 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 12:57 PM

Seeking help from two locations simultaneously is never a good idea. And following instructions from two locations at the same time is even worse.
Hopefully you haven't run any tool that empties the temp location. If you have there isn't much hope getting the Start menu and Desktop icons back.

I know I know, forgive me, but I had sent the email to microsoft security essentials support before posting and it took them forever to respond and I didnt think they were even going to. Since they are who my security software is thorugh I figured their support would have proper instructions and I got reinfested and was unable to get back to this forum to even check for a reply. I'm sorry. But I was able to access my email and click links in the email, but I had no explorer on my desktop due to the reinfestation of the recovery virus that blanks out your desktop and start bar.

There is seldom need to buy a software for this. Seeking help at forums like this and follow the directions laid out to your issue usually solves them.

It was out of sheer desperation. MBAM and spybot had been run several times and although each time they would find issues, they werent clearing the problem completely and it kept repairing itself and reinfesting. After using the glidensoft and I researched glidensoft to make sure it wasnt a rogue software itself. The video simply showed how to unhinder the desktop blocking by editing registry by changing a 1 to 0 on hkey user desktop and menu and it did work to some extent.

Unfortunately I did clean out my temp files on the first time I was infected. I guess this is really a non issue just annoying since all the programs are still there, I just have to go to the program files to open them instead of being able to quick start them. So we can just forget about that as long as my computer is safe I dont really care about the annoyance.

An infected computer should in general NEVER be updated through Windows update until its clean.

Im hoping it is clean, that was the last step in the email that actually worked to reset my permissions for my virus software.

I have used MBAM, Spybot, True Cloud Hitman Pro 3.5, Gridlansoft Trojan Killer, and the files listed above. When I stated in the previous post I have already followed instructions on how to reset folder visibility, I meant changing the folder options in the control panel that had been altered by the virus.

#7 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 26 May 2011 - 01:08 PM

Please do the steps any way, we might be lucky and the temp location we need might be in place. The results from those scans will tell us.

We need to clean the computer even if there are no desktop icons or start menu items.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#8 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 01:23 PM

what steps is it you want me to do? The ones you posted after my initial post?

Do you not need to see my reran logs? Again, I have no attach function on the forum now for some reason. Oh and on the GMER, this happened the first time I ran it, the initial run it takes forever and a good ways through it crashes my computer and it shuts down. The second time it actually finished. When I was running it this time, the same thing happened. It just crashed and so it didnt complete. Do you not need to see the rerun of those posts? attach and gmer?

If you do Im going to have to get them to you another way other than attaching them to this post.

Also again I need that AVG that is showing in the DDS irradicated from this computer Im sure it still hanging in my computer is likely causing a conflict somewhere. Also after we are all done with this please let me know what I can get rid of so I dont have a lot of virus things running on my unit, I know too many can be a bad thing.

#9 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 26 May 2011 - 01:29 PM

The numbered steps last in post #5 which is the same as in post #2

Edited by heir, 26 May 2011 - 01:29 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#10 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 01:42 PM

n data\azureus\torrents\microsoft office professional 2007 crack + keygen activation (include updates)-torrentzap[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\microsoft_office_enterprise_2007__keys_and_keygen.5624395.tpb[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\[isohunt] corel_videostudio_pro_x3_keygen.5314173.tpb[1].torrent
c:\documents and settings\renee\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\renee\favorites\youtube - assassin's creed crack.url
c:\documents and settings\renee\favorites\youtube - spongebob is on crack.url
c:\documents and settings\renee\favorites\youtube - spongebob on crack.url
c:\documents and settings\renee\favorites\kg\keygens.nl - generates cracks serials keygens for the software to unlock it for free.url
c:\documents and settings\renee\favorites\links\cracked.com - america's only humor & video site since 1958 cracked.url
c:\documents and settings\renee\favorites\links\get crackin'#sidebar_video_thumb_1534#sidebar_video_thumb_1534.url
c:\documents and settings\renee\favorites\links\youtube - how to crack an egg.url
c:\documents and settings\renee\my documents\azureus downloads\honestech_video_editor_7.0 retail\honestech video editor 7.0 retail\keygen.exe
c:\documents and settings\renee\my documents\my pictures\gothic butterflys, dragons, ravens\vectors\iheartvector-free-texure-cracked-paint.zip
c:\documents and settings\renee\shared\adobe photoshop cs4 keygen disable activation.rar
c:\program files\adobe\adobe photoshop cs3\presets\brushes\anodyne-stock_cracks.abr
c:\program files\adobe\adobe photoshop cs3\presets\brushes\crispy-cracks-thb.abr
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files\corel\coreldraw graphics suite x5\custom data\bumpmap\cracks.cpt
c:\program files\corel\graphics9\custom\bumpmap\cracks.cpt
c:\program files\corel\graphics9\custom\canvas\cracks2c.pcx
c:\program files\corel\graphics9\custom\tiles\cracks2m.cpt
c:\program files\corel\graphics9\photopnt\scripts\effects\086 bump map cracks.csc
c:\program files\jasc software inc\paint shop pro 8\brushes\cracks.pspimage
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
c:\program files\nova development\photo explosion deluxe 3.0\project category\photo frames\general\green crackle.tpx
c:\program files\nova development\photo explosion deluxe 3.0\project category\photo frames\general\mountain crackle.tpx
c:\program files\nova development\photo explosion deluxe 3.0\project category\postcards\business\cracked mud.tpx
scanner sequence 3.ZZ.11
----- EOF -----

proceeding with step two
Just realized my printer is not functioning, get a wierd script error when trying to print AHHH
Got to go pick up my kids at the bus stop, will be back to write down the instructions long hand so I can close windows and run the next step.
Thanks again for your patience with me heir.

#11 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 01:44 PM

ps I dont know what that microsoft office crack thing is, I have open office on my computer, unless someone else in my house has tried to download something and that got in there.
The other cracks are photoshop brushes

#12 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 02:05 PM

I just cleared everything out of that azurus torrents folder. I didnt even know that stuff was there. I used Azurus to watch True Blood, because I dont have HBO, download the show after it airs. I knew it had a share feature on it, but I didnt know that stuff was on my computer. It is now deleted. I feel dirty ew!

Edited by irritatedraven, 26 May 2011 - 02:06 PM.


#13 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 26 May 2011 - 02:24 PM

Please rerun CK Scanner and post the complete log this time.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#14 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 02:45 PM

That was the complete log unless I didnt select it all, I still have it on my desktop I can grab it again.

Oops my bad, I just didnt have it all selected, sorry

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\local settings\application data\im\sound\tchaikovsky_the_nutcracker.imw
c:\documents and settings\all users\application data\incredimail\data\animation\firecracker.ima
c:\documents and settings\all users\application data\incredimail\data\setupdata\sound\tchaikovsky_the_nutcracker.imw
c:\documents and settings\all users\application data\incredimail\data\sound\tchaikovsky_the_nutcracker.imw
c:\documents and settings\renee\application data\azureus\torrents\adobe.photoshop.cs5.extended.v12.keygen.only.embrace-deantjah.5523657.tpb[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\adobe_photoshop__cs3__extended_version_latest_newest_crack_keygen_keymaker_serial_[mininova][1].torrent
c:\documents and settings\renee\application data\azureus\torrents\avs_video_editor___crack.3963151.tpb_[mininova][1].torrent
c:\documents and settings\renee\application data\azureus\torrents\corel_draw_x5_with_keygen-_=demonoid.com=_[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\corel_paintshop_pro_x2_(v-12)+keygen-heartbug_[mininova][1].torrent
c:\documents and settings\renee\application data\azureus\torrents\microsoft office 2007 full keygen ( vista comp )[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\microsoft office professional 2007 crack + keygen activation (include updates)-torrentzap[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\microsoft_office_enterprise_2007__keys_and_keygen.5624395.tpb[1].torrent
c:\documents and settings\renee\application data\azureus\torrents\[isohunt] corel_videostudio_pro_x3_keygen.5314173.tpb[1].torrent
c:\documents and settings\renee\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\renee\favorites\youtube - assassin's creed crack.url
c:\documents and settings\renee\favorites\youtube - spongebob is on crack.url
c:\documents and settings\renee\favorites\youtube - spongebob on crack.url
c:\documents and settings\renee\favorites\kg\keygens.nl - generates cracks serials keygens for the software to unlock it for free.url
c:\documents and settings\renee\favorites\links\cracked.com - america's only humor & video site since 1958 cracked.url
c:\documents and settings\renee\favorites\links\get crackin'#sidebar_video_thumb_1534#sidebar_video_thumb_1534.url
c:\documents and settings\renee\favorites\links\youtube - how to crack an egg.url
c:\documents and settings\renee\my documents\azureus downloads\honestech_video_editor_7.0 retail\honestech video editor 7.0 retail\keygen.exe
c:\documents and settings\renee\my documents\my pictures\gothic butterflys, dragons, ravens\vectors\iheartvector-free-texure-cracked-paint.zip
c:\documents and settings\renee\shared\adobe photoshop cs4 keygen disable activation.rar
c:\program files\adobe\adobe photoshop cs3\presets\brushes\anodyne-stock_cracks.abr
c:\program files\adobe\adobe photoshop cs3\presets\brushes\crispy-cracks-thb.abr
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files\corel\coreldraw graphics suite x5\custom data\bumpmap\cracks.cpt
c:\program files\corel\graphics9\custom\bumpmap\cracks.cpt
c:\program files\corel\graphics9\custom\canvas\cracks2c.pcx
c:\program files\corel\graphics9\custom\tiles\cracks2m.cpt
c:\program files\corel\graphics9\photopnt\scripts\effects\086 bump map cracks.csc
c:\program files\jasc software inc\paint shop pro 8\brushes\cracks.pspimage
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
c:\program files\nova development\photo explosion deluxe 3.0\project category\photo frames\general\green crackle.tpx
c:\program files\nova development\photo explosion deluxe 3.0\project category\photo frames\general\mountain crackle.tpx
c:\program files\nova development\photo explosion deluxe 3.0\project category\postcards\business\cracked mud.tpx
scanner sequence 3.ZZ.11
----- EOF -----

Mininova is an old site, that no longer has filesharing, that is where I was getting my True Blood files from. Evidently I was being used as a share link. BTW when I first became infected, prior to that I had noticed when I was posting on twitter, it would say I was posting from Alabama and I'm in WV. When I began trouble shooting my issues, I went into my computer properties under the remote tab 'allow remote assistance' was toggled and under advanced allow my computer to be controlled remotely was also toggled. This could have been how I was initially infected. I untoggled both of those immediately.

AGAIN all the azurus crack questionable files are now deleted the folder is empty

OTL logfile created on: 5/26/2011 3:18:20 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Renee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 63.32% Memory free
5.58 Gb Paging File | 5.01 Gb Available in Paging File | 89.78% Paging File free
Paging file location(s): D:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 63.62 Gb Free Space | 42.69% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 46.12 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: RENEE-2B2078250 | User Name: Renee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 15:08:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee\Desktop\OTL.exe
PRC - [2011/03/28 00:52:44 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 11:29:42 | 000,221,239 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\ECSXPV_5902_012208\WDM\stacsv.exe
PRC - [2008/03/25 11:26:58 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 15:08:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee\Desktop\OTL.exe
MOD - [2011/03/28 00:53:12 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 10:59:44 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/05/12 16:25:36 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/01/19 22:18:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/04 00:19:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/03/25 11:29:42 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\ECSXPV_5902_012208\WDM\stacsv.exe -- (STacSV)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2011/05/26 14:12:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDF95C79-31F9-402B-B2A9-D7EA114B96BC}\MpKsl77ace554.sys -- (MpKsl77ace554)
DRV - [2011/05/26 11:48:41 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DDF95C79-31F9-402B-B2A9-D7EA114B96BC}\MpKsl4ecda201.sys -- (MpKsl4ecda201)
DRV - [2011/05/26 02:09:43 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/28 08:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/21 12:52:42 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/03/25 11:32:12 | 001,292,888 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/11 08:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/07/20 13:40:10 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/17 17:40:20 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/07/17 17:40:14 | 000,034,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/05/23 17:00:26 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/07/15 15:02:41 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/07/15 15:02:30 | 000,045,696 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.16
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {fa46cb24-1d5b-4048-911a-2857a0944395}:1.0.16
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.2.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="


FF - HKLM\software\mozilla\Firefox\Extensions\\{fa46cb24-1d5b-4048-911a-2857a0944395}: C:\Program Files\FVD Suite\addons\Firefox [2011/01/05 10:56:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/28 00:53:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/21 06:48:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/21 06:48:07 | 000,000,000 | ---D | M]

[2008/07/30 01:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Extensions
[2011/05/26 13:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions
[2010/10/13 22:10:12 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/10/13 22:10:15 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/10/13 22:10:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 01:42:44 | 000,000,000 | ---D | M] (GrabPro) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
[2009/09/08 01:42:43 | 000,000,000 | ---D | M] (mediaDownloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{4dffd90c-a059-437c-99dd-d71975f219ba}
[2009/09/08 01:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{61511f82-5694-4c77-a030-874128bfa3bf}
[2010/10/13 22:10:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/05 10:13:24 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/01/05 10:13:27 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/02/12 23:54:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/05 10:13:24 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/03/08 23:34:50 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\anttoolbar@ant.com
[2011/01/05 10:13:26 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\artur.dubovoy@gmail.com
[2009/09/08 01:42:44 | 000,000,000 | ---D | M] (EasyVideo/MusicGrab Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\easyvideodownloader@gmail.com
[2009/09/08 01:42:44 | 000,000,000 | ---D | M] (GTV Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\gtvdownloader@markus.jungbluth
[2010/01/14 14:07:33 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\max@subfighter.com
[2011/02/07 00:23:46 | 000,000,000 | ---D | M] (MP4 Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\mp4downloader@jeff.net
[2011/01/05 10:13:23 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\video.downloader.plugin@ffpimp.com
[2010/10/13 22:10:18 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/09/04 14:31:30 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\searchplugins\bing-zugo.xml
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\searchplugins\MySpace.xml
[2010/10/26 15:01:46 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\searchplugins\MyStart Search.xml
[2011/05/26 13:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/20 20:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/13 23:46:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 14:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 02:12:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/26 02:12:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/05/26 02:12:27 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011/03/28 00:53:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/01/05 10:56:54 | 000,000,000 | ---D | M] ("FVD Suite Toolbar") -- C:\PROGRAM FILES\FVD SUITE\ADDONS\FIREFOX
[2010/07/13 23:46:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/22 18:50:44 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/05/12 16:25:36 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2010/07/12 23:54:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - File not found
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O19 - User stylesheet: User Stylesheet - Reg Error: Value error.
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Renee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/21 22:58:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "avg9emc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe - (Amazon.com)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing LP)
MsConfig - StartUpFolder: C:^Documents and Settings^Renee^Start Menu^Programs^Startup^Corel Registration.lnk - C:\Program Files\Corel\Graphics9\Register\Remind32.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Renee^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Renee^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BOC-427 - hkey= - key= - File not found
MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
MsConfig - StartUpReg: gllAlojxDhPq - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: yiMjvSkpKyOa - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 15:08:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Renee\Desktop\OTL.exe
[2011/05/26 14:11:02 | 000,341,504 | ---- | C] (Windows ® XP DDK provider) -- C:\WINDOWS\System32\hpojgpwia.dll
[2011/05/26 14:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\hp officejet 7100 series corporate driver
[2011/05/26 14:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\HP TWAIN Data Source
[2011/05/26 14:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\HP Officejet 7100 Series_WebPack_English_WinXP
[2011/05/26 12:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renee\Desktop\gmer
[2011/05/26 12:18:01 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Renee\Desktop\dds.scr
[2011/05/26 02:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/05/26 02:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/05/26 02:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/05/26 02:09:42 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/05/26 02:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/05/25 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/25 16:26:34 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Renee\Desktop\mbam-setup.exe
[2011/05/24 23:12:14 | 000,141,120 | ---- | C] (GridinSoft) -- C:\Program Files\unhider.exe
[2011/05/24 22:26:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Renee\Recent
[2011/05/21 16:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/19 12:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renee\Application Data\SUPERAntiSpyware.com
[2011/05/10 21:17:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/02 15:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Renee\mcrtix
[2011/04/30 17:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/08/07 01:00:53 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
[2008/08/06 17:16:58 | 044,814,336 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\Common Files\Photoshop.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 15:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{31FDA33F-ED3C-4564-9B7D-21E9E050423F}.job
[2011/05/26 15:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 15:08:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee\Desktop\OTL.exe
[2011/05/26 14:29:40 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Renee\Desktop\CKScanner.exe
[2011/05/26 14:17:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/26 14:13:47 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 14:13:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/26 14:13:47 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-527237240-725345543-1004.job
[2011/05/26 14:12:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 14:12:46 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/05/26 14:10:18 | 000,000,196 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2011/05/26 14:10:10 | 000,000,408 | ---- | M] () -- C:\WINDOWS\setup.iss
[2011/05/26 14:09:53 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-527237240-725345543-1004.job
[2011/05/26 12:18:01 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Renee\Desktop\dds.scr
[2011/05/26 11:45:30 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Renee\Desktop\Windows XP Tips - Ramesh.url
[2011/05/26 05:18:47 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/26 05:18:47 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/26 02:09:43 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/05/25 16:26:39 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Renee\Desktop\mbam-setup.exe
[2011/05/25 11:02:36 | 000,006,580 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/05/24 23:11:57 | 000,141,120 | ---- | M] (GridinSoft) -- C:\Program Files\unhider.exe
[2011/05/24 23:03:05 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2011/05/24 22:26:43 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18538276r
[2011/05/24 22:26:43 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18538276
[2011/05/24 18:18:00 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18538276
[2011/05/22 22:56:26 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Renee\Desktop\gmer.zip
[2011/05/22 22:35:29 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Renee\Desktop\Defogger.exe
[2011/05/22 22:23:34 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/22 22:17:31 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/22 22:04:42 | 000,017,742 | -HS- | M] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/22 22:04:42 | 000,017,742 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/22 16:49:38 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2011/05/22 14:50:51 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/21 16:46:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/21 10:45:34 | 000,017,248 | -HS- | M] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\462siw7cfe
[2011/05/21 10:45:34 | 000,017,248 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\462siw7cfe
[2011/05/19 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/19 10:19:52 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472740r
[2011/05/19 10:19:52 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472740
[2011/05/19 09:43:10 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18472740
[2011/05/16 11:41:58 | 000,036,487 | ---- | M] () -- C:\Documents and Settings\Renee\Desktop\CBURGAMPstat.png
[2011/05/12 21:05:01 | 002,541,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 15:22:19 | 002,445,855 | ---- | M] () -- C:\Documents and Settings\Renee\My Documents\DSCS950_handbook.pdf
[2011/05/11 02:12:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/10 20:26:03 | 000,015,420 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sh5gy611u40h
[2011/05/10 20:26:02 | 000,015,420 | -HS- | M] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\sh5gy611u40h
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/26 14:29:44 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Renee\Desktop\CKScanner.exe
[2011/05/26 14:11:03 | 000,054,159 | ---- | C] () -- C:\WINDOWS\ReadMe.htm
[2011/05/26 14:10:18 | 000,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/05/26 14:10:10 | 000,000,408 | ---- | C] () -- C:\WINDOWS\setup.iss
[2011/05/26 11:45:30 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Renee\Desktop\Windows XP Tips - Ramesh.url
[2011/05/26 02:12:08 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/05/26 02:12:08 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/05/24 21:10:28 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18538276r
[2011/05/24 21:10:28 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18538276
[2011/05/24 18:18:00 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18538276
[2011/05/22 22:56:24 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Renee\Desktop\gmer.zip
[2011/05/22 22:35:29 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Renee\Desktop\Defogger.exe
[2011/05/22 22:02:36 | 000,017,742 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/22 22:02:35 | 000,017,742 | -HS- | C] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\851qv5n3u157k8101m7f12br0n22
[2011/05/21 16:51:14 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/21 06:36:34 | 000,017,248 | -HS- | C] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\462siw7cfe
[2011/05/21 06:36:34 | 000,017,248 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\462siw7cfe
[2011/05/19 09:43:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472740r
[2011/05/19 09:43:16 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472740
[2011/05/19 09:43:10 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18472740
[2011/05/16 11:41:58 | 000,036,487 | ---- | C] () -- C:\Documents and Settings\Renee\Desktop\CBURGAMPstat.png
[2011/05/11 15:22:19 | 002,445,855 | ---- | C] () -- C:\Documents and Settings\Renee\My Documents\DSCS950_handbook.pdf
[2011/05/10 20:31:30 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/10 09:30:58 | 000,015,420 | -HS- | C] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\sh5gy611u40h
[2011/05/10 09:30:58 | 000,015,420 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sh5gy611u40h
[2011/03/28 00:49:15 | 000,167,424 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/26 21:28:31 | 000,000,220 | -HS- | C] () -- C:\WINDOWS\dwin.sys
[2010/10/20 14:25:27 | 000,002,723 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2010/10/20 14:21:40 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2010/10/06 16:23:12 | 000,110,268 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/14 18:46:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/01 08:10:48 | 000,711,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/18 16:23:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6375D7699B.sys
[2010/05/08 03:34:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\eappgnui.dll
[2010/03/18 01:56:16 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/03/18 01:01:07 | 000,069,442 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/03/18 01:01:07 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2010/03/17 02:13:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\prvlcl.dat
[2010/01/25 01:12:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/01/11 19:42:33 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/07 18:56:42 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/09/09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/09/07 12:47:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/18 22:19:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/29 17:37:22 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2009/04/21 19:12:36 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Renee\Application Data\AVIEncoder.wff
[2009/01/19 01:44:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\fusioncache.dat
[2009/01/16 14:45:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/11/03 01:43:25 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2008/08/21 09:37:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/08/21 09:37:54 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/08/21 09:37:54 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/08/14 18:05:57 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/08/14 18:05:56 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2008/08/08 23:17:28 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2008/08/06 05:14:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008/08/04 20:10:17 | 000,009,394 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/08/04 20:10:17 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\4FCC7662BC.sys
[2008/08/04 19:16:59 | 000,000,248 | RHS- | C] () -- C:\WINDOWS\System32\4FCC7662BC.sys
[2008/08/04 19:16:56 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/31 20:25:20 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/30 01:27:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/30 01:26:27 | 000,069,044 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/07/30 01:26:27 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2008/07/17 20:23:36 | 000,174,818 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/21 23:36:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/21 23:32:16 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Renee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 23:00:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/05/21 22:56:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/21 18:48:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/21 18:48:51 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdru1.dll
[2008/05/21 18:46:11 | 002,541,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/22 05:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/22 03:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,458,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,076,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\mprddm.dll
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/23 18:48:16 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[1996/02/23 17:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 15:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== LOP Check ==========

[2010/01/24 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/10/07 20:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2008/08/05 21:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/01 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream
[2011/05/10 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/08/10 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/08/10 13:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/06/22 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/09/07 22:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/19 19:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/05/19 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/12/22 10:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2009/02/16 23:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/02/17 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2009/04/26 16:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/05/12 20:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/05/08 15:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/07 21:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/06/22 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/19 22:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/10/07 22:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2011/03/29 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Amazon
[2009/12/28 01:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Ascentive
[2010/02/09 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\AVSMedia
[2011/05/22 17:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Azureus
[2008/08/14 17:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Bitstream
[2009/10/08 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Blitware
[2010/01/25 00:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Broad Intelligence
[2008/08/15 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/22 10:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\com.shockhound.software.download-manger.B6435ACE1916B5B8703C09D0A128CCB1AFA792F8.1
[2009/10/08 19:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\DeviceDoctorSoftware
[2010/08/22 18:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\E-centives
[2009/05/20 21:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Eyeblaster
[2008/09/15 19:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Filter Forge
[2011/01/05 10:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\FVDToolbar
[2011/01/27 21:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\GetRightToGo
[2009/09/08 01:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\GrabPro
[2009/04/23 17:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Image Zone Express
[2008/12/20 16:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\ImTOO Software Studio
[2009/05/05 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\IMVU
[2008/09/06 13:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\IMVUClient
[2008/09/01 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Jasc
[2010/03/18 00:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Leadertech
[2011/03/14 03:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\MP3Rocket
[2008/10/19 19:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\NCH Swift Sound
[2011/01/20 20:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\OpenOffice.org
[2010/10/06 16:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\prankhouse
[2010/02/13 22:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Smart SWF Converter
[2008/08/06 21:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Thinstall
[2010/10/29 21:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Ulead Systems
[2008/07/27 22:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Windows Desktop Search
[2008/07/31 00:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Windows Search
[2010/06/06 04:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Xilisoft
[2009/06/24 16:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\YouSendIt
[2011/05/26 14:17:54 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/05/26 15:25:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{31FDA33F-ED3C-4564-9B7D-21E9E050423F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %USERPROFILE%\..\*. >
[2010/07/15 23:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\..\Administrator
[2008/05/21 22:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\..\All Users
[2010/09/07 03:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\..\Default User
[2010/07/16 18:56:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Renee\..\LocalService
[2010/07/13 18:58:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Renee\..\NetworkService
[2011/05/25 00:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\..\Renee
[2010/10/22 00:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\..\weight loss

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/10/11 13:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/01/24 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/01/17 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2010/08/17 03:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/03/24 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/07 20:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2009/10/07 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/07/27 16:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/08/05 21:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/06/01 16:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2010/07/01 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream
[2010/06/30 22:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/05/14 22:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011/03/24 21:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/05/10 21:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/29 17:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/08/10 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/08/10 13:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/06/22 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/05/26 14:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/05/26 02:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/08/07 18:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/28 04:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/12/04 00:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2008/08/08 21:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/29 05:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/01/31 01:41:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/03/22 16:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/07 22:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/19 19:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/12 16:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/10/11 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011/02/28 16:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/05/19 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/12/22 10:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2009/02/16 23:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/02/17 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2009/04/26 16:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/06/30 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Protexis
[2011/05/18 01:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/04/01 22:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RealArcade
[2010/05/12 20:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/05/21 20:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/11 15:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008/08/08 19:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/10/11 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/05/08 15:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/07 21:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/06/22 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/05/21 23:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/01/19 22:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/12/22 03:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/10/07 22:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/05/19 18:10:32 | 002,319,528 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
[2009/05/19 18:10:36 | 000,143,864 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\peggle_s1_l1_gF1465T1L1_d541419730[1].exe
[2009/06/01 16:31:58 | 002,383,904 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
[2010/07/20 08:09:46 | 114,149,208 | ---- | M] (Acresso Software Inc. ) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540215253_610005\1270498514694\CDGSX5SP1.exe
[2010/10/26 05:34:10 | 182,994,224 | ---- | M] (Acresso Software Inc. ) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540215253_610005\1285781003180\CDGSX5SP2.exe
[2007/11/06 11:00:57 | 045,653,536 | ---- | M] (Macrovision Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540228037_210001\1191272015163\PSPP12_Corel_Update_EN_IE_FR_DE_ES_IT_NL_ESD.exe
[2010/04/15 10:04:53 | 057,032,512 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540228697_910035\1270498556606\VSX3_MLE_Patch.exe
[2008/06/23 13:33:18 | 043,206,456 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540228824_810007\1213733070511\CGSX4SP1.exe
[2008/10/09 07:49:20 | 008,170,696 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540228824_810007\1221854237432\CGSX4HotFix1.exe
[2009/01/07 15:20:50 | 066,336,104 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\All Users\Application Data\Corel\Downloads\540228824_810007\1225405113942\CGSX4SP2.exe
[2011/03/24 21:52:26 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\gtb955.tmp.exe
[2010/11/18 11:26:10 | 000,080,544 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe

< %APPDATA%\*. >
[2010/08/01 21:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Adobe
[2011/03/29 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Amazon
[2010/03/18 19:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Apple Computer
[2008/11/25 01:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\ArcSoft
[2009/12/28 01:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Ascentive
[2008/05/21 23:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\ATI
[2010/06/25 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\AVS4YOU
[2010/02/09 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\AVSMedia
[2011/05/22 17:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Azureus
[2008/08/14 17:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Bitstream
[2009/10/08 19:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Blitware
[2010/01/25 00:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Broad Intelligence
[2008/08/15 00:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/22 10:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\com.shockhound.software.download-manger.B6435ACE1916B5B8703C09D0A128CCB1AFA792F8.1
[2010/10/29 21:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Corel
[2009/10/08 19:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\DeviceDoctorSoftware
[2008/09/27 17:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\DivX
[2009/09/15 20:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Download Manager
[2009/04/10 23:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\dvdcss
[2010/08/22 18:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\E-centives
[2009/05/20 21:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Eyeblaster
[2008/09/15 19:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Filter Forge
[2011/01/05 10:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\FVDToolbar
[2011/01/27 21:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\GetRightToGo
[2011/03/06 13:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Google
[2009/09/08 01:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\GrabPro
[2010/11/24 01:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Help
[2008/05/21 23:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Identities
[2009/04/23 17:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Image Zone Express
[2008/12/20 16:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\ImTOO Software Studio
[2009/05/05 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\IMVU
[2008/09/06 13:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\IMVUClient
[2008/08/04 19:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\InstallShield
[2008/09/01 12:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Jasc
[2008/09/10 23:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Jasc Software Inc
[2010/03/18 00:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Leadertech
[2010/11/03 19:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Macromedia
[2008/08/08 21:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Malwarebytes
[2010/02/10 19:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Media Player Classic
[2011/05/19 13:35:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Renee\Application Data\Microsoft
[2009/09/18 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Move Networks
[2008/07/30 01:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Mozilla
[2011/03/14 03:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\MP3Rocket
[2008/10/02 22:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\MySpace
[2010/02/17 20:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\NCH Software
[2008/10/19 19:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\NCH Swift Sound
[2011/01/20 20:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\OpenOffice.org
[2010/10/06 16:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\prankhouse
[2011/05/18 01:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Real
[2010/10/20 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Share-to-Web Upload Folder
[2010/02/13 22:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Smart SWF Converter
[2008/09/19 20:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\SmartFTP
[2008/07/31 00:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Sun
[2011/05/19 12:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\SUPERAntiSpyware.com
[2008/08/06 21:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Thinstall
[2010/10/29 21:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Ulead Systems
[2008/10/13 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\vlc
[2008/07/27 22:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Windows Desktop Search
[2008/07/31 00:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Windows Search
[2009/03/12 22:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\WinRAR
[2010/06/06 04:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Xilisoft
[2008/11/13 01:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\Yahoo!
[2009/06/24 16:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee\Application Data\YouSendIt

< %APPDATA%\*.exe /s >
[2009/11/17 21:17:49 | 010,686,001 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\Azureus\plugins\azump\mplayer.exe
[2010/08/09 20:04:49 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Renee\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
[2008/08/28 15:31:40 | 000,049,408 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\IMVUClient\IMVUClient.exe
[2008/08/28 15:31:40 | 000,019,200 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\IMVUClient\IMVUQualityAgent.exe
[2008/08/28 15:31:42 | 000,091,640 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\IMVUClient\IMVUupdater.exe
[2008/09/05 20:47:33 | 000,080,967 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\IMVUClient\Uninstall.exe
[2008/02/04 16:28:22 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\IMVUClient\w9xpopen.exe
[2010/07/31 19:32:41 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Renee\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/01/26 21:00:22 | 000,029,184 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{106F886B-A874-43DF-BCC4-01DB57E1F3C6}\IconTmpl5.26D6FF13_F77C_402E_8E96_9E49DFBBAF31.exe
[2010/03/18 00:30:48 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010/05/21 16:09:50 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
[2009/12/26 02:38:52 | 000,009,446 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{77614EA5-B521-4604-9AF3-1ACF10826DD3}\_33FF69054B5E861AD501ED.exe
[2009/12/26 02:38:52 | 000,009,446 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{77614EA5-B521-4604-9AF3-1ACF10826DD3}\_42AA15C43A133293CFA1B4.exe
[2009/12/26 02:38:52 | 000,009,446 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{77614EA5-B521-4604-9AF3-1ACF10826DD3}\_6FEFF9B68218417F98F549.exe
[2010/03/18 01:53:35 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Renee\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2009/09/18 01:16:08 | 000,127,903 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\Move Networks\uninstall.exe
[2009/05/27 19:29:20 | 000,097,144 | ---- | M] () -- C:\Documents and Settings\Renee\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2007/12/30 06:01:18 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007/12/30 06:01:18 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\Renee\Application Data\Mozilla\Firefox\Profiles\uq8cuw1n.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2009/06/06 21:31:45 | 007,040,776 | ---- | M] (MySpace Inc.) -- C:\Documents and Settings\Renee\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
[2011/05/26 01:00:25 | 000,308,864 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Renee\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
[2011/05/26 04:02:00 | 025,825,936 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Renee\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\stub_data\RealPlayer.exe
[2011/05/26 04:00:31 | 000,675,088 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Renee\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\stub_exe\RealPlayer.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2010/10/05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2006/02/28 08:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys
[2011/05/26 02:09:43 | 000,475,736 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys
[2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys
[2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys

< %systemroot%\System32\config\*.sav >
[2008/05/21 18:45:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/21 18:45:19 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/21 18:45:19 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/05/22 22:17:31 | 000,017,480 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2011/05/26 02:09:43 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys

< End of report >


OTL Extras logfile created on: 5/26/2011 3:18:20 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Renee\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 63.32% Memory free
5.58 Gb Paging File | 5.01 Gb Available in Paging File | 89.78% Paging File free
Paging file location(s): D:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 63.62 Gb Free Space | 42.69% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 46.12 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: RENEE-2B2078250 | User Name: Renee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}" = 2350
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02FB40EA-C8AC-36F7-A546-B083E00AF3AA}" = Catalyst Control Center Core Implementation
"{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}" = 2350_Help
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1034BE34-1569-4889-831D-C2C3F2CB2F73}" = Photo Explosion Deluxe 3.0
"{106F886B-A874-43DF-BCC4-01DB57E1F3C6}" = Windows Movie Maker 2 Winter Fun Pack
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26613E65-0609-42DB-955E-A9386A481F4E}_is1" = PowerKaraoke Plus
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 23
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C26E039-BE18-4B5E-A723-45390C451819}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = er100LT
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4445BFF0-008A-8F5C-9D68-B0164F7E26FF}" = ccc-core-static
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B2044-5FF7-4F2E-B97D-A0E9B8CEF78D}" = PC SpeedScan Pro
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4D89AFAD-669B-514A-E150-7DA3208477DC}" = ccc-utility
"{4E47B686-8DFF-1AAD-3264-A537E2FC3833}" = Catalyst Control Center Graphics Previews Common
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A7A2AED-781B-45DC-AAF6-EAA3A9370C83}}_is1" = PhotoInstrument 3.2
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77614EA5-B521-4604-9AF3-1ACF10826DD3}" = Photo to Cartoon
"{7764393A-A48B-6BB2-28BC-A6B4EF3A95BC}" = Catalyst Control Center Graphics Full Existing
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.5.1
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{825DFF04-8FB0-3430-CB22-8725719B1A01}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84430565-C205-B818-7D13-052F88707F70}" = CCC Help English
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6264FF6-C49D-4533-AF42-4875C38BB24C}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEE68CF3-207A-4C42-AD4F-38FC2CE4972B}" = PC ScanAndSweep
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E7118C-CF3D-46EC-B431-F744C035A571}" = 2350Trb
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D99667FF-4A9B-B278-9014-BEA2896F413F}" = ccc-core-preinstall
"{DAB63C41-6ED8-1DEA-B5FC-D48FDB96B9B9}" = Shockhound Download Manager
"{DBD86EB8-8536-DB02-EC42-31ED143497A8}" = Catalyst Control Center HydraVision Full
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9F882ED-C2B8-2716-0330-7FBA5C9C455B}" = Catalyst Control Center Graphics Full New
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AnalogX SayIt" = AnalogX SayIt
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Corel Applications" = Corel Applications
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"ESET Online Scanner" = ESET Online Scanner v3
"Free Realms Installer" = Free Realms Installer
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HitmanPro35" = Hitman Pro 3.5
"hp officejet 7100 series" = hp officejet 7100 series corporate driver
"hp officejet 7100 series 1287599123" = hp officejet 7100 series
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Photo Printing Software" = HP Photo Printing Software
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Little Ink Pot's Thredgeholder Plugin_is1" = Thredgeholder Plugin v 1.0
"Little Ink Pot's Xpose Plugin_is1" = Xpose Plugin v 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP3 Rocket" = MP3 Rocket
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"RADVideo" = RAD Video Tools
"RealPlayer 12.0" = RealPlayer
"TransitionMaker2V2_is1" = TransitionMaker2V2.0.4.1
"VLC media player" = VLC media player 0.9.4
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Youtube downloader and converter" = Youtube downloader and converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2011 11:38:59 PM | Computer Name = RENEE-2B2078250 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2011 10:40:17 AM | Computer Name = RENEE-2B2078250 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/25/2011 10:54:01 AM | Computer Name = RENEE-2B2078250 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/25/2011 10:54:06 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/26/2011 10:23:46 AM | Computer Name = RENEE-2B2078250 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/26/2011 10:23:49 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/26/2011 10:44:48 AM | Computer Name = RENEE-2B2078250 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/26/2011 10:44:51 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/26/2011 2:33:44 PM | Computer Name = RENEE-2B2078250 | Source = Application Hang | ID = 1002
Description = Hanging application CKScanner.exe, version 1.8.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2011 2:33:45 PM | Computer Name = RENEE-2B2078250 | Source = Application Hang | ID = 1002
Description = Hanging application CKScanner.exe, version 1.8.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/25/2011 10:30:54 AM | Computer Name = RENEE-2B2078250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/25/2011 10:40:16 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/25/2011 10:52:38 AM | Computer Name = RENEE-2B2078250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/25/2011 10:54:00 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/25/2011 7:32:29 PM | Computer Name = RENEE-2B2078250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/26/2011 10:23:45 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.498.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/26/2011 10:44:48 AM | Computer Name = RENEE-2B2078250 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.498.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 5/26/2011 11:16:26 AM | Computer Name = RENEE-2B2078250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde SASDIFSV SASKUTIL

Error - 5/26/2011 11:49:51 AM | Computer Name = RENEE-2B2078250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/26/2011 2:13:53 PM | Computer Name = RENEE-2B2078250 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

#15 irritatedraven

irritatedraven
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 26 May 2011 - 02:59 PM

here is the new cks file after deleting the azurus files

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\local settings\application data\im\sound\tchaikovsky_the_nutcracker.imw
c:\documents and settings\all users\application data\incredimail\data\animation\firecracker.ima
c:\documents and settings\all users\application data\incredimail\data\setupdata\sound\tchaikovsky_the_nutcracker.imw
c:\documents and settings\all users\application data\incredimail\data\sound\tchaikovsky_the_nutcracker.imw
c:\documents and settings\renee\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\renee\favorites\youtube - assassin's creed crack.url
c:\documents and settings\renee\favorites\youtube - spongebob is on crack.url
c:\documents and settings\renee\favorites\youtube - spongebob on crack.url
c:\documents and settings\renee\favorites\links\cracked.com - america's only humor & video site since 1958 cracked.url
c:\documents and settings\renee\favorites\links\get crackin'#sidebar_video_thumb_1534#sidebar_video_thumb_1534.url
c:\documents and settings\renee\favorites\links\youtube - how to crack an egg.url
c:\documents and settings\renee\my documents\my pictures\gothic butterflys, dragons, ravens\vectors\iheartvector-free-texure-cracked-paint.zip
c:\program files\adobe\adobe photoshop cs3\presets\brushes\anodyne-stock_cracks.abr
c:\program files\adobe\adobe photoshop cs3\presets\brushes\crispy-cracks-thb.abr
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\program files\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\program files\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files\corel\coreldraw graphics suite x5\custom data\bumpmap\cracks.cpt
c:\program files\corel\graphics9\custom\bumpmap\cracks.cpt
c:\program files\corel\graphics9\custom\canvas\cracks2c.pcx
c:\program files\corel\graphics9\custom\tiles\cracks2m.cpt
c:\program files\corel\graphics9\photopnt\scripts\effects\086 bump map cracks.csc
c:\program files\jasc software inc\paint shop pro 8\brushes\cracks.pspimage
c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
c:\program files\nova development\photo explosion deluxe 3.0\project category\photo frames\general\green crackle.tpx
c:\program files\nova development\photo explosion deluxe 3.0\project category\photo frames\general\mountain crackle.tpx
c:\program files\nova development\photo explosion deluxe 3.0\project category\postcards\business\cracked mud.tpx
scanner sequence 3.ZZ.11
----- EOF -----




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users