Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing pics, documents, restore points


  • This topic is locked This topic is locked
13 replies to this topic

#1 lmcurry

lmcurry

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 14 April 2012 - 06:04 PM

Recently, after uninstalling a program all of the documents stored on the desktop were deleted. Missing also were photos. Tried system restore, but all restore points have been deleted as well. I checked the event log, and there have been multiple restore points sucessfully created within the last week. Trying in safe mode did not help. Here are the logs that I could get, while running GMER the screen went blank (grey) except for a small box with colored lines inside.

Help would be so grately appreciated!

DS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jason at 18:38:58 on 2012-04-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.106 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\lxblcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uURLSearchHooks: H - No File
uURLSearchHooks: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - c:\program files\mapit\prxtbMapi.dll
mURLSearchHooks: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - c:\program files\mapit\prxtbMapi.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - c:\program files\mapit\prxtbMapi.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Mapit Toolbar: {46a21652-3f93-437d-aac0-caa1f6713da0} - c:\program files\mapit\prxtbMapi.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMSzItWldKNDYtQ1k0WFAtQUU2VVItREczSE8tSVU5MkQ"&"inst=NzctNjU3NDQxNzUzLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtVFVHKzMtRkwxMCsxLUREVCs1NTY1OS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzE"&"prod=90"&"ver=10.0.1416
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: restaronline.com\www
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265389898525
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} - hxxps://www.acsenterprisesystem.com/CAB%20and%20license%20files/SPR32X60.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://blockade-runner.axiscam.net/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1BCF6A10-42D6-441C-A487-DAEAB183BD1A} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{64CCE7FD-EEA7-444B-91B7-D651C08FEB4E} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: Event Agent - CustomEvents.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 21504]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-11 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\temp\f-secure\anti-virus\fsblsrv.exe --> c:\windows\temp\f-secure\anti-virus\fsblsrv.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-11 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-6-13 21504]
S3 vm331avs;FO23FF-58 PC-CAM;c:\windows\system32\drivers\vm331avs.sys [2008-5-7 171264]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-3-19 475136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-14 22:20:50 -------- d-----w- c:\users\jason\appdata\local\{80922DB0-27E6-4594-BE63-3CE56C3920D2}
2012-04-14 18:45:42 -------- d-----w- c:\users\jason\appdata\local\{37E801A2-0761-4C4C-BF32-96CC2C0CB6C8}
2012-04-14 18:23:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 17:29:51 -------- d-----w- c:\users\jason\appdata\local\{D5D5598F-088D-4403-952C-A4247C556FC7}
2012-04-14 17:29:20 -------- d-----w- c:\users\jason\appdata\local\{B3D10F12-B09D-4EEC-9E55-F3DF11B1A35F}
2012-04-14 17:03:28 -------- d-----w- c:\users\jason\appdata\local\{7ACEEE67-AC69-425D-A420-4C64800F9812}
2012-04-14 14:48:11 -------- d-----w- c:\users\jason\Pictures(19)
2012-04-14 14:36:47 -------- d-----w- c:\users\jason\Desktop(17)
2012-04-13 15:11:34 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{83d2debc-b4e8-4967-89d2-df591f463c65}\offreg.dll
2012-04-13 14:53:11 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{83d2debc-b4e8-4967-89d2-df591f463c65}\mpengine.dll
2012-04-12 07:17:37 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:17:36 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 04:00:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-01 14:44:10 -------- d-----w- c:\users\jason\appdata\local\{0E7F551B-6FE2-476A-9BFF-32C0E54B3088}
.
==================== Find3M ====================
.
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:42:48.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 lmcurry

lmcurry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 15 April 2012 - 12:28 PM

Attached File  ark.log   20.37KB   1 downloads
Was able to run GMER all the way through. Please see attached log

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 16 April 2012 - 09:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 lmcurry

lmcurry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 April 2012 - 04:25 PM

Thank you! Here is some more of that info you might need.
After we lost all the info, I downloaded and ran Malwarebytes and I will include that log first. Every scan since came back clean.
I am operating on Vista Home Basic 2007, 32 bit.

Malwarebytes log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jason :: JASON-PC [administrator]

4/14/2012 2:24:29 PM
mbam-log-2012-04-14 (14-24-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187043
Time elapsed: 14 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKCR\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Program Files\Perfect Optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Jason\Local Settings\Temporary Internet Files\Content.IE5\6K08OUH8\SoftonicDownloader_for_freeraser.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

(end)


OTL SCANS:
OTL logfile created on: 4/16/2012 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jason\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 245.07 Mb Available Physical Memory | 27.43% Memory free
2.45 Gb Paging File | 1.12 Gb Available in Paging File | 45.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.82 Gb Total Space | 8.24 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Drive E: | 305.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 16:58:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
PRC - [2011/06/06 12:55:30 | 001,480,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/08/31 21:02:49 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/04/20 13:24:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxblcoms.exe
PRC - [2006/10/20 19:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/06 12:55:28 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe -- (F-Secure BlackLight Sensor)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/20 13:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jason\AppData\Local\Temp\pgloypog.sys -- (pgloypog)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/07 11:15:22 | 000,171,264 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/03/19 08:15:10 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/11/16 22:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMapi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3003485


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jason\Desktop
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\URLSearchHook: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMapi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{0D198A42-4361-499D-AFB3-06FB722AFE72}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{39802F15-C307-4C84-BC6F-5A343F999463}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://findgala.com/?&uid=158&q={searchTerms}
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1606BDCD-9350-4709-A3CC-9D75250B00E9}&mid=ab485f763692b1548639d3169f5ac32a-895cedd22b2ae44daafb3da239d0e0f3ba7edc0e&lang=us&ds=AVG&pr=fr&d=2011-12-10 06:30:28&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3003485
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{E797EF6D-F3B2-46EE-B6B5-5CACEFD66F4D}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Jason\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Jason\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Jason\AppData\Roaming\Move Networks [2009/07/22 00:26:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Mapit Toolbar) - {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMapi.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Mapit Toolbar) - {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMapi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-528111742-2166196405-3664461974-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..Trusted Domains: restaronline.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-528111742-2166196405-3664461974-1000\..Trusted Domains: restaronline.com ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265389898525 (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} https://www.acsenterprisesystem.com/CAB%20and%20license%20files/SPR32X60.cab (FarPoint Spread 6.0)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://blockade-runner.axiscam.net/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BCF6A10-42D6-441C-A487-DAEAB183BD1A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64CCE7FD-EEA7-444B-91B7-D651C08FEB4E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Event Agent: DllName - (CustomEvents.dll) - C:\Windows\System32\CustomEvents.dll ()
O24 - Desktop WallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/03/07 08:33:55 | 000,000,184 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3b5ced46-6105-11dc-81a7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b5ced46-6105-11dc-81a7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2001/02/28 17:14:45 | 000,476,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{3b5ced46-6105-11dc-81a7-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE -- [2001/02/28 17:14:45 | 000,476,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{3b5ced46-6105-11dc-81a7-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE -- [2001/02/28 17:14:45 | 000,476,576 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{62952299-B15D-4091-8EAC-B1357F841D22} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 16:58:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2012/04/15 09:04:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Jasons Stuff
[2012/04/14 19:49:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4523755D-A447-47C1-AABA-F04AC711E2E0}
[2012/04/14 18:56:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8C71C973-FEF6-4260-8CC0-8179EC1A4860}
[2012/04/14 18:38:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jason\Desktop\dds.scr
[2012/04/14 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{80922DB0-27E6-4594-BE63-3CE56C3920D2}
[2012/04/14 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/04/14 15:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2012/04/14 14:45:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{37E801A2-0761-4C4C-BF32-96CC2C0CB6C8}
[2012/04/14 14:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/14 14:23:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/14 13:52:09 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jason\Desktop\unhide.exe
[2012/04/14 13:40:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Clinical
[2012/04/14 13:29:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D5D5598F-088D-4403-952C-A4247C556FC7}
[2012/04/14 13:29:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B3D10F12-B09D-4EEC-9E55-F3DF11B1A35F}
[2012/04/14 13:27:54 | 000,000,000 | R--D | C] -- C:\Users\Jason\Desktop\Pictures
[2012/04/14 13:03:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7ACEEE67-AC69-425D-A420-4C64800F9812}
[2012/04/14 10:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\Pictures(19)
[2012/04/14 10:36:47 | 000,000,000 | R--D | C] -- C:\Users\Jason\Desktop
[2012/04/14 10:36:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop(17)
[2012/04/14 10:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeraser
[2012/04/14 10:12:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Our Pictures
[2012/04/12 03:18:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 03:18:22 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 03:18:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 03:18:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 03:18:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 03:18:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 03:17:37 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/12 03:17:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/01 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{0E7F551B-6FE2-476A-9BFF-32C0E54B3088}
[5 C:\Users\Jason\Desktop\*.tmp files -> C:\Users\Jason\Desktop\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/16 16:58:09 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
[2012/04/16 16:54:34 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 16:54:34 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 18:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 09:05:24 | 000,000,504 | ---- | M] () -- C:\Users\Jason\Desktop\Jasons Stuff - Shortcut.lnk
[2012/04/15 00:32:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 19:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 18:59:32 | 000,653,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/14 18:59:32 | 000,122,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/14 18:40:30 | 000,302,592 | ---- | M] () -- C:\Users\Jason\Desktop\znei7o7q.exe
[2012/04/14 18:38:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jason\Desktop\dds.scr
[2012/04/14 18:37:29 | 000,000,000 | ---- | M] () -- C:\Users\Jason\defogger_reenable
[2012/04/14 18:37:07 | 000,050,477 | ---- | M] () -- C:\Users\Jason\Desktop\Defogger.exe
[2012/04/14 15:08:37 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/04/14 14:23:02 | 000,000,932 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/14 13:52:24 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jason\Desktop\unhide.exe
[2012/04/14 10:05:25 | 000,010,828 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\wklnhst.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/28 16:19:19 | 005,066,395 | ---- | M] () -- C:\Users\Jason\Desktop\DavisDrugs.exe
[5 C:\Users\Jason\Desktop\*.tmp files -> C:\Users\Jason\Desktop\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 09:05:24 | 000,000,504 | ---- | C] () -- C:\Users\Jason\Desktop\Jasons Stuff - Shortcut.lnk
[2012/04/14 18:40:29 | 000,302,592 | ---- | C] () -- C:\Users\Jason\Desktop\znei7o7q.exe
[2012/04/14 18:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Jason\defogger_reenable
[2012/04/14 18:37:00 | 000,050,477 | ---- | C] () -- C:\Users\Jason\Desktop\Defogger.exe
[2012/04/14 15:08:37 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/04/14 15:00:28 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/14 15:00:28 | 000,001,409 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/14 15:00:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/14 15:00:28 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/04/14 15:00:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/14 15:00:28 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/04/14 15:00:28 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/04/14 14:23:02 | 000,000,932 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/28 16:19:17 | 005,066,395 | ---- | C] () -- C:\Users\Jason\Desktop\DavisDrugs.exe
[2012/01/22 12:02:20 | 000,006,656 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 10:21:28 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/04/04 17:39:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/01 16:28:59 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBLhcp.dll
[2011/03/01 16:28:59 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBLinst.dll
[2011/03/01 16:28:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxblpmui.dll
[2011/03/01 16:28:56 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxblhbn3.dll
[2010/09/15 19:12:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 20:57:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 20:57:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:26FE5B17

< End of report >



OTL Extras logfile created on: 4/16/2012 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jason\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.32 Mb Total Physical Memory | 245.07 Mb Available Physical Memory | 27.43% Memory free
2.45 Gb Paging File | 1.12 Gb Available in Paging File | 45.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 45.82 Gb Total Space | 8.24 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Drive E: | 305.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16D638B8-FCFB-490A-99AE-718F17C05EF2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{32A6F1B7-4767-43D8-AB8A-E4267F1653C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A711587-EB94-47EB-AE8B-B172D8F6996F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D558D04-6E50-4111-A841-FA22D132A1E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{413436B0-70C0-422B-A404-EE657C75EFD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52D67D7C-830B-4F03-A1FF-3DD2803120E8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{67D2CBC8-8B2E-49B3-91FC-453B9368D0DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{773934DF-6287-4744-9493-6AE58251E37E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3C423D9-ED06-4330-832A-E43D18B90F4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA983679-4E50-4B26-A4A8-AD71A6D6E1F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6FDD03A-C580-40FE-9780-805D56198361}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8C2396B-8AF4-41DC-9568-6170585DF0BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBB9EC51-4326-4E50-BF74-13CD95E5A51B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0168AFA5-3797-442A-8760-44C271F3E85B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{266B9016-31F9-46C4-87F2-D072ADE1E3FF}" = protocol=6 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{2723119F-0D24-4634-9BBA-551A98A750B1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{29BC0060-26CF-46F8-AD05-A20AED6A62BA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxblpswx.exe |
"{2D23715E-9820-453C-B9B0-A0C904F20A0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E370E37-D31A-4500-9021-F02EFC916AE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{31F178B3-9965-4DB3-9608-F6D8A50DF355}" = protocol=17 | dir=in | app=c:\windows\system32\event agent\lite.exe |
"{3517E267-C101-49A8-AF65-BFAF1A2222A7}" = protocol=17 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{39D78554-7A78-40D1-9EB1-E3D91FC75C1F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3BFB50EB-6FED-4BF3-93F2-65BEF6B3A8A4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4293E8A8-0937-43D7-89AD-135A47BED64D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{578B6488-526C-4E2C-92E3-CE22CECC30F0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{58F85F41-3054-4A31-BC65-3A88FE9F36D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D9AFF4F-8F86-4E94-9222-446181BD4944}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6207D427-15EB-462D-8010-DDFEBF5B8300}" = protocol=6 | dir=in | app=c:\windows\system32\event agent\lite.exe |
"{697A0DD2-FFB0-4C7A-A65C-312F0EA8B641}" = protocol=6 | dir=out | app=system |
"{6F1136F0-825F-410B-A560-EE51938ABC13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DAA1C1B-6453-4445-AC2A-521B93E9E76D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B6C71EA-FFA8-4F89-89B7-BB1FC55C12A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A083D2C7-49AF-4667-A7EB-93465051C032}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A44EACE5-186F-4BA2-ADB3-B101DC48F8DD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BE10CEA2-2BE5-46E2-B370-CC139084A4C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC554579-0CE7-4774-A4AF-9241BFC2523B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxblpswx.exe |
"{ED3BFC65-E3A3-49EC-BAEF-FB5083E869FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5DC5E8A-656F-460A-B3AA-7846DF9514AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2A235B22-DD21-48B0-B03B-167D4E24282A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{06122DB3-D7C0-47F0-8801-6F23B9CD1234}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = FO23FF-58 PC-CAM
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digital Editions" = Adobe Digital Editions
"Drug Dosages" = Calculating Drug Dosages 2e
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mapit Toolbar" = Mapit Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Monopoly" = Monopoly (remove only)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Recuva" = Recuva
"Search Toolbar" = Search Toolbar
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-528111742-2166196405-3664461974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2012 5:37:44 PM | Computer Name = Jason-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/14/2012 7:13:51 PM | Computer Name = Jason-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/14/2012 7:17:06 PM | Computer Name = Jason-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/14/2012 7:19:46 PM | Computer Name = Jason-PC | Source = Perflib | ID = 1008
Description =

Error - 4/14/2012 7:19:47 PM | Computer Name = Jason-PC | Source = Perflib | ID = 1010
Description =

Error - 4/14/2012 7:19:49 PM | Computer Name = Jason-PC | Source = PerfNet | ID = 2004
Description =

Error - 4/14/2012 7:19:49 PM | Computer Name = Jason-PC | Source = PerfNet | ID = 2002
Description =

Error - 4/14/2012 7:44:38 PM | Computer Name = Jason-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/15/2012 8:57:43 AM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a48 Start Time: 01cd1a98f39b71f5 Termination Time: 422

Error - 4/15/2012 9:19:10 AM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program lxblpswx.exe version 2.70.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 50c Start Time: 01cd1b09b5cd3643 Termination Time: 20

[ System Events ]
Error - 4/14/2012 7:17:23 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/14/2012 7:17:42 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/14/2012 7:17:49 PM | Computer Name = Jason-PC | Source = DCOM | ID = 10005
Description =

Error - 4/14/2012 7:17:57 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/14/2012 7:44:28 PM | Computer Name = Jason-PC | Source = DCOM | ID = 10005
Description =

Error - 4/14/2012 7:44:38 PM | Computer Name = Jason-PC | Source = DCOM | ID = 10005
Description =

Error - 4/14/2012 7:44:47 PM | Computer Name = Jason-PC | Source = DCOM | ID = 10005
Description =

Error - 4/14/2012 7:45:05 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/14/2012 7:45:05 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/15/2012 9:18:47 AM | Computer Name = Jason-PC | Source = Print | ID = 6161
Description = The document Microsoft Word - Jason Review.doc, owned by Jason, failed
to print on printer Lexmark Z700-P700 Series. Try to print the document again,
or restart the print spooler. Data type: LEMF. Size of the spool file in bytes:
4633666. Number of bytes printed: 4633666. Total number of pages in the document:
3. Number of pages printed: 0. Client computer: \\JASON-PC. Win32 error code returned
by the print processor: 0. The operation completed successfully.


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 16 April 2012 - 07:33 PM

Hi,

the log is looking good. There's one file I can't identify. Do you know this file: C:\Windows\System32\CustomEvents.dll

If not please upload it to www.virustotal.com and post the link to the analysis back here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 lmcurry

lmcurry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 April 2012 - 07:41 PM

Thank you Myrti!

I don't know what that was, here is the analysis:


SHA256:

69edaa6300bcd19c29505cdcf41d814f276ed44dc8d94206f26ca85cb720f36f





















File name:

CustomEvents.dll









Detection ratio:

0 / 42



Analysis date:

2012-04-17 00:38:58 UTC ( 0 minutes ago )







0



0


More details





Antivirus

Result

Update




AhnLab-V3

-

20120416



AntiVir

-

20120416



Antiy-AVL

-

20120416



Avast

-

20120417



AVG

-

20120417



BitDefender

-

20120417



ByteHero

-

20120411



CAT-QuickHeal

-

20120416



ClamAV

-

20120416



Commtouch

-

20120416



Comodo

-

20120417



DrWeb

-

20120417



Emsisoft

-

20120417



eSafe

-

20120415



eTrust-Vet

-

20120417



F-Prot

-

20120416



F-Secure

-

20120417



Fortinet

-

20120416



GData

-

20120417



Ikarus

-

20120416



Jiangmin

-

20120416



K7AntiVirus

-

20120416



Kaspersky

-

20120417



McAfee

-

20120416



McAfee-GW-Edition

-

20120416



Microsoft

-

20120416



NOD32

-

20120417



Norman

-

20120416



nProtect

-

20120416



Panda

-

20120416



PCTools

-

20120417



Prevx

-

20120417



Rising

-

20120416



Sophos

-

20120417



SUPERAntiSpyware

-

20120402



Symantec

-

20120416



TheHacker

-

20120416



TrendMicro

-

20120416



TrendMicro-HouseCall

-

20120417



VBA32

-

20120416



VIPRE

-

20120416



ViRobot

-

20120416





ssdeep
768:6/+ktXcN0BgZFhBced6ozhfYSJUQHaEpsBp8:ehXcNVPZnzaSJ9H5psBK



TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)




PEiD packer identifier
Armadillo v1.xx - v2.xx



ExifTool
CodeSize.................: 20480
SubsystemVersion.........: 4.0
InitializedDataSize......: 32768
ImageVersion.............: 0.0
ProductName..............: CustomEvents Dynamic Link Library
FileVersionNumber........: 1.0.0.1
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 6.0
OriginalFilename.........: CustomEvents.DLL
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1, 0, 0, 1
TimeStamp................: 2007:09:25 05:27:36+02:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: CustomEvents
ProductVersion...........: 1, 0, 0, 1
FileDescription..........: CustomEvents DLL
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: Copyright © 2007
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............:
LegalTrademarks..........:
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.1
EntryPoint...............: 0x52fb
ObjectFileType...........: Dynamic link library




Sigcheck
publisher................:
product..................: CustomEvents Dynamic Link Library
internal name............: CustomEvents
copyright................: Copyright © 2007
original name............: CustomEvents.DLL
file version.............: 1, 0, 0, 1
description..............: CustomEvents DLL




Portable Executable structural information
Compilation timedatestamp.....: 2007-09-25 03:27:36
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x000052FB

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 20406 20480 6.14 1e5742c8dc798c413a200ea41b0ff745
.rdata 24576 6025 8192 3.34 25eba1047177348b72dd086b78e4ca3c
.data 32768 10252 8192 4.02 ac3718b89c2751d8078c87c15b641375
.rsrc 45056 896 4096 0.92 8c3591ce253158e0e675ba6069e0081d
.reloc 49152 7592 8192 2.28 2c22d6188298d58058eeb818743d3147

PE Imports....................:

ADVAPI32.dll
RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegisterEventSourceA, DeregisterEventSource, ReportEventA

MFC42.DLL
-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

KERNEL32.dll
WriteConsoleA, FreeConsole, ReadConsoleA, AllocConsole, GetStdHandle, ReleaseMutex, WaitForSingleObject, CreateMutexA, OpenMutexA, GetCommandLineA, ExitProcess, GetLastError, LocalFree, lstrlenA, Sleep, LocalAlloc

MSVCRT.dll
__CxxFrameHandler, fopen, fflush, fprintf, localtime, time, fclose, atol, atoi, _mbscmp, _ftime, __1type_info@@UAE@XZ, _adjust_fdiv, malloc, _initterm, free, _onexit, __dllonexit, tolower, toupper

USER32.dll
PostMessageA


PE Exports....................:

P, r, o, c, e, s, s, D, i, s, c, o, n, n, e, c, t, ,, , P, r, o, c, e, s, s, L, o, g, o, f, f, ,, , P, r, o, c, e, s, s, L, o, g, o, n, ,, , P, r, o, c, e, s, s, R, e, c, o, n, n, e, c, t, ,, , P, r, o, c, e, s, s, S, h, u, t, d, o, w, n



First seen by VirusTotal
2009-03-25 13:16:35 UTC ( 3 years ago )



Last seen by VirusTotal
2012-04-17 00:38:58 UTC ( 1 minute ago )



File names (max. 25)
1. CUSTOMEVENTS.DLL
2. CustomEvents.dll
3. 569738B8425CCADF1EE3D2A524C9BE84

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 16 April 2012 - 07:44 PM

Hi,

that program you uninstalled was it a normal program or was it malware of some type?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 lmcurry

lmcurry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 April 2012 - 07:47 PM

My husband downloaded "freeraser" when he didn't see the recycling bin on the desktop.... says he didn't use it, because after it downloaded and the icon was there he found the recycle bin and promptly uninstalled "freeraser". He said within seconds it was deleting files, and then he had a nearly blank desktop (a few programs were left). 2 restore points around noon, then I created another one around 2pm. By 3pm, the only restore point was the one I had created, and I couldn't find any of the other ones.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 16 April 2012 - 08:02 PM

Hi,

did you check if the files are in your wastebin?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 lmcurry

lmcurry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 April 2012 - 08:04 PM

I did.... unfortunately they weren't there. I have tried unhiding all the files on the computer and still no dice :(

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 16 April 2012 - 08:12 PM

Hi,

I think the files are gone then. Have you used the PC a lot recently? If not, it is possible that programs such as Recuva will be able to see and retrieve the deleted files: http://www.piriform.com/recuva

Have you checked if the disk has more free space now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 lmcurry

lmcurry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 16 April 2012 - 08:19 PM

I'm quite relieved to know that they are most likely just gone then. SOme of the files had personal finanical info and I was really worried about a virus. We have been using the computer lots lately, and I have actually tried Recuva without much luck. The files it does retrieve I am unable to open in word processor in English. Oh well. The computer is saying that more free space is available.

Thank you for all of your assistance!

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 16 April 2012 - 08:22 PM

Hi,

sorry for the bad news. Looking at the customer reviews of freeraser on softonic you do not seem to be the only ones with that experience: http://freeraser.en.softonic.com/comments Maybe if you contact the company directly, they will know how to help.

There are some other programs you could try to recover your data, but the longer the PC is actually running the more likely it is that the place where your file used to be stored is being overwritten with new data. So I wouldn't have high hopes of recovering anything.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:43 PM

Posted 25 April 2012 - 03:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users