Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 0xC004D401 Error, Trojans, Clams, Click Potato, Open Candy

Started by spm702 , Mar 22 2011 03:36 PM

  • Please log in to reply

#1
spm702
Posted 22 March 2011 - 03:36 PM

spm702

    New Member

  • Member
  • Pip
  • 1 posts
Hi, My computer [HP Pavilion a6620f] has become increasingly unstable, due to a constant parade of viruses and malware - caught and uncaught. I am running Vista Home Premium 64-bit on an Intel Dual-Core processor [E5200]. I am also running Avast 6.0; Immunet 3.0, and MBAM 1.46. Immunet and Avast begin on startup, and I update at least once weekly. MBAM is run at least once a week. The computer is operating IE 8, and Firefox 3.6 is the browser.

I run CCleaner 3.4 daily - never on the registry files, and my full browsing history is automatically deleted daily through Internet Options.

Within the last three weeks, Immunet and Avast have consistently located a growing number of viruses [on 3/20/2011, there were 10 Win.32Trojans, Clams and Crypts caught and quarantined]. The computer has slowed considerably, and I began receiving the Windows 0xC004D401 Error every time I restarted on about 3/13/2011. I would open in safe mode and do a system restore, which seemed to work for a day or two. Within the last three or four days, the computer refused to allow ANY software installs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrVersion\Uninstall\{6757983-0FB7-4F7B-B881-E5BE4769DBE0}_IS 1. Access is denied. Code 5.]

I believe I finally fixed that by going into safe mode and changing permissions on that key. Today I had no problems installing both programs your site suggested using [VIPRE and OTL].

Yesterday [3/21/2011], I ran Windows OneCare.live and was informed the computer was infected with Click Potato and Open Candy. Later in the evening, the thing went completely haywire, and Windows kept freezing and crashing, especially if I attempted to open or run anything as an administrator. I tried, but could not run scans by Avast, Immunet or MBAM. Again, I went into safe mode, which ran fine. I then re-started it in normal mode, and it seems to be running okay, although still slowly.

Because I am a writer for an Internet-based media site, I am all over the place doing research, although I try to stick with known educational and government informational sites. I did notice at least two viruses came in through AIM, which I don't use, but my son does for email and IM. I also noticed several unfamiliar Firefox plugins and extensions which I did not download.

VIPRE caught 4 threats and fixed one. Unfortunately, the computer just froze up again, so I had to do a restart. I do not know where to find the results of that scan.

If you need the Firefox plugins and extensions lists or anything else, please let me know. I truly appreciate your attention to this matter. This one has me nuts.

Please find below the requested OTL scan results:
OTL logfile created on: 3/22/2011 4:24:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sue\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 334.23 Gb Free Space | 73.79% Space Free | Partition Type: NTFS
Drive D: | 12.79 Gb Total Space | 1.72 Gb Free Space | 13.43% Space Free | Partition Type: NTFS

Computer Name: SUE-PC | User Name: Sue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 15:57:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
PRC - [2011/03/05 11:02:23 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/11 03:51:48 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/22 15:57:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 11:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 11:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/02/11 05:52:21 | 000,367,888 | ---- | M] (Sourcefire, Inc.) [Auto | Running] -- C:\Program Files (x86)\Immunet Protect\3.0.0\agent.exe -- (ImmunetProtect)
SRV - [2010/06/16 17:08:14 | 000,409,088 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files (x86)\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/04/20 12:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/20 12:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/11 03:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 22:51:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/02/13 15:36:35 | 000,575,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/02/11 05:52:24 | 000,052,816 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV:64bit: - [2011/02/11 05:52:24 | 000,030,288 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/02/26 20:46:34 | 010,276,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/01/20 07:49:48 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 21:48:52 | 000,407,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/02/12 11:50:14 | 000,286,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys -- (CAXHWBS3)
DRV:64bit: - [2008/02/12 11:48:10 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/02/12 11:47:08 | 001,481,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/10/18 11:37:10 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/06/19 10:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 F8 2C 53 07 FE C9 01 [binary data]
IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.8.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.95.20100933

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/23 15:19:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/15 16:54:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/15 16:54:29 | 000,000,000 | ---D | M]

[2009/08/23 22:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions
[2009/08/23 22:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/01/29 17:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\C\Users\Sue\Desktop\New Folder (2)\extensions
[2011/01/29 17:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\C\Users\Sue\Desktop\New Folder (2)\extensions\[email protected]
[2011/03/22 15:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\4ukv2jaq.Default User\extensions
[2011/03/02 11:47:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\4ukv2jaq.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}(167)
[2011/02/05 17:51:14 | 000,000,000 | ---D | M] (Quick Translator) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\4ukv2jaq.Default User\extensions\{5C655500-E712-41e7-9349-CE462F844B19}
[2011/02/07 12:26:18 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\4ukv2jaq.Default User\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/02/06 13:08:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\4ukv2jaq.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/21 15:51:50 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\4ukv2jaq.Default User\extensions\[email protected]
[2011/01/22 04:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions
[2010/05/04 18:02:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/27 08:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2010/03/20 18:25:43 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/01/22 04:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/12/24 12:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}-trash
[2010/03/28 00:11:35 | 000,000,000 | ---D | M] (Word Count Plus) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}
[2010/01/29 15:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2010/12/24 12:47:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/29 15:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\[email protected]
[2010/05/30 10:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\[email protected]
[2010/03/28 00:11:35 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\gxwf5f5k.default\extensions\[email protected]
[2011/03/21 20:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/02 09:58:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..\Toolbar\WebBrowser: (no name) - {B65DA82C-60D9-484D-9759-3845A3A1680A} - No CLSID value found.
O3 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files (x86)\Immunet Protect\3.0.0\iptray.exe (Immunet)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: about.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: aol.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: cnet%20download.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: cnet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: criticallayouts.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: download.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: firefox.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: mozilla%20firefox.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: mozilla.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: msnwebmessenger.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: myxer.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: pogo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: pyzam.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: skype.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: thehumorzone.co.uk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-392179206-2571169130-3320583111-1000\..Trusted Domains: windowslivemessenger.com ([]* in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Sue\Desktop\DESKTOP\ART\IRISH\st-patricks-day-800.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sue\Desktop\DESKTOP\ART\IRISH\st-patricks-day-800.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/22 15:57:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
[2011/03/22 13:46:34 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/03/22 02:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/03/22 02:30:45 | 005,206,720 | ---- | C] (URSoft, Inc. ) -- C:\Users\Sue\Desktop\yu2010setupcnet.exe
[2011/03/22 00:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/22 00:20:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2011/03/21 14:26:24 | 004,945,455 | ---- | C] (ffdshow ) -- C:\Users\Sue\Desktop\ffdshow_rev3771_20110307_clsid_x64.exe
[2011/03/20 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\HPAppData
[2011/03/11 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Media Player Classic
[2011/03/10 22:37:17 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\Innovative Solutions
[2011/03/10 22:37:17 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2011/03/10 22:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2011/03/10 22:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2011/03/10 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/03/10 22:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2011/03/02 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Sue\Documents\Any Video Converter
[2011/03/02 14:49:14 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\AnvSoft
[2011/03/02 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011/03/02 14:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/03/01 00:08:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\dvdcss
[2011/02/25 09:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/02/25 09:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/02/24 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Shark007
[2011/02/24 18:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Shark007
[2011/02/23 13:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/02/23 13:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2011/02/23 12:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Shark007
[2011/02/23 12:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/02/21 20:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Control
[2011/02/21 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Media Control
[2011/02/21 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Media Control
[2011/02/21 17:41:13 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Local\DDMSettings
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/22 16:00:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/22 15:57:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
[2011/03/22 15:20:46 | 000,031,465 | ---- | M] () -- C:\Users\Sue\Desktop\facebook info.rtf
[2011/03/22 14:37:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 14:37:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 13:42:44 | 085,950,464 | ---- | M] () -- C:\Users\Sue\Desktop\VIPRERescue8780.exe
[2011/03/22 12:38:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/22 04:27:32 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C6BBD593-F65A-4D30-8190-1CEDA2F83DD7}.job
[2011/03/22 03:01:22 | 000,825,972 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/22 03:01:22 | 000,691,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/22 03:01:22 | 000,136,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/22 02:55:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/22 02:52:12 | 000,001,047 | ---- | M] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/03/22 02:30:51 | 005,206,720 | ---- | M] (URSoft, Inc. ) -- C:\Users\Sue\Desktop\yu2010setupcnet.exe
[2011/03/21 20:44:07 | 000,000,732 | ---- | M] () -- C:\Users\Sue\AppData\Local\d3d9caps64.dat
[2011/03/21 14:26:45 | 004,945,455 | ---- | M] (ffdshow ) -- C:\Users\Sue\Desktop\ffdshow_rev3771_20110307_clsid_x64.exe
[2011/03/20 17:53:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/03/19 00:47:39 | 000,012,176 | ---- | M] () -- C:\Users\Sue\Desktop\AP stuff.rtf
[2011/03/17 19:04:47 | 002,444,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/17 16:40:23 | 000,002,655 | ---- | M] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2011/03/17 11:35:09 | 000,002,537 | ---- | M] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Animation Shop 3.lnk
[2011/03/12 17:33:35 | 000,000,930 | ---- | M] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/10 22:37:13 | 000,001,990 | ---- | M] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 10.lnk
[2011/03/03 00:20:03 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSue.job
[2011/02/23 11:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 11:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/02/23 11:04:07 | 000,238,968 | ---- | M] () -- C:\Windows\SysNative\aswBoot.exe
[2011/02/23 10:57:04 | 000,280,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/02/23 10:57:01 | 000,505,176 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/02/23 10:55:53 | 000,053,592 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/02/23 10:55:13 | 000,031,064 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/02/23 10:55:05 | 000,064,344 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/02/23 10:54:58 | 000,022,360 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/22 13:46:50 | 000,049,752 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/03/22 13:46:50 | 000,027,472 | ---- | C] () -- C:\Windows\SysNative\sbbd.exe
[2011/03/22 13:39:53 | 085,950,464 | ---- | C] () -- C:\Users\Sue\Desktop\VIPRERescue8780.exe
[2011/03/22 02:52:12 | 000,031,800 | ---- | C] () -- C:\Windows\SysNative\drivers\revoflt.sys
[2011/03/22 02:52:12 | 000,001,047 | ---- | C] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/03/20 17:42:23 | 000,000,732 | ---- | C] () -- C:\Users\Sue\AppData\Local\d3d9caps64.dat
[2011/03/19 00:47:39 | 000,012,176 | ---- | C] () -- C:\Users\Sue\Desktop\AP stuff.rtf
[2011/03/17 22:00:08 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2011/03/17 22:00:06 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe
[2011/03/17 22:00:02 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2011/03/17 22:00:01 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll
[2011/03/17 21:59:59 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/17 21:59:57 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll
[2011/03/17 11:20:32 | 000,035,336 | ---- | C] () -- C:\Users\Sue\Desktop\KR Shams.ttf
[2011/03/12 17:33:35 | 000,000,936 | ---- | C] () -- C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/03/11 12:46:27 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/10 22:37:13 | 000,001,990 | ---- | C] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 10.lnk
[2011/03/10 22:37:04 | 000,047,984 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2011/03/10 16:17:04 | 000,002,537 | ---- | C] () -- C:\Users\Sue\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Animation Shop 3.lnk
[2011/03/02 19:21:09 | 000,505,176 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/02/25 16:31:21 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2011/02/24 18:33:13 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2011/02/24 18:33:13 | 000,124,909 | ---- | C] () -- C:\Windows\SysNative\pthreadGC2.dll
[2011/02/24 18:33:13 | 000,083,968 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011/02/24 18:33:05 | 003,063,808 | ---- | C] () -- C:\Windows\SysNative\x264vfw64.dll
[2011/02/24 18:33:05 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2011/02/24 18:33:05 | 000,206,848 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2011/02/24 18:33:04 | 001,571,840 | ---- | C] () -- C:\Windows\SysNative\VSFilter.dll
[2011/02/21 20:24:15 | 000,616,272 | ---- | C] () -- C:\Windows\SysNative\proppage.dll
[2011/02/21 20:24:15 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\MMShellHook.dll
[2011/02/21 20:24:10 | 000,627,200 | ---- | C] () -- C:\Windows\SysNative\msvcr90.dll
[2011/02/13 15:37:13 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2011/02/13 15:37:12 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2011/01/18 04:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi
[2011/01/18 04:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe
[2011/01/18 04:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab
[2011/01/18 04:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010/04/19 10:20:18 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B1780B03FB.sys
[2010/04/19 10:20:17 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/01/23 15:18:58 | 000,023,124 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/11 22:27:22 | 000,077,388 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/10/22 19:49:23 | 000,000,000 | ---- | C] () -- C:\Users\Sue\AppData\Local\{4D36E965-E325-11CE-BFC1-08002BE10318}.sav
[2009/07/26 18:24:47 | 000,000,581 | ---- | C] () -- C:\Program Files (x86)\WriteAgain - Shortcut.lnk
[2009/07/22 01:48:33 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/07/05 06:00:56 | 000,023,700 | ---- | C] () -- C:\Program Files (x86)\pad_file.xml
[2009/06/02 10:22:04 | 001,495,312 | ---- | C] () -- C:\Program Files (x86)\Instant_Writing_Resources.exe
[2009/06/02 10:15:22 | 000,630,300 | ---- | C] () -- C:\Program Files (x86)\Instant_Writing_Resources.xpi
[2009/03/18 21:50:30 | 001,487,120 | ---- | C] () -- C:\Users\Sue\AppData\Local\Critical_Layouts_Quick_Links.exe
[2009/03/08 17:38:46 | 000,843,880 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/03/06 09:16:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/01 00:00:33 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/02/01 00:00:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/04 02:01:08 | 000,000,000 | ---- | C] () -- C:\Users\Sue\AppData\Roaming\wklnhst.dat
[2008/12/28 17:55:01 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/12/28 17:33:24 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/27 14:07:18 | 000,026,624 | ---- | C] () -- C:\Users\Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 11:31:01 | 000,165,535 | ---- | C] () -- C:\Windows\hpoins28.dat
[2008/09/08 13:33:23 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/09/08 13:33:23 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/09/08 13:33:23 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/09/08 13:05:12 | 000,107,384 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/09/08 12:43:12 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/09/08 12:43:12 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/11 23:49:03 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/07/22 02:11:03 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\acccore
[2011/03/02 14:49:14 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\AnvSoft
[2010/07/22 16:25:53 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010/06/13 11:11:17 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Facebook
[2011/01/16 15:29:50 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\FrostWire
[2009/12/06 19:31:01 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\GetRightToGo
[2010/11/13 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\gtk-2.0
[2009/06/06 15:02:14 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\iWin
[2011/03/21 15:03:03 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Jarte
[2010/12/02 23:46:17 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Jasc
[2011/02/24 18:37:25 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Media Control
[2009/02/03 12:47:33 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\MessengerGadget
[2009/11/01 02:26:27 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\NCH Swift Sound
[2011/01/22 02:56:48 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\OpenOffice.org
[2009/02/06 17:48:55 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Printer Info Cache
[2011/03/21 21:34:18 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Shark007
[2011/01/21 22:16:28 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\SoftGrid Client
[2009/07/24 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\SPORE Creature Creator
[2009/01/21 14:09:46 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Template
[2010/05/07 00:59:29 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Uniblue
[2010/11/03 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\ValuSoft
[2009/02/28 18:05:19 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Wal-Mart Digital Photo Manager
[2009/12/11 22:24:10 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\WinBatch
[2009/08/03 15:03:04 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Windows Live Writer
[2011/03/22 00:14:44 | 000,032,546 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2011/03/22 04:27:32 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6BBD593-F65A-4D30-8190-1CEDA2F83DD7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F9819010

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP