Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows Vista Fix & Win32/Alureon.EN


  • This topic is locked This topic is locked
41 replies to this topic

#1 Redfireagate

Redfireagate

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 18 July 2011 - 05:13 PM

Hi-So glad you all are here to help. I was infected with Windows Vista Fix and Win32/Alureon.EN on July 11th and have been trying to fix it ever since. When it hit, my lower download task bar something called Javaw.exe was trying to execute itself. I couldn't say "No' or cancel it, so I left it in my bottom taskbar. Then the boxes started popping up, at which time I researched it on another computer and realized it was Windows Vista fix. I tried to run my Windows Security Essentials software. It ran and showed the Fix virus plus Win32/Alureon.EN. They were quarantined, but then the program froze. I couldn't remove them or delete them, I couldn't update MS Security Essentials(in case there was a new fix). I ran MS Safety Scanner and MS Malicious Software removal tool, and ran a CCleaner cleanout minus the temp folders(I think your site said not to clean temp folders?), used their registry fix which only showed a few items, then tried to do a system restore, which was suggested in MS help (I restored to July 6th before the latest updates).. Currently my computer won't reboot(another problem and topic), so I closed it down after the system restore, and started it again. All I saw was a black screen. I shut it down again, and started it back up in Safe Mode with Networking. I was able to start my computer and use the internet, which enabled me to do some research on these pests. I found your site again, read what I could understand, downloaded and ran the Unhide files.Exe, and changed a setting so that hidden files would show and unchecked a box so that system files would show. By doing this, I found my files and folders, but most of my desktop was blank. It looks like most of my data is still there, but it seems jumbled up, plus I found parts of Norton and AVg antivirus's that I supposedly had deleted years ago, among other things. I downloaded and ran Regpair.exe which said I had over 500 errors after about 50 seconds, then downloaded and ran Malwarebytes which said something about over 1100 errors. It ran almost as fast as the other program so I don't know if they actually ran or if the virus had disabled them. I don't even know if they can be used in Safe Mode. In Safe Mode, Windows Security Essentials showed a last updated date of July 6, which was the date I "restored" back to. I updated it and ran it again. It still showed the viruses in quarantine. I've been working on this for so long that I can't remember if I was able to remove these pests while in Safe Mode, but at some point, MS Security Essentials started working again and I removed them. I'm a novice at doing my own fixing so I was pretty stressed. While in Safe Mode I downloaded and ran Kaspersky's TDSS Killer which showed that I had 0 problems. Today I can't find a trace of the TDSS software, so maybe it didn't work correctly. Since both of these viruses can corrupt files, duplicate parts of itself and go in hiding, etc., as well as steal information and possibly infect other people's computers from mine, I am desperate to get it out of my computer and have my files fixed. I am also afraid of an unexpected crash. I have done a backup, just in case. Our internet connection comes from a Radio Wave tower to a receiver on our house, which is wired, then continues wireless to our computers, so I guess that means we have a local DNS (?) . I have tried to include the steps I have taken and I hope that I haven't left out any. Thanks, Redfireagate
Below is my DDS.txt log
DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Linda at 15:46:18 on 2011-07-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7927.6040 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\SysWOW64\BeepApp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\vsnp325.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\tsnp325.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WerCon.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: FVDSearchHook Class: {6778613D-616B-4A6C-9856-65DE943CF424} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
mRun: [tsnp325] "C:\Windows\tsnp325.exe"
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Search - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B0C7ED1-D22E-4D6A-AEED-7FAE090C22EB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DC0204D3-8D84-4A40-8514-B1DB073973C3} : DHCPNameServer = 10.10.0.3 72.48.243.7
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
x64-Run: [WrtMon.exe] "C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [snp325] C:\Windows\vsnp325.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: ipp - <Clsid value has no data>
x64-Handler: msdaipp - <Clsid value has no data>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\wbxbnjmo.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc9dc40&v=6.010.006.004&i=27&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2008-11-19 225296]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-8-22 25312]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/05/09 16:40:42];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-3 202752]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-9-4 122880]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-1-20 20376]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-8-22 278528]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-2-3 6366720]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-2-3 186880]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-5-24 626176]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2008-11-19 26168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-17 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-17 136176]
S3 NPF;Netgroup Packet Filter;C:\Windows\System32\drivers\npf.sys [2010-8-22 47632]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SNP325;USB PC Camera (SNPSTD325);C:\Windows\System32\drivers\snp325.sys [2009-1-24 10703872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-5 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-14 20:43:40 50867144 ----a-w- C:\Windows\System32\mrt.exe
2011-07-06 19:09:35 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-29 16:15:56 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-04-29 15:59:36 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-23 01:37:29 17773568 ----a-w- C:\Windows\System32\mshtml.dll
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:27:46 10885632 ----a-w- C:\Windows\System32\ieframe.dll
2011-04-23 01:23:54 1344000 ----a-w- C:\Windows\System32\urlmon.dll
2011-04-23 01:20:36 818176 ----a-w- C:\Windows\System32\jscript.dll
2011-04-23 01:19:35 2136064 ----a-w- C:\Windows\System32\iertutil.dll
2011-04-23 01:19:29 96256 ----a-w- C:\Windows\System32\mshtmled.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-23 01:17:42 248320 ----a-w- C:\Windows\System32\ieui.dll
2011-04-22 23:36:19 12269056 ----a-w- C:\Windows\SysWow64\mshtml.dll
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:32:21 9703936 ----a-w- C:\Windows\SysWow64\ieframe.dll
2011-04-22 23:30:18 1102336 ----a-w- C:\Windows\SysWow64\urlmon.dll
2011-04-22 23:26:50 716800 ----a-w- C:\Windows\SysWow64\jscript.dll
2011-04-22 23:26:21 1785344 ----a-w- C:\Windows\SysWow64\iertutil.dll
2011-04-22 23:26:01 72704 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 23:24:12 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-20 16:03:39 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-04-20 15:58:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
.
============= FINISH: 15:46:52.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:03 PM

Posted 31 July 2011 - 10:41 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 31 July 2011 - 01:02 PM

I am definitely still interested in getting help. Thanks for your reply! I did install and update of CCleaner since I posted this and ran the Cleaner, minus cleaning any kind of TEMP files. I ran a registry scan the other day but did not go through with the fixes. I have also deleted some photos and opened a few emails. I won't do anything else. My concern is that this menace could have parts hiding in places where it shouldn't be, and of course I don't want a key logger in my system. Thanks again

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:03 PM

Posted 31 July 2011 - 06:55 PM

Let's see if anything pops up using aswMBR.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 01 August 2011 - 09:28 AM

Hi Mole, Sorry I didn't get your post yesterday evening. Here are the log results from just the aswMBR. As I understood your post, I was just to download this rootkit tool, not the antivirus. This seems like a short log. Maybe that is good. Also, I have noticed that my Windows automatic updates are no longer automatic. I seem to remember trying to turn this back on after the attack. I am using MS Essentials for an anti-virus. When I ran an HP computer health check, it showed that I had no antivirus software running.


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-01 09:08:29
-----------------------------
09:08:29.850 OS Version: Windows x64 6.0.6002 Service Pack 2
09:08:29.850 Number of processors: 4 586 0x203
09:08:29.851 ComputerName: LINDA-STUDIOPC UserName: Linda
09:08:32.618 Initialize success
09:09:20.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
09:09:20.548 Disk 0 Vendor: AMD_____ 1.10 Size: 715255MB BusType: 8
09:09:20.564 Disk 1 \Device\Harddisk1\DR1 -> \Device\Sbp2\Iomega &Iomega eGo HDD &0&00d0b87e_1100004f_Instance00
09:09:20.569 Disk 1 Vendor: Iomega__ 2.82 Size: 238475MB BusType: 4
09:09:22.594 Disk 0 MBR read successfully
09:09:22.598 Disk 0 MBR scan
09:09:22.602 Disk 0 unknown MBR code
09:09:22.607 Service scanning
09:09:25.188 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:09:28.298 Modules scanning
09:09:28.304 Disk 0 trace - called modules:
09:09:28.341 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll ahcix64s.sys
09:09:28.346 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006adf790]
09:09:28.352 3 CLASSPNP.SYS[fffffa6000dccc33] -> nt!IofCallDriver -> [0xfffffa8007900e40]
09:09:28.360 5 acpi.sys[fffffa6000811fde] -> nt!IofCallDriver -> \Device\00000053[0xfffffa8007cb4800]
09:09:28.368 Scan finished successfully
09:10:12.233 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
09:10:12.240 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"

Edited by Redfireagate, 01 August 2011 - 09:42 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:03 PM

Posted 01 August 2011 - 06:46 PM

Just need to check the MBR (which shows as unknown)

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 01 August 2011 - 07:27 PM

Hi Mole, this is what the log said:

MBR CHECK version 1.2.3
c 2010
Command line:
Windows Version: Windows Vista Home Premium edition
Windows Information: Service Pack 2 (build 6002), 64bit
Base Board Manufacturer: MSI
Bios Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: PQ563AA-ABA a6750f
Logical Drives Mask: 0x000003fc
\\.\C:- ->\\.\PhysicalDrive0 at offset 0x00000000'00007e00 <NTFS>
\\.\D:- ->\\.\PhysicalDrive0 at offset 0x000000ab' 455eb000 <NTFS>
\\.\J:- ->\\.\PhysicalDrive1 at offset 0x00000000'00007e00 <NTFS>

698GB\\.\PhysicalDrive0 Re: Hewlett- Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456
232GB\\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!

Edited by Redfireagate, 01 August 2011 - 07:33 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:03 PM

Posted 01 August 2011 - 08:19 PM

Okay, that's checked out fine.

Please run OTL next

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 01 August 2011 - 09:43 PM

Hi Mole, Thanks! I really appreciate your help with this more than you will ever know.
At any rate, Here are the scan results:

OTL logfile created on: 8/1/2011 9:31:13 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Linda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 72.18% Memory free
15.54 Gb Paging File | 13.75 Gb Available in Paging File | 88.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 526.30 Gb Free Space | 76.82% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.80 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
Drive J: | 232.88 Gb Total Space | 189.95 Gb Free Space | 81.56% Space Free | Partition Type: NTFS

Computer Name: LINDA-STUDIOPC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Linda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Windows\SysWOW64\BeepApp.exe ()
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Linda\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WSWNDA3100) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\DRIVERS\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\SysNative\DRIVERS\snp325.sys (Sonix Co. Ltd.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\DRIVERS\scmndisp.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc9dc40&v=6.010.006.004&i=27&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 15:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 17:36:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/17 15:58:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/02 17:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/08/31 20:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2010/08/31 20:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/20 21:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/08/01 09:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\wbxbnjmo.default\extensions
[2011/07/16 16:01:38 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\wbxbnjmo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/07/12 17:25:57 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\wbxbnjmo.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011/05/17 13:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/17 13:44:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/23 17:36:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 16:45:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/06 17:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/20 16:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/09 12:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/07/01 15:21:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 20:30:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/25 00:14:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\LINDA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBXBNJMO.DEFAULT\EXTENSIONS\VIDEO.DOWNLOADER.PLUGIN@FFPIMP.COM.XPI
[2009/06/25 15:43:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/23 17:36:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/06/12 01:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/06/17 15:58:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/06/17 15:58:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/06/17 15:58:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/06/17 15:58:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/06/17 15:58:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/06/17 15:58:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/06/17 15:58:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2010/01/01 03:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2010/10/28 15:54:35 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 03:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 03:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/11/16 19:00:44 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ows\S) - File not found
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (em\\y Packages settings...) - File not found
O30:64bit: - LSA: Security Packages - (ages setti) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (1.0\y Packages settings...) - File not found
O30 - LSA: Security Packages - (ages setti) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 21:27:33 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.exe
[2011/07/29 19:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/25 10:52:45 | 000,000,000 | R--D | C] -- C:\Users\Linda\Desktop\Shortcuts
[2011/07/23 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Full
[2011/07/23 17:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vgif
[2011/07/14 15:41:17 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/14 15:41:15 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/14 15:41:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/07/13 21:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/07/13 20:19:14 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/07/13 20:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2011/07/13 18:20:42 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Malwarebytes
[2011/07/13 18:20:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/13 18:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/13 18:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/13 18:20:32 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/13 18:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/01/24 17:45:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll
[2009/01/24 17:45:32 | 000,147,456 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp325.dll
[2009/01/24 17:45:32 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll

========== Files - Modified Within 30 Days ==========

[2011/08/01 21:29:57 | 000,001,080 | ---- | M] () -- C:\Users\Linda\Desktop\OTL.exe - Shortcut.lnk
[2011/08/01 21:27:37 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.exe
[2011/08/01 21:04:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 20:41:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 20:41:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/01 19:09:06 | 000,000,859 | ---- | M] () -- C:\Users\Linda\Desktop\MBRCheck.exe - Shortcut.lnk
[2011/08/01 18:06:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/01 16:03:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/01 12:41:52 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/08/01 09:10:12 | 000,000,512 | ---- | M] () -- C:\Users\Linda\Desktop\MBR.dat
[2011/08/01 09:08:22 | 000,001,243 | ---- | M] () -- C:\Users\Linda\Desktop\aswMBR.exe - Shortcut.lnk
[2011/07/29 19:01:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/07/29 19:01:11 | 000,721,296 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/29 19:01:11 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/29 19:01:11 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/29 12:59:02 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/23 17:20:46 | 000,060,928 | ---- | M] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/21 16:07:54 | 000,286,596 | ---- | M] () -- C:\Users\Linda\Documents\Spinosad.pdf
[2011/07/19 11:15:14 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/18 15:43:21 | 000,000,000 | ---- | M] () -- C:\Users\Linda\defogger_reenable
[2011/07/14 16:58:26 | 000,001,866 | ---- | M] () -- C:\Users\Linda\Desktop\Mozilla Thunderbird.lnk
[2011/07/14 16:50:31 | 000,000,902 | ---- | M] () -- C:\Users\Linda\Desktop\Mozilla Firefox.lnk
[2011/07/14 16:39:54 | 000,401,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/14 15:35:13 | 000,000,902 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/12 16:04:52 | 000,007,728 | ---- | M] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2011/07/11 14:06:40 | 000,000,384 | ---- | M] () -- C:\ProgramData\42655480
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/06 14:09:35 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/08/01 21:29:05 | 000,001,080 | ---- | C] () -- C:\Users\Linda\Desktop\OTL.exe - Shortcut.lnk
[2011/08/01 19:09:06 | 000,000,859 | ---- | C] () -- C:\Users\Linda\Desktop\MBRCheck.exe - Shortcut.lnk
[2011/08/01 09:10:12 | 000,000,512 | ---- | C] () -- C:\Users\Linda\Desktop\MBR.dat
[2011/08/01 09:07:52 | 000,001,243 | ---- | C] () -- C:\Users\Linda\Desktop\aswMBR.exe - Shortcut.lnk
[2011/07/29 12:59:02 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/21 16:07:54 | 000,286,596 | ---- | C] () -- C:\Users\Linda\Documents\Spinosad.pdf
[2011/07/18 15:43:21 | 000,000,000 | ---- | C] () -- C:\Users\Linda\defogger_reenable
[2011/07/14 16:58:26 | 000,001,866 | ---- | C] () -- C:\Users\Linda\Desktop\Mozilla Thunderbird.lnk
[2011/07/14 16:50:31 | 000,000,902 | ---- | C] () -- C:\Users\Linda\Desktop\Mozilla Firefox.lnk
[2011/07/14 15:35:13 | 000,000,902 | ---- | C] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/11 14:04:02 | 000,000,384 | ---- | C] () -- C:\ProgramData\42655480
[2011/01/25 14:37:06 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/24 19:43:47 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/08/22 18:41:13 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/08/21 11:32:16 | 000,024,226 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\UserTile.png
[2010/01/20 19:49:28 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/11/09 12:56:05 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 19:06:08 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/05 20:16:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/05 20:15:55 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/05 20:15:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/20 19:01:20 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2009/02/05 18:38:38 | 000,060,928 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/30 16:14:30 | 000,007,728 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat
[2009/01/24 17:45:33 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2009/01/24 17:45:33 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2009/01/24 17:45:33 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2009/01/23 18:06:17 | 000,001,172 | ---- | C] () -- C:\Program Files\ArcSoft PhotoStudio 5.5 - Shortcut (2).lnk
[2009/01/23 17:53:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/01/23 17:42:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/22 21:19:23 | 000,000,906 | ---- | C] () -- C:\Program Files\Acrobat.com.lnk
[2009/01/22 21:16:54 | 000,001,919 | ---- | C] () -- C:\Program Files\Adobe Reader 9.lnk
[2009/01/21 20:58:21 | 000,001,901 | ---- | C] () -- C:\Program Files\Canon CanoScan 8800F User Registration.LNK
[2009/01/21 20:57:44 | 000,002,006 | ---- | C] () -- C:\Program Files\Presto! PageManager 7.15.lnk
[2009/01/21 20:56:45 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/01/21 20:54:36 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/01/21 20:47:52 | 000,002,168 | ---- | C] () -- C:\Program Files\CanoScan 8800F On-screen Manual.lnk
[2009/01/21 20:42:24 | 000,001,894 | ---- | C] () -- C:\Program Files\Canon iP4500 series User Registration.LNK
[2009/01/21 20:28:31 | 000,001,742 | ---- | C] () -- C:\Program Files\My Printer.lnk
[2009/01/21 20:28:16 | 000,001,876 | ---- | C] () -- C:\Program Files\Canon Solution Menu.lnk
[2009/01/21 20:28:03 | 000,001,930 | ---- | C] () -- C:\Program Files\Easy-PhotoPrint EX.lnk
[2009/01/21 20:26:20 | 000,002,165 | ---- | C] () -- C:\Program Files\iP4500 series On-screen Manual.lnk
[2009/01/20 22:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/20 19:41:03 | 000,001,368 | ---- | C] () -- C:\Program Files\Snapfish Photos - FREE - 1st 25 Prints.lnk
[2009/01/20 19:40:46 | 000,001,903 | ---- | C] () -- C:\Program Files\HP Total Care Advisor.lnk
[2009/01/20 19:40:42 | 000,002,107 | ---- | C] () -- C:\Program Files\eBay.lnk
[2008/11/19 05:34:22 | 000,000,985 | ---- | C] () -- C:\Program Files\Internet Explorer.lnk
[2008/11/19 05:08:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/11/19 05:04:29 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/11/19 04:53:34 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/11/19 04:53:34 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/11/19 04:33:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/24 07:40:02 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2008/09/24 07:39:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2008/09/19 06:59:22 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2008/09/04 07:14:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\BeepApp.exe
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\REGOBJ.DLL

========== LOP Check ==========

[2009/04/01 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Avanquest
[2009/01/23 18:39:27 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Canon
[2010/04/02 20:41:17 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/23 17:40:11 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Full
[2011/07/12 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\muvee Technologies
[2009/02/12 17:14:26 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Opera
[2010/08/21 11:32:16 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\PeerNetworking
[2009/01/20 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\PictureMover
[2009/01/21 20:54:22 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\ScanSoft
[2009/02/04 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Template
[2011/07/12 17:26:07 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Thunderbird
[2009/05/09 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\WinBatch
[2010/09/06 23:00:14 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/01 11:31:53 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 837 bytes -> C:\Users\Linda\Documents\Wellsfargo payment march.eml:OECustomProperty
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

OTL Extras logfile created on: 8/1/2011 9:31:13 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Linda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 72.18% Memory free
15.54 Gb Paging File | 13.75 Gb Available in Paging File | 88.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 526.30 Gb Free Space | 76.82% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.80 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
Drive J: | 232.88 Gb Total Space | 189.95 Gb Free Space | 81.56% Space Free | Partition Type: NTFS

Computer Name: LINDA-STUDIOPC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = ED BA 16 48 DC FD C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1859799101-1454193475-2411125903-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C19C917-E1E2-484D-9CE2-C61C195F2804}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D62A88F-896F-4195-8FC8-B4435D23673F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{426F614C-71EA-4988-998B-C1AD0837D09E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{52D054D6-0366-46BA-8F00-90C28D1A20C8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A07C837-8816-4317-B4B1-4BFEFE739C3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{95FC94E7-8A70-4FD2-A0D6-A8A32D11D33D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A013D46A-FF19-4A26-B343-DAFD82BC480A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BF4A8F99-3940-4653-9E45-3E0DEA3AB713}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01801A11-A81D-4A55-8953-5F42CCA8899B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{05F52A5A-B4AC-43BD-BDCD-0A9F9D15A70A}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{0B9A1B84-7CF8-4D55-8022-20ABEFB29461}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\photoshop elements 5.0\adobephotoshopelementsmediaserver.exe |
"{1F67CDEE-7B36-4B4C-8190-44365158A10F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{5FAD29B6-CA9A-4AC9-ACAB-FFBB222B42A0}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{69CBAFEC-3EA5-4D24-81DA-B8D625AAB00D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{809E7C95-5437-402B-8499-CCEBED77F023}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{8A8D9885-4E34-45A4-88ED-0BFE016E98DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9312F202-4985-4818-8687-198F9745F8BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F787733-3168-4ABB-BF83-6F930C290BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{A74C233E-4165-4A42-8028-39ACE27D747E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{BF4AA73C-CE77-4C3B-AA68-21C2F621667A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C9BB8356-4302-466D-A025-2CF109691271}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CDA0F655-7642-43E5-B243-689D9BC001D3}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\photoshop elements 5.0\adobephotoshopelementsmediaserver.exe |
"{E42319C5-D30D-48BF-B518-887887366F7C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E7B1E061-F9CA-45D9-A1AB-A02D9D981F4B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F4675CEB-D32A-44D3-A8DF-A59B181E0D76}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"TCP Query User{B577557A-12B7-4080-8AC2-A6907B84BF15}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{93299EF9-A54D-410A-965C-4CEBA4F1CCD1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{318AD65D-4A2D-108F-CC1A-F57F5CD3A0D5}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A5F0AF2-0C80-4933-B78E-7BAA275903A1}" = ccc-utility64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{04462E0D-D4EC-7274-71E6-BE09242BE7C6}" = Catalyst Control Center Localization Russian
"{0EB37B0C-312B-3730-D5A8-03DEF93D8F88}" = CCC Help French
"{0FDEC602-1C69-B08C-C351-689B9E0395BC}" = CCC Help German
"{11BE5E20-76C9-DCAF-ECEA-BC7B04C82920}" = Catalyst Control Center Localization Spanish
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1A2A3DE7-9FEB-8328-0C54-517B05606341}" = Catalyst Control Center Localization Finnish
"{1BF9C714-2DA7-53FA-B2A0-06B494A91360}" = Catalyst Control Center Localization Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{259F8154-8D39-8346-5B1D-7A2175686D27}" = Catalyst Control Center Localization Thai
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2ED95A60-5AE1-7F13-FC1E-11FD9DD05E82}" = CCC Help Dutch
"{3127BE74-0D37-3CFE-93F5-1A5AC0FA4E3F}" = CCC Help Portuguese
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3C85A64F-67A3-DB7F-952A-CF28AA180BFF}" = Catalyst Control Center Graphics Previews Vista
"{3FB81D45-08CF-22A0-F167-38E246CF2641}" = Catalyst Control Center Localization Turkish
"{413E908B-9634-3CA4-0820-955741413401}" = Catalyst Control Center Localization French
"{41D3C3F4-99A5-D45E-DFC6-3076CDAD63AC}" = Catalyst Control Center Localization Chinese Traditional
"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional
"{46C20FC4-3932-0B64-0CDF-6FC3590B72DD}" = Catalyst Control Center Localization Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{508D42C6-1CB1-6E14-3C04-B51F2988AC24}" = CCC Help Chinese Traditional
"{515CB78F-31E8-A196-FBA2-C54BEB58D4A1}" = ccc-core-static
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54DFCA39-7269-8FAD-699C-EB42DC337601}" = Catalyst Control Center Localization Dutch
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5FFDF42B-96BC-5845-2D39-4F5021092336}" = Catalyst Control Center Localization Hungarian
"{62819EFD-659D-D507-013E-0541FFDF71C7}" = Skins
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{64C61623-E9E9-AD76-4E3D-632ABDB3D3B7}" = Catalyst Control Center Localization Chinese Standard
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6820EA16-B5AD-4221-E0F6-22C52BC4F4BD}" = CCC Help Italian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6CF622FF-B0C8-5CE5-4CF7-E1790A50BCE9}" = Catalyst Control Center Localization Korean
"{6D161FB9-98B8-399B-1029-D6EFE4F7250F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{814B6CB8-9268-C19C-8297-2ECF7F02EBE8}" = Catalyst Control Center Localization Portuguese
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95E75AEE-CC70-62FC-317E-CD6CBBF2AF2B}" = Catalyst Control Center Graphics Full New
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8A4CBF-236E-8BFA-C56A-2FA3BDBA6647}" = Catalyst Control Center Localization German
"{9E67B8B9-23A7-BA38-27CA-1BD20387EBB5}" = Catalyst Control Center Graphics Light
"{9F2EEB98-2578-E655-32EC-48991FC65149}" = CCC Help Russian
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A068D32D-D140-40CE-9E8D-2F7563066A6D}" = Catalyst Control Center - Branding
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A516050E-4461-DA8B-98BE-E5804F50452A}" = CCC Help English
"{A5885BCC-94DD-F74D-32E6-C72C72CFAEE2}" = Catalyst Control Center Core Implementation
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7A34EC1-ADC1-B523-5B27-0A4A927E4F68}" = CCC Help Japanese
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC776273-B538-D23E-5636-9862787B134A}" = CCC Help Polish
"{B2A30878-64C6-7145-BA60-5B3E6FC594F9}" = Catalyst Control Center Localization Czech
"{B2AE9662-A748-DEBB-D252-8758F02AA9BC}" = CCC Help Czech
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B41F7D8C-115E-CA45-F80A-1BFF49CD3EC7}" = CCC Help Thai
"{B4742B42-C7DD-0E0B-11B2-D00EF50E9F1E}" = CCC Help Finnish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8461E91-76C3-2EC2-2277-AB565F39AB73}" = Catalyst Control Center Localization Japanese
"{B8628316-6B40-4315-F3F6-C40DA20476AD}" = CCC Help Danish
"{B9468C91-0ACB-A5FA-9BB6-D5705741875B}" = Catalyst Control Center Localization Danish
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C0928BDC-D926-EADB-9F49-3DA217886AE8}" = Catalyst Control Center Graphics Full Existing
"{C2B9AA2E-FEA1-307C-1D51-98A5BA67BBA6}" = CCC Help Greek
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA07FCFD-2BD4-93DC-C96C-E710254ADF0F}" = Catalyst Control Center Localization Italian
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CF7077C9-D94E-BA7F-26FD-303EB48A58C7}" = CCC Help Norwegian
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D32CB7FD-DCB6-2211-21D4-A7ABA3704CC7}" = CCC Help Korean
"{D6F47BAC-5757-665D-3CDD-BC490B9E0534}" = CCC Help Spanish
"{DBE17B8C-3B2B-6480-C3A1-BFA72FB7A5BD}" = CCC Help Chinese Standard
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE788E95-F906-45F1-025A-EF2BC39A76FB}" = Catalyst Control Center Localization Greek
"{DFBD51BC-0132-7D56-CBC0-057A13B25116}" = CCC Help Swedish
"{E1D0F3DF-08CE-8051-3027-F40D3B012E8A}" = CCC Help Turkish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C19F3A-9A6A-AF80-E136-88F056AECCFE}" = Catalyst Control Center Localization Polish
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 325 USB PC Camera
"{FC188F5E-27F7-7BA6-3433-6ABAE6AF7B28}" = CCC Help Hungarian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"CameraUserGuide-PSA1100IS" = Canon PowerShot A1100 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4500 series User Registration" = Canon iP4500 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"WildTangent hp Master Uninstall" = My HP Games
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2010 4:28:30 PM | Computer Name = Linda-StudioPC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2010 7:05:07 PM | Computer Name = Linda-StudioPC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/29/2010 8:05:05 PM | Computer Name = Linda-StudioPC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/29/2010 8:10:27 PM | Computer Name = Linda-StudioPC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/29/2010 9:22:17 PM | Computer Name = Linda-StudioPC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 3:45:11 PM | Computer Name = Linda-StudioPC | Source = WinMgmt | ID = 10
Description =

Error - 12/30/2010 4:05:07 PM | Computer Name = Linda-StudioPC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/30/2010 5:05:04 PM | Computer Name = Linda-StudioPC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/30/2010 5:58:47 PM | Computer Name = Linda-StudioPC | Source = System Restore | ID = 8193
Description =

Error - 12/30/2010 5:58:52 PM | Computer Name = Linda-StudioPC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 8/1/2011 9:59:14 AM | Computer Name = Linda-StudioPC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/1/2011 9:59:56 AM | Computer Name = Linda-StudioPC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 8/1/2011 9:59:59 AM | Computer Name = Linda-StudioPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.30 for the Network Card with network
address 30469A25D448 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/1/2011 1:42:42 PM | Computer Name = Linda-StudioPC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/1/2011 1:45:11 PM | Computer Name = Linda-StudioPC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 8/1/2011 1:45:13 PM | Computer Name = Linda-StudioPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.31 for the Network Card with network
address 30469A25D448 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/1/2011 7:07:14 PM | Computer Name = Linda-StudioPC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 8/1/2011 7:07:17 PM | Computer Name = Linda-StudioPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.32 for the Network Card with network
address 30469A25D448 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 8/1/2011 7:07:18 PM | Computer Name = Linda-StudioPC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 8/1/2011 7:07:22 PM | Computer Name = Linda-StudioPC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:03 PM

Posted 02 August 2011 - 06:14 PM

Are you voluntarily using Ask as your default search engine?

There isn't any remains of anything genuinely threatening though. Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please scan wth ESET too

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#11 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 02 August 2011 - 07:09 PM

Thanks Mole, I will start all these tasks. No I don't want to use "Ask" as my search engine. I just can't get rid of the thing. Maybe you can give me some clues. Also, I can't reboot my machine. When I try to, it just freezes, usually on the HP entry page. Then I have to physically turn the machine off using the button on top, wait a minute or so, then turn it back on. This started happening after I ran a CCleaner registry fix several months ago when I installed an updated version of CCleaner. I read a forum opinion that thought novices should stay away from registry cleaners, that most of the time they aren't necessary. Is that true? When executing the OTL fix, if I am asked to reboot, can I just turn it off, then turn it on again, or is there some code I can put in the registry to tell it to reboot again? Would this request be another topic? Thanks, and I will get busy doing the tasks you requested.

#12 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 02 August 2011 - 07:18 PM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.26.1 log created on 08022011_191438

#13 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 02 August 2011 - 07:45 PM

eset scanner wants to know if proxy is configured and won't start. Guess I will figure this out if you aren't online now.

#14 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 02 August 2011 - 11:31 PM

I disabled Windows Defender and was able to run the scan, left the computer and came back about an hour later, screen was black so I hit enter to bring it back. That stopped the scan, which said 8 things were infected. There was a "Finish" button on the screen and since the message said the scan was stopped by owner, I hit the Finish button, thinking it would finish the scan.......wrong move. It then put me on a page trying to sell me the antivirus program. The log information was gone. I'm currently trying to find it again or try and rerun. Sorry for my stupid mistake.

#15 Redfireagate

Redfireagate
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:09:03 AM

Posted 03 August 2011 - 09:45 AM

Hi Mole, this morning I managed to find the original ESET log and have included it below. I'm pretty sure the first time I ran it that it was almost finished, if not finished. As you can see, I downloaded it again and started scanning it again but realized that the original scan must have been still in my computer, so I stopped the second scan and went to bed. Sure enough, this morning I found the log. Thanks for your patience. Sometimes my fingers are faster than my brain!

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=353eea92892e3845a72923e838344efa
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-03 03:44:24
# local_time=2011-08-02 10:44:24 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 21015834 21015834 0 0
# compatibility_mode=5892 16776830 100 56 20337027 148934495 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=223672
# found=8
# cleaned=8
# scan_time=7275
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LLI5N3W\index-functions[1].js Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\AppData\Local\Temp\miaEF81.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\AppData\Local\Temp\miaEF81.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\AppData\Local\Temp\miaEF81.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\AppData\Local\Temp\miaEF81.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\AppData\Local\Temp\miaEF81.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\AppData\Local\Temp\miaEF81.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Linda\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=353eea92892e3845a72923e838344efa
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-03 05:07:50
# local_time=2011-08-03 12:07:50 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 21026275 21026275 0 0
# compatibility_mode=5892 16776830 100 56 20347468 148944936 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114989
# found=0
# cleaned=0
# scan_time=1839
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users