Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

TFC (Temp File Cleaner) & Trojan-BNK.Win32.Keylogger.gen [Closed]


  • This topic is locked This topic is locked

#1
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
I have been having a problem with my PC for about a week now. Normally when trying to open a application or use the internet (primarily Mozilla but also on IE)my PC acts as it has been hijacked and will attempt to close down open browsers or wont allow programs to open unless I right-click and select "open". Then main alert that keeps popping up is "Trojan-BNK.Win32.Keylogger.gen" it states that my PC is infected and I need to purchase Antispyware 2010.

I have ran scans with Norton 360, Ad-Aware, & Spybot Search, all that were already on my PC before I was originally infected with this problem. I attempted to remedy this problem by using your "Malware and Spyware Cleaning Guide". The first thing I did was download and run the "TFC". It ran and removed some files but when it rebooted and I tried to download "ERUNT, Malwarebytes Anti-Malware, etc" it processes the download but when I go to actually run or install it asks what program to use to open the file. I noticed it is doing this with any file type ".exe". I dont know where to go from here, I tried to restore using a previously created store point but did nothing for the issue. PLEASE HELP! Thank you in advance.
  • 0

Advertisement


#2
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello mrjhov79 !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Virus, Spyware and Trojan Removal..
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Step 1.
RKill:

Please download RKill.com to your desktop
Double click the programme to run it
Please be patient while the program looks for various malware programs and ends them.
When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by rogue malware when it terminates programs that may potentially remove it.
If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate


Step 2.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath Extra Registry option change it to Use SafeList.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.
GMER-scan:

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Step 4.
Things I would like to see in your reply:

  • The content of OTL.txt and Extras.txt from step 2.
  • The content of GMER.txt from step 3.

  • 0

#3
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
Ok, i made it through Step 1 just fine and also Step 2, however, when processing Step 3 "GMER Rootkit Scanner" during the scan the computer screen will turn blue and have a page long error message. The screen disappears and the computer shutsdown before I can read the entire message. I will paste the OTl.txt and Extras.txt below. Please let me know what to do next. Thanks

OTL logfile created on: 3/9/2010 1:07:13 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Users\Michaelene\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 337.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.22 Gb Total Space | 0.31 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.17 Gb Free Space | 29.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QUINN-PC
Current User Name: Michaelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 13:02:27 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Michaelene\Desktop\OTL.exe
PRC - [2010/03/08 04:33:39 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/12/28 11:01:24 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/12/28 04:09:52 | 000,640,760 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2009/04/11 01:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/12/09 17:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 13:02:27 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Michaelene\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Auto | Stopped] -- -- (ASKService)
SRV - [2010/03/08 04:33:39 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/28 11:01:24 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/02/06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/09 17:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/18 15:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/29 16:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/04 03:41:20 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100309.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/04 03:41:20 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100309.009\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/10 03:47:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/10 03:47:26 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/28 11:01:41 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/28 11:01:26 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/12/28 11:01:26 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/28 11:01:26 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/28 11:01:26 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/12/28 11:01:26 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/12/28 11:01:26 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/12/28 11:01:26 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/12/28 11:01:26 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/12/28 11:01:25 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/12/28 04:10:00 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/28 17:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100305.002\IDSvix86.sys -- (IDSVix86)
DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/07 15:33:08 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/03/15 05:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/17 12:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/21 15:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/18 13:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 13:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 13:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 13:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 13:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/09/19 19:11:48 | 001,959,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/04 22:54:00 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/07/15 19:20:00 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/07/15 19:20:00 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T3642

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T3642
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.7.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/08 17:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 21:38:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 21:38:45 | 000,000,000 | ---D | M]

[2008/09/11 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\mozilla\Extensions
[2010/03/08 03:49:18 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions
[2009/09/03 05:08:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 12:18:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/07 03:26:22 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/10/03 11:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/02/18 12:17:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/02 23:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/27 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\FFToolbar@upromise
[2010/02/28 00:12:35 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\mozilla\Firefox\Profiles\sv361q0q.default\extensions\firebug@software.joehewitt.com
[2009/12/21 17:38:06 | 000,001,610 | ---- | M] () -- C:\Users\Michaelene\AppData\Roaming\Mozilla\FireFox\Profiles\sv361q0q.default\searchplugins\web-search.xml
[2010/03/08 17:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/11 00:35:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2008/07/15 13:14:48 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2009/12/28 11:16:09 | 000,370,072 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12785 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [userinit] C:\Users\Michaelene\AppData\Roaming\sdra64.exe ()
O4 - Startup: C:\Users\Michaelene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vuze.lnk = C:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: select2perform.com ([support] http in Trusted sites)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.66.209 68.87.64.227
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michaelene\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michaelene\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{552437c2-06cd-11dd-ac14-001c256eae3b}\Shell - "" = AutoRun
O33 - MountPoints2\{552437c2-06cd-11dd-ac14-001c256eae3b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/05 02:28:59 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/03/09 13:02:03 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\Michaelene\Desktop\OTL.exe
[2010/03/07 12:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32.Trojan.Keylogger Removal Tool[1]
[2010/03/04 17:33:24 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/03/04 17:33:19 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/03/03 08:48:42 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/02/27 04:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Michaelene\AppData\Roaming\lowsec
[2010/02/24 15:06:04 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 15:05:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 15:03:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 15:03:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 15:03:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 15:03:21 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 15:03:21 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 15:03:21 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 15:03:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 15:03:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 15:03:20 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 15:03:12 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 15:03:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 15:03:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/24 14:41:53 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/24 14:41:53 | 000,000,000 | -HSD | C] -- \found.000
[2010/02/20 20:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/02/20 20:00:29 | 000,076,184 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atsckernel.exe
[2010/02/20 20:00:26 | 000,020,376 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
[2010/02/20 20:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
[2010/02/20 19:26:01 | 000,000,000 | ---D | C] -- C:\Users\Michaelene\{72f84f4d-735a-4ea0-86ef-e848833b6ca6}
[2010/02/20 19:23:16 | 000,026,416 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\purendis.sys
[2010/02/20 19:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/02/20 19:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2010/02/12 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Michaelene\Documents\CINS 113
[2010/02/11 21:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/11 19:24:45 | 000,000,000 | --SD | C] -- C:\Users\Michaelene\Documents\My Shapes
[2010/02/10 22:37:26 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/10 22:37:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/10 22:37:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/02/10 22:37:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/02/10 22:37:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/10 22:37:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/10 22:37:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/02/10 22:37:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/02/10 22:37:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/10 22:37:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/02/10 22:37:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/02/10 22:37:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/02/10 22:37:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/02/10 22:37:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/10 22:31:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 22:31:46 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 22:31:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 22:31:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 21:49:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/02/10 21:49:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/02/10 18:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/03 23:54:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Michaelene\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/03/09 13:12:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/09 13:12:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/09 13:07:24 | 006,815,744 | -HS- | M] () -- C:\Users\Michaelene\ntuser.dat
[2010/03/09 13:02:27 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Michaelene\Desktop\OTL.exe
[2010/03/09 12:19:19 | 001,970,086 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/03/08 17:15:04 | 000,035,370 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/08 17:15:04 | 000,035,370 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/08 17:11:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/08 17:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/08 17:11:41 | 936,988,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/08 17:00:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/08 17:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Michaelene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/08 17:00:05 | 000,065,536 | -HS- | M] () -- C:\Users\Michaelene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/08 16:59:57 | 004,395,153 | -H-- | M] () -- C:\Users\Michaelene\AppData\Local\IconCache.db
[2010/03/08 13:56:09 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/03/08 13:50:47 | 000,009,720 | -HS- | M] () -- C:\Users\Michaelene\AppData\Local\Nd4uB3I0oF
[2010/03/08 04:39:09 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/08 03:55:52 | 000,000,671 | ---- | M] () -- C:\Users\Michaelene\AppData\Roaming\vso_ts_preview.xml
[2010/03/05 16:47:59 | 000,220,160 | ---- | M] () -- C:\Users\Michaelene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 13:56:58 | 000,000,982 | -HS- | M] () -- C:\Users\Michaelene\AppData\Local\04lB
[2010/03/03 19:41:54 | 000,010,046 | -HS- | M] () -- C:\Users\Michaelene\AppData\Local\d3KSy4nSLAL
[2010/03/03 08:25:56 | 000,010,632 | -HS- | M] () -- C:\Users\Michaelene\AppData\Local\OFxpHxrn768uh
[2010/03/01 22:21:42 | 001,971,810 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat(166).DB
[2010/02/25 08:58:59 | 000,102,424 | ---- | M] () -- C:\Users\Michaelene\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 03:33:26 | 000,385,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/20 20:00:03 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/02/19 23:06:17 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/11 21:41:07 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/02/11 17:33:30 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/02/10 19:17:21 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360 Premier Edition.lnk
[2010/02/10 18:43:54 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/10 16:20:13 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isolate.ini

========== Files Created - No Company Name ==========

[2010/03/09 12:57:01 | 000,000,435 | ---- | C] () -- \rkill.log
[2010/03/07 06:16:27 | 000,009,720 | -HS- | C] () -- C:\Users\Michaelene\AppData\Local\Nd4uB3I0oF
[2010/03/04 13:56:58 | 000,000,982 | -HS- | C] () -- C:\Users\Michaelene\AppData\Local\04lB
[2010/03/03 18:28:28 | 000,010,046 | -HS- | C] () -- C:\Users\Michaelene\AppData\Local\d3KSy4nSLAL
[2010/03/02 20:24:03 | 000,010,632 | -HS- | C] () -- C:\Users\Michaelene\AppData\Local\OFxpHxrn768uh
[2010/02/20 20:00:02 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/02/11 17:33:30 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/10 18:43:54 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/07 01:07:41 | 936,988,672 | -HS- | C] () --
[2009/12/28 11:13:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/28 10:36:59 | 000,028,890 | ---- | C] () -- \ComboFix.txt
[2009/12/28 08:00:43 | 000,015,412 | ---- | C] () -- \aaw7boot.log
[2009/12/28 03:16:49 | 000,000,251 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/23 05:04:48 | 1252,859,904 | -HS- | C] () --
[2009/12/23 04:49:04 | 000,000,671 | ---- | C] () -- C:\Windows\System32\krl32mainweq.dll
[2009/11/12 03:15:42 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/09/11 01:11:07 | 000,192,512 | R--- | C] () -- C:\Users\Michaelene\AppData\Roaming\sdra64.exe
[2009/09/11 01:10:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/29 19:49:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/27 00:58:20 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/07/08 20:49:00 | 000,000,680 | ---- | C] () -- C:\Users\Michaelene\AppData\Local\d3d9caps.dat
[2009/04/07 17:40:43 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/07 17:40:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/06 08:55:16 | 000,000,174 | ---- | C] () -- C:\Users\Michaelene\AppData\Roaming\default.rss
[2009/04/04 00:01:31 | 000,000,671 | ---- | C] () -- C:\Users\Michaelene\AppData\Roaming\vso_ts_preview.xml
[2009/04/03 23:56:47 | 000,000,034 | ---- | C] () -- C:\Users\Michaelene\AppData\Roaming\pcouffin.log
[2009/04/03 23:54:54 | 000,087,608 | ---- | C] () -- C:\Users\Michaelene\AppData\Roaming\inst.exe
[2009/04/03 23:54:54 | 000,007,887 | ---- | C] () -- C:\Users\Michaelene\AppData\Roaming\pcouffin.cat
[2009/04/03 23:54:54 | 000,001,144 | ---- | C] () -- C:\Users\Michaelene\AppData\Roaming\pcouffin.inf
[2008/06/25 22:21:06 | 000,001,875 | ---- | C] () -- \Wordpad.lnk
[2008/06/25 22:18:39 | 000,001,875 | ---- | C] () -- C:\Program Files\Wordpad (2).lnk
[2008/06/19 23:15:16 | 000,000,150 | ---- | C] () -- \YServer.txt
[2008/04/06 09:42:55 | 000,220,160 | ---- | C] () -- C:\Users\Michaelene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/03 09:17:47 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/03/03 09:17:47 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2007/11/17 20:35:08 | 000,000,163 | ---- | C] () -- \power2go.log
[2007/11/17 20:22:44 | 000,000,426 | ---- | C] () -- \RHDSetup.log
[2007/09/05 11:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/07 14:24:36 | 000,241,664 | ---- | C] () -- \EMicon.dll
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006/06/11 19:36:06 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/06/11 19:36:03 | 000,333,257 | RHS- | C] () -- \bootmgr
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008/05/03 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Adobe
[2009/09/09 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Apple Computer
[2009/09/13 00:04:27 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Arcsoft
[2010/03/08 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Azureus
[2009/04/03 00:33:03 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Google
[2008/04/06 07:40:07 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Identities
[2009/09/12 00:18:54 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\KodakCredentialStore
[2009/03/26 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\LimeWire
[2010/03/08 10:36:05 | 000,000,000 | -HSD | M] -- C:\Users\Michaelene\AppData\Roaming\lowsec
[2009/04/07 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Macromedia
[2009/12/28 01:11:56 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Media Center Programs
[2010/02/11 20:39:29 | 000,000,000 | --SD | M] -- C:\Users\Michaelene\AppData\Roaming\Microsoft
[2009/09/08 11:37:20 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Mozilla
[2008/06/20 06:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\MySpace
[2009/07/30 03:12:35 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Nero
[2008/11/12 17:13:21 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\PlayFirst
[2008/04/06 09:49:52 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\SampleView
[2009/09/12 00:15:30 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Skinux
[2009/10/17 01:03:30 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Spare Backup
[2008/04/06 07:40:46 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Symantec
[2008/04/06 07:42:32 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Talkback
[2009/09/22 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\The Creative Assembly
[2009/12/23 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Tific
[2010/02/11 21:45:26 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\TuneUpMedia
[2010/03/08 03:55:49 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Vso
[2009/04/05 18:50:28 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\WildTangent
[2009/04/03 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\WinRAR
[2009/08/18 12:56:04 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >
[2009/04/03 23:54:54 | 000,087,608 | ---- | M] () -- C:\Users\Michaelene\AppData\Roaming\inst.exe
[2009/04/11 01:27:49 | 000,192,512 | R--- | M] () -- C:\Users\Michaelene\AppData\Roaming\sdra64.exe
[2009/09/23 10:02:49 | 010,686,001 | ---- | M] () -- C:\Users\Michaelene\AppData\Roaming\Azureus\plugins\azump\mplayer.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/05 21:16:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/04/05 21:16:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/04/05 21:16:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys
[2007/07/02 19:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DRVSTORE\nvstor32_9DEEA08DA0CC2F5DE659D6A5B88D40D5EF3A3CF9\nvstor32.sys
[2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:EE7ED0A9B1D0B41C
@Alternate Data Stream - 24 bytes -> \Windows:EE7ED0A9B1D0B41C
< End of report >

OTL Extras logfile created on: 3/9/2010 1:07:13 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Users\Michaelene\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 337.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.22 Gb Total Space | 0.31 Gb Free Space | 0.14% Space Free | Partition Type: NTFS
Drive D: | 10.66 Gb Total Space | 3.17 Gb Free Space | 29.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QUINN-PC
Current User Name: Michaelene
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056E3CBF-08D3-4E40-9E54-B46A2EF396B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{096217E9-2DD3-420B-97EA-924C2375EF2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21F7FCDF-AA4D-42B7-A316-3E63FF7EBF97}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2816A200-1038-4558-804D-2CC09851ABD8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49B386A7-C234-4C85-ABC9-69BA8DDCED5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D2D7301-66B4-48F6-BE72-08C74BB64F1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{550AE216-49EF-48DC-87B1-C4D2CBF033BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73BCE722-BDDF-4FA7-888B-8FA531A6B835}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F032BC2-BE9C-4243-9CB9-DC72B53547EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FAC45DC-7763-4BFD-98B8-8BBB7262545B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EAB901F-226B-4CE5-83FF-F9E8F7113E61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{93E9F91A-690B-4322-91B7-1EE316770BEC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1A58081-428A-4ED9-8BD2-D458DF2280AB}" = lport=445 | protocol=6 | dir=in | app=system |
"{C6756670-AC67-457F-A1E2-5EC4FECAF2A8}" = rport=138 | protocol=17 | dir=out | app=system |
"{C7F23B94-25F3-4DDE-A41E-C484F7E7ACE4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFBA1454-7033-4788-8108-92F7D263E946}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6FA7667-4FFC-4281-9CA5-4DF87A74772B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D80536BD-5E81-42A6-BC6D-EF42497532CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBB7037C-6351-4452-8815-CB5B3B4094F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE0F6FF8-7E8F-4324-B64F-B650DE5E75E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08192495-33E2-4AC1-B358-C7E099603C9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09AD19C5-14F9-485E-8DA3-75C56C010CEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13A348B2-E45E-485B-8B57-7871EC084DE2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1F61F3D3-2A40-4D3E-B88A-978687F4DD44}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{21F18508-8592-4349-A904-18EDE79A5BD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23B20224-BB47-491D-A012-CE0C12501256}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{244C6941-F1D5-4B19-9AF8-1FEEA98A1C24}" = protocol=6 | dir=in | app=c:\program files\common files\blizzard entertainment\world of warcraft\uninstall.exe |
"{2A4F8021-B82D-4440-A7C1-4094ACC9730D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C3161BB-61C1-447B-AA2A-84E0ECEA2E00}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{338EED0C-D5ED-4C2E-94AE-DB3F30B45FF7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{37016B01-ECA6-4B85-B12A-E9930A552FAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A6B50AE-0D17-4BAA-8A41-F2EC1E9FAACC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{447D1656-6CD5-4C20-A398-DE096B13A983}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53418250-000C-413C-AC7A-D2FC9DF9F52D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53AD9A65-A586-4DF7-A976-0E0E63B29CC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6586132C-D0B8-4E1E-9DCA-50BC78F53A8C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{67C602F4-F259-411F-9275-D00379550266}" = protocol=17 | dir=in | app=c:\program files\common files\blizzard entertainment\world of warcraft\uninstall.exe |
"{6EE366DB-5DA4-4D32-BF8F-3470BB098C60}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{751C00CE-E16E-4FA5-AC06-8399CB8A0EAC}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{80933014-9B8A-4E04-B691-8DC6085B0AB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A2F510B-33DF-4BC5-8B82-1D45E5DD88DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8AEE5D7A-54E1-4BFE-8D4F-40E92FA8DDC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B5802BB-C371-4F56-BDC3-626BAF8E360A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8C020953-300D-49D1-A427-33F7B44A3010}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{964A0765-75DE-4DB9-B1F9-034FC9F0CE31}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{98C001F0-8BF9-4DA9-BA86-5D08EE2CA286}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{9AE171DB-00DC-45F8-8230-3267EB46E824}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9C179FEB-5247-4B0E-83A6-08D161FAF8D7}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{A1EC398F-69D3-4355-A349-495CCF3DEBEA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A7FF54E3-1698-4118-87A9-3878BB9E9016}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEC37177-D170-420B-8E81-F949946FD034}" = protocol=17 | dir=in | app=c:\users\michaelene\appdata\local\temp\7zsabdb.tmp\symnrt.exe |
"{BE0C7E8C-9E83-44EF-AAFA-5F9673F12ACA}" = protocol=6 | dir=in | app=c:\users\michaelene\appdata\local\temp\7zse81.tmp\symnrt.exe |
"{BF2AD84B-2641-41C1-B660-60273B7C3A2C}" = protocol=6 | dir=in | app=c:\users\michaelene\appdata\local\temp\7zsabdb.tmp\symnrt.exe |
"{C696FB2F-0C8E-4959-A825-3A5547373355}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{CEF904FD-5B79-43A5-A7F4-329811E4A0DF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{CF083787-25DD-483D-A9A1-E7818B77B046}" = protocol=6 | dir=out | app=system |
"{E0B2D41C-BE04-4B60-B53C-3D68CD509050}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBF2FC46-E271-46E7-ADD7-CE6AC193453A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED13BE01-B818-4163-8878-731D26772572}" = protocol=17 | dir=in | app=c:\users\michaelene\appdata\local\temp\7zse81.tmp\symnrt.exe |
"{F1D0A0BD-16B7-4159-AFF9-050EF5CF8CF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5FF4878-CF6C-4CE7-AC10-BCA612B7B14D}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{FEC489BC-2E6F-4338-8406-E7460260B5A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{05A87408-1FC5-48CD-99ED-16451FDA0373}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{3F8A571D-BC38-4A69-B5F6-52F7BE8DB09D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5A6AB3A1-C3CB-482A-9EE4-1C1D9378250A}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{826A4F20-993F-4A29-A91F-21689384E92F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8E22D77E-CF85-4A7C-86C2-F08368D38EFE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{EE39EBD6-99F4-4026-9200-F6E18B273FB5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5500
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{E01AE623-07FB-4E38-8CCA-8E10B86BE851}" = Rome - Total War
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"8461-7759-5462-8226" = Vuze
"Academy of Magic" = GameHouse Games Collection: Academy of Magic
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adventure Inlay" = GameHouse Games Collection: Adventure Inlay
"Adventure Inlay - Safari Edition" = GameHouse Games Collection: Adventure Inlay - Safari Edition
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Air Strike 3D" = GameHouse Games Collection: Air Strike 3D
"Alien Sky" = GameHouse Games Collection: Alien Sky
"Aloha Solitaire" = GameHouse Games Collection: Aloha Solitaire
"Aloha TriPeaks" = GameHouse Games Collection: Aloha TriPeaks
"Ancient Tri-Jong" = GameHouse Games Collection: Ancient Tri-Jong
"Ancient Tripeaks" = GameHouse Games Collection: Ancient Tripeaks
"Ask Toolbar_is1" = Vuze Toolbar
"Astrobatics" = GameHouse Games Collection: Astrobatics
"Atlantis" = GameHouse Games Collection: Atlantis
"Atomaders" = GameHouse Games Collection: Atomaders
"Bejeweled 2" = GameHouse Games Collection: Bejeweled 2
"Bewitched" = GameHouse Games Collection: Bewitched
"Big Kahuna Reef" = GameHouse Games Collection: Big Kahuna Reef
"Boggle Supreme" = GameHouse Games Collection: Boggle Supreme
"Bounce Out Blitz" = GameHouse Games Collection: Bounce Out Blitz
"Casino Island To Go" = GameHouse Games Collection: Casino Island To Go
"Catz" = Catz (remove only)
"Chainz" = GameHouse Games Collection: Chainz
"Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked
"Charm Solitaire" = GameHouse Games Collection: Charm Solitaire
"Charm Tale" = GameHouse Games Collection: Charm Tale
"Chicktionary" = GameHouse Games Collection: Chicktionary
"Chuzzle Deluxe" = GameHouse Games Collection: Chuzzle Deluxe
"CloneDVD2" = CloneDVD2
"Collapse! Crunch" = GameHouse Games Collection: Collapse! Crunch
"Combo Chaos!" = GameHouse Games Collection: Combo Chaos!
"Crystal Path" = GameHouse Games Collection: Crystal Path
"Cubis Gold 2" = GameHouse Games Collection: Cubis Gold 2
"Digby's Donuts" = GameHouse Games Collection: Digby's Donuts
"Diner Dash" = GameHouse Games Collection: Diner Dash
"Diner Dash - Flo on the Go" = Diner Dash - Flo on the Go
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Feeding Frenzy" = GameHouse Games Collection: Feeding Frenzy
"Fiber Twig" = GameHouse Games Collection: Fiber Twig
"Five Card Deluxe" = GameHouse Games Collection: Five Card Deluxe
"Flip Words" = GameHouse Games Collection: Flip Words
"Flying Leo" = GameHouse Games Collection: Flying Leo
"Fortune Tiles Gold" = GameHouse Games Collection: Fortune Tiles Gold
"Fresco Wizard" = GameHouse Games Collection: Fresco Wizard
"GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku
"Gearz" = GameHouse Games Collection: Gearz
"Gutterball" = GameHouse Games Collection: Gutterball
"Gutterball 2" = GameHouse Games Collection: Gutterball 2
"Hamsterball" = GameHouse Games Collection: Hamsterball
"Hello!" = GameHouse Games Collection: Hello!
"Holiday Express" = GameHouse Games Collection: Holiday Express
"Iggle Pop!" = GameHouse Games Collection: Iggle Pop!
"Incadia" = GameHouse Games Collection: Incadia
"Incredible Ink" = GameHouse Games Collection: Incredible Ink
"Insaniquarium Deluxe" = GameHouse Games Collection: Insaniquarium Deluxe
"Inspector Parker" = GameHouse Games Collection: Inspector Parker
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Invadazoid" = GameHouse Games Collection: Invadazoid
"Jewel Quest" = GameHouse Games Collection: Jewel Quest
"Lemonade Tycoon" = GameHouse Games Collection: Lemonade Tycoon
"Luxor" = GameHouse Games Collection: Luxor
"Mad Caps" = GameHouse Games Collection: Mad Caps
"Magic Ball 2" = GameHouse Games Collection: Magic Ball 2
"Magic Ball 2 - New Worlds" = GameHouse Games Collection: Magic Ball 2 - New Worlds
"Magic Ball Deluxe" = GameHouse Games Collection: Magic Ball
"Magic Inlay" = GameHouse Games Collection: Magic Inlay
"Magic Vines" = GameHouse Games Collection: Magic Vines
"Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures
"Mah Jong Medley" = GameHouse Games Collection: Mah Jong Medley
"Mah Jong Quest" = GameHouse Games Collection: Mah Jong Quest
"Mahjong Garden To Go" = GameHouse Games Collection: Mahjong Garden To Go
"Mahjong Towers Eternity" = GameHouse Games Collection: Mahjong Towers Eternity
"Maui Wowee" = GameHouse Games Collection: Maui Wowee
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"N360" = Norton 360 Premier Edition
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"Phlinx To Go" = GameHouse Games Collection: Phlinx To Go
"Pin High Country Club Golf" = GameHouse Games Collection: Pin High Country Club Golf
"Pizza Frenzy" = GameHouse Games Collection: Pizza Frenzy
"Platypus" = GameHouse Games Collection: Platypus
"Poker Superstars" = GameHouse Games Collection: Poker Superstars
"PowerISO" = PowerISO
"Puzzle Express" = GameHouse Games Collection: Puzzle Express
"Puzzle Inlay" = GameHouse Games Collection: Puzzle Inlay
"Puzzle Solitaire" = GameHouse Games Collection: Puzzle Solitaire
"QBz" = GameHouse Games Collection: QBz
"Reader's Digest Super Word Power" = GameHouse Games Collection: Reader's Digest Super Word Power
"Ricochet" = GameHouse Games Collection: Ricochet
"Ricochet Lost Worlds" = GameHouse Games Collection: Ricochet Lost Worlds
"Ricochet Lost Worlds: Recharged" = GameHouse Games Collection: Ricochet Lost Worlds - Recharged
"Roller Rush" = GameHouse Games Collection: Roller Rush
"Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo
"SCRABBLE" = GameHouse Games Collection: SCRABBLE
"Shape Shifter" = GameHouse Games Collection: Shape Shifter
"Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spelvin" = GameHouse Games Collection: Spelvin
"Splash" = GameHouse Games Collection: Splash
"Spring Sprang Sprung" = GameHouse Games Collection: Spring Sprang Sprung
"Super 5-Line Slots" = GameHouse Games Collection: Super 5-Line Slots
"Super Blackjack!" = GameHouse Games Collection: Super Blackjack!
"Super Bounce Out!" = GameHouse Games Collection: Super Bounce Out!
"Super Candy Cruncher" = GameHouse Games Collection: Super Candy Cruncher
"Super Collapse!" = GameHouse Games Collection: Super Collapse!
"Super Collapse! II" = GameHouse Games Collection: Super Collapse! II
"Super Collapse! II Platinum" = GameHouse Games Collection: Super Collapse! II Platinum
"Super Fruit Frolic" = GameHouse Games Collection: Super Fruit Frolic
"Super GameHouse Solitaire Vol. 1" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
"Super GameHouse Solitaire Vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
"Super GameHouse Solitaire Vol. 3" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
"Super Gem Drop" = GameHouse Games Collection: Super Gem Drop
"Super Glinx!" = GameHouse Games Collection: Super Glinx!
"Super Letter Linker" = GameHouse Games Collection: Super Letter Linker
"Super Mah Jong Solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
"Super Nisqually" = GameHouse Games Collection: Super Nisqually
"Super PileUp!" = GameHouse Games Collection: Super PileUp!
"Super Pool" = GameHouse Games Collection: Super Pool
"Super Pop & Drop!" = GameHouse Games Collection: Super Pop & Drop!
"Super Rumble Cube" = GameHouse Games Collection: Super Rumble Cube
"Super SpongeBob Collapse!" = GameHouse Games Collection: Super SpongeBob Collapse!
"Super TextTwist" = GameHouse Games Collection: Super TextTwist
"Super WHATword" = GameHouse Games Collection: Super WHATword
"Super Wild Wild Words" = GameHouse Games Collection: Super Wild Wild Words
"Tap a Jam" = GameHouse Games Collection: Tap a Jam
"Ten Pin Championship Bowling Pro" = GameHouse Games Collection: Ten Pin Championship Bowling Pro
"Tennis Titans" = GameHouse Games Collection: Tennis Titans
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tradewinds 2" = GameHouse Games Collection: Tradewinds 2
"Trivia Machine" = GameHouse Games Collection: Trivia Machine
"Tropical Swaps" = GameHouse Games Collection: Tropical Swaps
"Tumblebugs" = GameHouse Games Collection: Tumblebugs
"TuneUpMedia" = TuneUp Companion 1.5.5
"Turtle Bay" = GameHouse Games Collection: Turtle Bay
"Twistingo" = GameHouse Games Collection: Twistingo
"Ultimate Dominoes" = GameHouse Games Collection: Ultimate Dominoes
"Varmintz Deluxe" = GameHouse Games Collection: Varmintz Deluxe
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Walls of Jericho, The" = GameHouse Games Collection: Walls of Jericho, The
"Wheel of Fortune" = GameHouse Games Collection: Wheel of Fortune
"WildTangent emachines Master Uninstall" = eMachines Games
"WinRAR archiver" = WinRAR archiver
"Word Jolt" = GameHouse Games Collection: Word Jolt
"Word Slinger" = GameHouse Games Collection: Word Slinger
"WordJong To Go" = GameHouse Games Collection: WordJong To Go
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zuma Deluxe" = GameHouse Games Collection: Zuma Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2009 8:13:49 AM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 4:12:18 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 4:12:20 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 4:32:55 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 4:32:58 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 5:02:41 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 5:08:40 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 5:11:17 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 5:11:19 PM | Computer Name = Quinn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 11:27:58 PM | Computer Name = Quinn-PC | Source = Application Error | ID = 1000
Description = Faulting application LuComServer_3_4.EXE, version 3.4.1.238, time
stamp 0x48932a97, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x00043387, process id 0x16f8,
application start time 0x01ca0cd7afc239e0.

[ Media Center Events ]
Error - 6/22/2009 7:36:53 PM | Computer Name = Quinn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2009 6:53:25 AM | Computer Name = Quinn-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/30/2009 1:53:35 AM | Computer Name = Quinn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/30/2009 2:02:01 AM | Computer Name = Quinn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 483
seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/25/2010 7:29:02 PM | Computer Name = Quinn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7492
seconds with 1860 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/8/2010 6:12:25 PM | Computer Name = Quinn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/8/2010 6:12:25 PM | Computer Name = Quinn-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/8/2010 6:12:25 PM | Computer Name = Quinn-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/8/2010 6:12:25 PM | Computer Name = Quinn-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/8/2010 6:16:44 PM | Computer Name = Quinn-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/9/2010 4:05:19 AM | Computer Name = Quinn-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/9/2010 4:06:31 AM | Computer Name = Quinn-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/9/2010 4:07:02 AM | Computer Name = Quinn-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/9/2010 4:07:35 AM | Computer Name = Quinn-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/9/2010 4:09:44 AM | Computer Name = Quinn-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

#4
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [userinit] C:\Users\Michaelene\AppData\Roaming\sdra64.exe ()
    O33 - MountPoints2\{552437c2-06cd-11dd-ac14-001c256eae3b}\Shell - "" = AutoRun
    O33 - MountPoints2\{552437c2-06cd-11dd-ac14-001c256eae3b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    [2009/04/11 01:27:49 | 000,192,512 | R--- | M] () -- C:\Users\Michaelene\AppData\Roaming\sdra64.exe
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3A6B50AE-0D17-4BAA-8A41-F2EC1E9FAACC}"=-
    "{964A0765-75DE-4DB9-B1F9-034FC9F0CE31}"=-
    "TCP Query User{05A87408-1FC5-48CD-99ED-16451FDA0373}C:\program files\vuze\azureus.exe"=-
    "TCP Query User{5A6AB3A1-C3CB-482A-9EE4-1C1D9378250A}C:\program files\vuze\azureus.exe"=-
    "UDP Query User{8E22D77E-CF85-4A7C-86C2-F08368D38EFE}C:\program files\vuze\azureus.exe"=-
    "UDP Query User{EE39EBD6-99F4-4026-9200-F6E18B273FB5}C:\program files\vuze\azureus.exe"=-
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here is a howto for some of the applications.
    They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 3.
Things I would like to see in your reply:

  • The content of the fixlog from OTL in step 1.
  • The content of C:\ComboFix.txt from step 2.

  • 0

#5
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
I had some trouble getting the fix log pop up after running "OTL" and had a horrible time disabiling "Spybot Search & Destroy" so that Combofix could run properly. I eventually just uninstalled the program to accomplish this. I am attaching the 2 logs you requested. Please advise of next steps. Also at this point I still have yet to run the "GMer Rootkit Scanner", since I encountered errors when trying to run the program. Now that I have run the OTL fix and also the Combo fix do I also need to go back and run the GMer Rootkit scan? in your reply please let me know if I need to go back and run this since I wasn't able to run it the first time due to errors

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userinit not found.
File C:\Users\Michaelene\AppData\Roaming\sdra64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{552437c2-06cd-11dd-ac14-001c256eae3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{552437c2-06cd-11dd-ac14-001c256eae3b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{552437c2-06cd-11dd-ac14-001c256eae3b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{552437c2-06cd-11dd-ac14-001c256eae3b}\ not found.
File K:\LaunchU3.exe not found.
File C:\Users\Michaelene\AppData\Roaming\sdra64.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A6B50AE-0D17-4BAA-8A41-F2EC1E9FAACC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A6B50AE-0D17-4BAA-8A41-F2EC1E9FAACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{964A0765-75DE-4DB9-B1F9-034FC9F0CE31} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{964A0765-75DE-4DB9-B1F9-034FC9F0CE31}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05A87408-1FC5-48CD-99ED-16451FDA0373}C:\program files\vuze\azureus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5A6AB3A1-C3CB-482A-9EE4-1C1D9378250A}C:\program files\vuze\azureus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E22D77E-CF85-4A7C-86C2-F08368D38EFE}C:\program files\vuze\azureus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EE39EBD6-99F4-4026-9200-F6E18B273FB5}C:\program files\vuze\azureus.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michaelene
->Temp folder emptied: 462424 bytes
->Temporary Internet Files folder emptied: 1986778 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531360 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Michaelene
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03122010_171850

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\312\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

------------------------------------------------------------------------------------
ComboFix 10-03-12.02 - Michaelene 03/12/2010 17:59:51.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.895.129 [GMT -5:00]
Running from: c:\users\Michaelene\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\sysReserve.ini
c:\users\Michaelene\AppData\Roaming\inst.exe
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 23:18 . 2010-03-12 23:27 -------- d-----w- c:\users\Michaelene\AppData\Local\temp
2010-03-12 23:18 . 2010-03-12 23:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-03-12 23:18 . 2010-03-12 23:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 23:18 . 2010-03-12 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-11 18:37 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 18:37 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 18:37 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 19:21 . 2010-03-10 19:21 -------- d-----w- C:\_OTL
2010-03-07 17:46 . 2010-03-08 21:37 -------- d-----w- c:\program files\Win 32.Trojan.Keylogger Removal Tool[1]
2010-03-04 22:33 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-04 22:33 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-03 13:48 . 2010-03-04 01:17 -------- d-----r- c:\program files\Norton Support
2010-02-27 09:13 . 2010-03-08 15:36 -------- d-sh--w- c:\users\Michaelene\AppData\Roaming\lowsec
2010-02-24 20:05 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:03 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:03 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:03 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:03 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:03 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:03 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:03 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:03 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:03 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 20:03 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 20:03 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 20:03 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 19:41 . 2010-02-24 19:41 -------- d-----w- C:\found.000
2010-02-21 01:06 . 2010-02-21 01:06 -------- d-----w- c:\program files\Linksys
2010-02-21 01:00 . 2009-03-06 18:01 76184 ----a-w- c:\windows\system32\atsckernel.exe
2010-02-21 01:00 . 2009-03-06 17:59 20376 ----a-w- c:\windows\system32\atashost.exe
2010-02-21 01:00 . 2010-02-21 01:00 -------- d-----w- c:\progra~2\webex
2010-02-21 00:26 . 2010-02-21 00:26 -------- d-----w- c:\users\Michaelene\{72f84f4d-735a-4ea0-86ef-e848833b6ca6}
2010-02-21 00:23 . 2009-04-07 20:33 26416 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-02-21 00:23 . 2010-02-21 00:23 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-02-21 00:17 . 2010-02-21 00:23 -------- d-----w- c:\progra~2\Pure Networks
2010-02-11 03:31 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 03:31 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 03:31 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 03:31 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 03:31 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 03:31 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 03:31 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 03:31 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 03:31 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 03:03 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 03:03 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-11 02:59 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 02:59 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-11 02:49 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-11 02:49 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-11 01:46 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 01:46 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 23:41 . 2010-02-10 23:41 -------- d-----w- c:\program files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 23:27 . 2009-12-17 12:02 35370 ----a-w- c:\progra~2\nvModes.dat
2010-03-12 23:20 . 2008-06-11 18:47 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-12 22:57 . 2009-12-28 07:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-12 22:57 . 2009-12-28 07:32 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-03-12 22:50 . 2009-04-03 04:14 -------- d-----w- c:\users\Michaelene\AppData\Roaming\Azureus
2010-03-11 19:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-08 08:55 . 2009-04-04 04:54 -------- d-----w- c:\users\Michaelene\AppData\Roaming\Vso
2010-03-05 08:08 . 2007-11-18 01:32 -------- d-----w- c:\progra~2\Microsoft Help
2010-03-04 21:39 . 2007-11-18 01:29 -------- d-----w- c:\program files\Microsoft Works
2010-02-25 13:58 . 2008-04-06 12:40 102424 ----a-w- c:\users\Michaelene\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-10-03 06:15 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 01:00 . 2010-02-21 01:00 8892928 ----a-w- c:\progra~2\atscie.msi
2010-02-12 02:45 . 2009-08-30 02:41 -------- d-----w- c:\users\Michaelene\AppData\Roaming\TuneUpMedia
2010-02-10 23:43 . 2009-07-29 08:16 -------- d-----w- c:\program files\iTunes
2010-02-10 23:41 . 2009-07-27 04:11 -------- d-----w- c:\program files\Common Files\Apple
2010-01-02 06:38 . 2010-02-11 03:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-11 03:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-02-11 03:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-02-11 03:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 16:01 . 2009-12-28 16:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-28 16:01 . 2009-12-28 16:02 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-28 09:10 . 2009-12-28 12:55 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-28 09:10 . 2009-12-28 09:10 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2008-06-26 03:18 . 2008-06-26 03:18 1875 ----a-w- c:\program files\Wordpad (2).lnk
2009-04-01 02:47 . 2008-04-06 02:02 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 22:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-08 524632]

c:\users\Michaelene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Vuze.lnk - c:\program files\Vuze\Azureus.exe [2009-4-2 199616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-07-10 17:59 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-23 18:18 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
2007-09-14 00:22 5252936 ----a-w- c:\program files\Spare Backup\SpareBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e6,9d,8d,21,bb,33,ca,01

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8EEE.tmp [x]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-28 64160]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-12-28 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-12-28 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-12-28 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSvix86.sys [2009-10-28 343088]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-09 234888]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-08 1029456]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [2009-12-28 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-10 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-12-28 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 09:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=T3642
uInternet Settings,ProxyOverride = *.local
Trusted Zone: select2perform.com\support
TCP: {B0C41AEC-509C-4935-A789-C7CD162F219E} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\users\Michaelene\AppData\Roaming\Mozilla\Firefox\Profiles\sv361q0q.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Michaelene\AppData\Roaming\Mozilla\Firefox\Profiles\sv361q0q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Michaelene\AppData\Roaming\Mozilla\Firefox\Profiles\sv361q0q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-SeekmoOE - c:\program files\Seekmo\bin\10.3.79.0\OEAddOn.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 18:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8EEE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2675523129-3664480364-4030225571-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*D*-*N*o*R*A*R*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1936)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
c:\program files\Lavasoft\Ad-Aware\AAWWSC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WerCon.exe
.
**************************************************************************
.
Completion time: 2010-03-12 18:48:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-12 23:48
ComboFix2.txt 2009-12-28 15:36
ComboFix3.txt 2009-12-28 06:08
ComboFix4.txt 2009-12-28 05:27
ComboFix5.txt 2010-03-12 22:57

Pre-Run: 1,064,808,448 bytes free
Post-Run: 1,011,494,912 bytes free

- - End Of File - - DF97815B92D62BAFEF9AE537B396994F
  • 0

#6
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
No need to go back and do things in previous posts unless I ask you to.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Vuze
utorrent


Optional removals
Vuze, utorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.


Step 2.
MBAM-scan:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Things I would like to see in your reply:

  • Which P2P programs that were uninstalled in step 1.
  • The content of the log from MBAM in step 2.
  • Information on how your computer is running now.

  • 0

#7
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
1. Removed Vuze

2. Malwarebytes' Anti-Malware 1.44
Database version: 3863
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/13/2010 2:19:13 PM
mbam-log-2010-03-13 (14-19-13).txt

Scan type: Quick Scan
Objects scanned: 112800
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3. My computer still seems to be infected. It happens when using Mozilla Firefox, I haven't seen it happen when using Internet Explorer. Oddly enough it appears to only begin to happen if i shake my mouse. I use a Kensington Orbit mouse and I hold the entire mouse in my hand at times. If I keep it on the table the system doesn't ever do anything odd. But just as soon as I pick up the mouse in my hand and begin to click my cpu acts as it is hijacked. It begins to click on the start menu and open taskbars, closes open browsers, and so on. One thing I have noticed is that I have not seen the warning or error message advising me of the "Trojan-BNK.Win32.Keylogger.gen" infection nor the message asking me to purchase the "2010 Antispyware".
  • 0

#8
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please Note!

You have a backdoor trojan installed on your computer.
Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again.
It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. When should I re-format?

If you choose to reformat please let me know in your next post. If not please proceed with the rest of my instructions.

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - Startup: C:\Users\Michaelene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vuze.lnk = C:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
    [2010/03/08 11:23:42 | 000,000,000 | ---D | M] -- C:\Users\Michaelene\AppData\Roaming\Azureus
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


Step 2.
Online Scan:


Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of JDK 6 Update 18 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

Step 3.
Things I would like to see in your reply:

  • The content of the fixlog from OTL in step 1.
  • The content of the report from Kaspersy Online Scanner in step 2.

  • 0

#9
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
Sorry it took so long I had a problem running the online scan. It would run but it closed down twice before ever running completely through so it had to start all over. The final time took 17 hours to complete. Please advise of nextg steps. Below are the fix logs:

All processes killed
========== OTL ==========
C:\Users\Michaelene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Vuze.lnk moved successfully.
File C:\Program Files\Vuze\Azureus.exe not found.
C:\Users\Michaelene\AppData\Roaming\Azureus\updates folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\subs\temp folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\plugins\azump\mplayer folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\plugins\azump folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\dht\net3 folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\devices folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\cache folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Michaelene\AppData\Roaming\Azureus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michaelene
->Temp folder emptied: 1541042 bytes
->Temporary Internet Files folder emptied: 10060978 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25864949 bytes
->Flash cache emptied: 69536 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2268 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Michaelene
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03162010_092654

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\WebEx\Log\315\atashost.log not found!

Registry entries deleted on Reboot...
--------------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, March 18, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, March 17, 2010 03:52:45
Records in database: 3814378
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 230668
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 17:14:59


File name / Threat / Threats count
C:\Users\Michaelene\Documents\Azureus Downloads\Nero 9.4.26.0+keygen [GR420]\Nero 9 keygen.rar Infected: Trojan.Win32.Rettesser.ax 1
C:\Users\Michaelene\Documents\Azureus Downloads\Nero.v9.4.13.2.Incl.Keygen-BetaMaster\Nero.v9.4.13.2b.Incl.Keygen-BetaMaster\Nero.v9.4.13.2b.Incl.Keygen-BetaMaster\keymaker.exe Infected: Trojan.Win32.Rettesser.ax 1
C:\Users\Michaelene\Documents\Azureus Downloads\Norton 360 v3.0.0.135 Premier Edition + Crack [RH]\N360.v3.0.0.135.PE_[RH].rar Infected: Trojan.Win32.StartPage.drb 1

Selected area has been scanned.
  • 0

#10
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Users\Michaelene\Documents\Azureus Downloads\Nero 9.4.26.0+keygen [GR420]
    C:\Users\Michaelene\Documents\Azureus Downloads\Nero.v9.4.13.2.Incl.Keygen-BetaMaster
    C:\Users\Michaelene\Documents\Azureus Downloads\Norton 360 v3.0.0.135 Premier Edition + Crack [RH]
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 2.
CKScanner:

Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Step 3.
Things I would like to see in your reply:

  • The content of the fixlog from OTL in step 1.
  • The content of CKFiles.txt from step 2.

  • 0
<

Advertisement


#11
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
I understand what your saying about the cracks and keygens but for the sake of cleaning the infection I want to make sure you know that those files have been on the computer for a very long time, well before the infection began to show its effects. They can all be removed as they are not in use. I believe the infection may have originated from a link on "Facebook". There is antoher user in my household and after speaking with her she advised that she experience a problem after clicking a link to a video on the site. With that being said I still have no clue how to remove it so just let me know what needs to be done.

I just ran the OTL fix and will paste the fix log below however when trying to download from this llink http://downloads.mal...m/CKScanner.exe the DNS server doesn't recognize it as a known address, please advise. Thanks again.

All processes killed
========== FILES ==========
File\Folder C:\Users\Michaelene\Documents\Azureus Downloads\Nero 9.4.26.0+keygen [GR420] not found.
File\Folder C:\Users\Michaelene\Documents\Azureus Downloads\Nero.v9.4.13.2.Incl.Keygen-BetaMaster not found.
File\Folder C:\Users\Michaelene\Documents\Azureus Downloads\Norton 360 v3.0.0.135 Premier Edition + Crack [RH] not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Michaelene
->Temp folder emptied: 279356 bytes
->Temporary Internet Files folder emptied: 798507 bytes
->Java cache emptied: 118720 bytes
->FireFox cache emptied: 19564678 bytes
->Flash cache emptied: 434 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Michaelene
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03192010_125823

Files\Folders moved on Reboot...
File\Folder C:\Users\Michaelene\AppData\Local\Temp\hsperfdata_Michaelene\5276 not found!
File move failed. C:\Windows\temp\WebEx\Log\319\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#12
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's use another tool then.

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

  • 0

#13
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
That one worked fine, the first time I ran the scan I didn't run as administrator and the log stated that "SeDebugPriviledge was blocked. Run as administrator". So the attached log is after I closed the scan the first time and reopened as the administrator. Also I was browsing using Mozilla Firefox today and experienced the hijacking type actions so I'm guessing infection is still alive. Thanks again for all your help.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 15 Model 95 Stepping 3, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18882
Mozilla Firefox 3.6 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:222 Go - Free:37 Go )
D:\ [Fixed-NTFS] .. ( Total:10 Go - Free:3 Go )
E:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 21:34.42
Path : C:\Users\Michaelene\Desktop\Rooter.exe
User : Michaelene ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (556)
______ C:\Windows\system32\csrss.exe (632)
______ C:\Windows\system32\wininit.exe (680)
______ C:\Windows\system32\csrss.exe (688)
______ C:\Windows\system32\services.exe (724)
______ C:\Windows\system32\winlogon.exe (756)
______ C:\Windows\system32\lsass.exe (784)
______ C:\Windows\system32\lsm.exe (792)
______ C:\Windows\system32\svchost.exe (948)
______ C:\Windows\system32\nvvsvc.exe (996)
______ C:\Windows\system32\svchost.exe (1024)
______ C:\Windows\System32\svchost.exe (1060)
______ C:\Windows\System32\svchost.exe (1196)
______ C:\Windows\System32\svchost.exe (1224)
______ C:\Windows\system32\svchost.exe (1244)
Locked audiodg.exe (1312)
______ C:\Windows\system32\svchost.exe (1332)
______ C:\Windows\system32\SLsvc.exe (1352)
______ C:\Windows\system32\svchost.exe (1388)
______ C:\Windows\system32\nvvsvc.exe (1468)
______ C:\Windows\system32\svchost.exe (1552)
______ C:\Windows\System32\spoolsv.exe (1832)
______ C:\Windows\system32\svchost.exe (1888)
______ C:\Windows\system32\taskeng.exe (692)
______ C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (896)
______ C:\Windows\system32\agrsmsvc.exe (932)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1304)
______ C:\Windows\system32\atashost.exe (1548)
______ C:\Windows\system32\Dwm.exe (1568)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1572)
______ C:\Windows\system32\svchost.exe (944)
______ C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe (2020)
______ C:\Windows\Explorer.EXE (1684)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1516)
______ C:\Windows\system32\taskeng.exe (2128)
______ C:\Windows\system32\svchost.exe (2360)
______ C:\Windows\system32\svchost.exe (2432)
______ C:\Windows\System32\svchost.exe (2620)
______ C:\Windows\system32\SearchIndexer.exe (2644)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2780)
______ C:\Windows\system32\WUDFHost.exe (2856)
______ C:\Windows\system32\DllHost.exe (3400)
______ C:\Windows\system32\wbem\wmiprvse.exe (3592)
______ C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe (3600)
______ C:\Windows\UMStor\Res.exe (4064)
______ C:\Windows\RtHDVCpl.exe (1508)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2516)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (2608)
______ C:\Windows\ehome\ehtray.exe (3336)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3552)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (592)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe (3164)
______ C:\Windows\system32\wbem\unsecapp.exe (2924)
______ C:\Windows\system32\WerCon.exe (3424)
______ C:\Windows\ehome\ehmsas.exe (288)
______ C:\Program Files\iTunes\iTunesHelper.exe (3972)
______ C:\Program Files\iPod\bin\iPodService.exe (1132)
______ C:\Windows\system32\wuauclt.exe (4660)
______ C:\Windows\system32\taskeng.exe (5120)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe (2320)
______ C:\Users\Michaelene\Desktop\Rooter.exe (3200)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:11449557504)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:11449589760 | Length:238607147520)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:34.45
.
C:\Rooter$\Rooter_2.txt - (19/03/2010 | 21:34.45)
  • 0

#14
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
CKScanner is back online again

Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  • 0

#15
mrjhov79

mrjhov79

    Member

  • Member
  • PipPip
  • 11 posts
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\emachines games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\emachines games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg
c:\program files\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml
c:\program files\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg
c:\program files\gamehouse games collection\hamsterball\sounds\crack.ogg
c:\program files\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\gamehouse games collection\mah jong quest\images\tile_firecracker1.pnge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\gamehouse games collection\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
c:\users\michaelene\documents\azureus downloads\re-up gang - cracksploitation vol 2 (remixtape) (hosted by the clipse)-2010-mixfiend\cracksploitation2.nfo
c:\users\michaelene\documents\azureus downloads\re-up gang - cracksploitation vol 2 (remixtape) (hosted by the clipse)-2010-mixfiend\mixtapetorrent.com.url
c:\users\michaelene\documents\azureus downloads\re-up gang - cracksploitation vol 2 (remixtape) (hosted by the clipse)-2010-mixfiend\[torrent tracked at mixfiend.com & mixtapetorrent.com.txt
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\collapseiv.bin
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\nfo.txt
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\read me..important notes..txt
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\sc3res.dll
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\supercollapseiii.exe
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\tracked_by_h33t_com.txt
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\unwise.exe
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\exit.html
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\exitmember.html
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\funpass.html
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\funpassmember.html
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\register.html
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\trial.html
c:\users\michaelene\documents\azureus downloads\super collapse 3(cracked)\store\wrapper.css
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\any_dvd_converter_professional_v4.0.1___crack_[rh].5201131.tpb.torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\convertxtodvd_3.3.4.106e_and_keygen_[1337x].4615339.tpb[1].torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\cracksploitation2.torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\nero.v9.4.13.2.incl.keygen-betamaster.4980972.tpb.torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\nero_9_reloaded_9.4.26.0___keygen_[gr420].5281999.tpb.torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\norton_360_v2.0___add_on_pack_2.1_-_edge_keygen.4489755.tpb.torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\norton_360_v3.0.0.135_premier_edition___crack_[rh].4881037.tpb[1].torrent
c:\_otl\movedfiles\03162010_092654\c_users\michaelene\appdata\roaming\azureus\torrents\super_collapse_3(cracked).4373018.tpb[1].torrent
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\nero.v9.4.13.2.incl.keygen-betamaster\murlok.nfo
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\nero.v9.4.13.2.incl.keygen-betamaster\nero.v9.4.13.2b.incl.keygen-betamaster\nero.v9.4.13.2b.incl.keygen-betamaster.part1.rar
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\nero.v9.4.13.2.incl.keygen-betamaster\nero.v9.4.13.2b.incl.keygen-betamaster\nero.v9.4.13.2b.incl.keygen-betamaster.part2.rar
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\nero.v9.4.13.2.incl.keygen-betamaster\nero.v9.4.13.2b.incl.keygen-betamaster\nero.v9.4.13.2b.incl.keygen-betamaster.part3.rar
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\norton 360 v3.0.0.135 premier edition + crack [rh]\n360.v3.0.0.135.pe_[rh].rar
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\norton 360 v3.0.0.135 premier edition + crack [rh]\n360.v3.0.0.135.pe_[rh]\norton 360 v3.0.0.135 premier edition\n360p300en.exe
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\norton 360 v3.0.0.135 premier edition + crack [rh]\n360.v3.0.0.135.pe_[rh]\norton 360 v3.0.0.135 premier edition\readme.txt
c:\_otl\movedfiles\03192010_082932\c_users\michaelene\documents\azureus downloads\norton 360 v3.0.0.135 premier edition + crack [rh]\n360.v3.0.0.135.pe_[rh]\norton 360 v3.0.0.135 premier edition\norton 2009 trialreset v2.9a (cracked by box!)\install notes.txt
scanner sequence 3.ZZ.11
----- EOF -----
  • 0

Advertisement




Similar Topics: TFC (Temp File Cleaner) & Trojan-BNK.Win32.Keylogger.gen [Closed]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured