Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Repair Shield not going away

Started by ColtsFan18 , Mar 25 2011 09:18 PM

  • This topic is locked This topic is locked

#1
ColtsFan18
Posted 25 March 2011 - 09:18 PM

ColtsFan18

    Member

  • Member
  • PipPipPip
  • 389 posts
I have run MBAM 3 times now, 2 quick scans and 1 full scan both in safe mode and updated right before I ran the scans. I keep getting Critical Disk Errors, warnings of low RAM, etc. MBAM found 3 problems, I removed them and rebooted, problem still existed, went back to safe mode and ran a full system scan, again, same 3 problems, removed and rebooted right back to safe mode. Ran Quick scan a 3rd time and it found yet 1 more issue, I am posting the most recent Scan logs. I also have a lovely new icon on the desktop that mimics the Windows Logo but it's comprised of puzzle pieces and the properties direct me to c:\programdata\29548296.exe (Rogue.FakeHDD) This was one of the issues MBAM found. With each successive scan the number (29548296.exe) changes but the problem remains the same and it never gets rid of it. I'm sorry if this is too much info to start with but I'm trying to be as explicit as possible. What else can I do to locate and obliterate this issue? I am currently running Loaris Trojan Remover, it has found 10 items in red and multiple others it has fixed... it has roughly 6 minutes left. I will post results when it completes.
******************************************
SCAN1:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6172

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

3/25/2011 9:45:06 PM
mbam-log-2011-03-25 (21-45-06).txt

Scan type: Quick scan
Objects scanned: 182010
Time elapsed: 13 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\29548296.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

***********************************************

SCAN 2:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6172

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

3/25/2011 7:12:41 PM
mbam-log-2011-03-25 (19-12-41).txt

Scan type: Quick scan
Objects scanned: 186266
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\40427272.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\steve & tammy\AppData\Local\Temp\internetexplorerupdate.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\IntEA14.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

*************************************************

SCAN 3:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6172

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

3/25/2011 8:44:42 PM
mbam-log-2011-03-25 (20-44-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 400703
Time elapsed: 1 hour(s), 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\24829704.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\steve & tammy\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0\676cfd80-344f4473 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\steve & tammy\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5\2149485-22f81a1f (Trojan.FakeAlert) -> Quarantined and deleted successfully.

**************************

LOARIS Scan Log:


Loaris Trojan Remover v.1.2.3.5
Report file date: 3/25/2011 10:03:03 PM

Scanning for 347422 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows Vista ™ Home Basic (version 6.0)
Username: Steve & Tammy
Computer name: STEVEANDTAMMY

Starting the file scan:

Hijack.DisableCAD - fixed
Hijack.TaskManager - fixed
Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- c:\programdata\ymewgjxgpidlpi.exe ---- Startup
Threat
YmEwGJXgpidLPI
MD5: 9FB80F1DDBEE8978E9314437E3B11609:545792
RIC: 84538CFD94F9CCE38DF11C230DE6CB76:7352
EP: 55 8B EC 31 D2 81 C2 C4 FD FF FF 01 D4 89 F2 89 FE 87 F2 51 56 31 D2 89 55 F4 89 DA 52 55 C7 45 C8 00 00 00 00 8D 7D C8 6A 00 6A 00 FF 15 AC 2F 40 00 3D 05 00 00 C0 75 02 EB 2B CC FF 15 30 2E 40
SEC:
.text:73D35973C20CAD4943E2C3BC0991F443:1024
.idata:6DABC7EAB35BD06FEB557FC308591842:12800
.rsrc:1DF2A86654D465E31AAE47176365FFB1:59392
.data:242EFB619D414E78BA2A36C333D045EE:405504
.rdata:52CA079D4F2E9CCE93A63CCDD4746C6B:66048


----- c:\windows\system32\nvcpl.dll,nvstartup ---- Startup
Threat
NvCplDaemon


----- c:\windows\system32\nvmctray.dll,nvtaskbarinit ---- Startup
Threat
NvMediaCenter


----- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Taskman" ---- Registry
riskware.x


----- C:\Users\Steve & Tammy\AppData\Local\Temp\e4j95C9.tmp_dir21702\i4jdel.exe ---- General
Mal/Fraud!se385
MD5: 08AF557C8E6E74D7D92314F6B2C86273:4608
EP: 55 89 E5 83 EC 08 83 C4 F4 6A 02 A1 20 31 40 00 FF D0 E8 F1 FD FF FF 89 EC 5D C3 90 55 89 E5 83 EC 64 53 E8 14 01 00 00 E8 AB 04 00 00 89 C3 83 C4 F4 8D 45 B0 50 E8 A5 04 00 00 83 C4 0C 85 DB 74
SEC:
.text:79AC0F530D2758C841D13E1A20CA51CA:2048
.data:F867B5AA429D6C666F9A18EDDCEC4A4A:512
.idata:22DAA27A148EC9C543D8195A6BBC94C3:1024


----- C:\Users\Steve & Tammy\AppData\Local\Temp\plugtmp-76\plugin-gimmegirl.pdf ---- General
PDF.Exploit.JS
MD5: F55323CF3D524AF6D46599D3E3636CCD:34782
EP: 00
SEC:


----- C:\Users\Steve & Tammy\Desktop\Business Forms\Plowing Business Cards.pdf ---- General
PDF.Exploit
MD5: 5498A3E3FEA26F41291A3B0FD68AB9DF:85245
EP: 00
SEC:


----- C:\Users\Steve & Tammy\Desktop\Documents\Adobe Files\f2290_04.pdf ---- General
PDF.Exploit.JS
MD5: 7866F2E22774B97BCD97EEDE61F6A398:171803
EP: 00
SEC:


----- C:\Users\Steve & Tammy\Desktop\Documents\C-15 issues\SL SCHRADER.pdf ---- General
PDF.Exploit
MD5: 56D95E5E92A5531EABA254DBFA347C42:2146582
EP: 00
SEC:


----- C:\Program Files\Common Files\Intuit\Sync\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\Application Data\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


----- C:\ProgramData\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll ---- General
Generic
ProdVer: 0.85.5
FileVer: 0.85.5.452
Name : #ZipLibrary
Company: ICSharpCode.net
NAC: C58D8179BBEC6C86677FE0B1F3A66159:26
MD5: 0B3B4E8D1DE31F844E466D61CF7937B5:192512
EP: FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:C768700BC346A12026B82435169FDAD8:180224
.rsrc:5D521464F3C88641920FB425BB4877A1:4096
.reloc:BDD4C75A964C1CCC148B825AF6F2548C:4096


----- C:\ProgramData\{F9219CB0-6C2A-4662-8087-1F76EE51B6C7}\OFFLINE\8F7FFDE2\511338E8\ALSTOC.exe ---- General
Mal/Fraud!se718-9
ProdVer: 41.00.0014
FileVer: 41.00.0014
Name : Quant Systems Products
Company: Quant Systems Inc.,
NAC: 403403EC426DA8A4EEC58322B50FF028:41
MD5: AD4826F6A9B782A54A7DAB1C6802F3AA:50264
RIC: 7477348D691B430B43E542519038C9C9:3600
EP: 68 84 12 40 00 E8 F0 FF FF FF 00 00 00 00 00 00 30 00 00 00 58 00 00 00 38 00 00 00 8A 47 57 2B DF AE DE 43 9F 82 48 FC A0 74 A8 B0 00 00 00 00 00 00 01 00 00 00 35 01 38 08 41 00 41 4C 53 54 4F
SEC:
.text:87F4C5463B5719E792108FFB513B4598:32768
.data:00000000000000000000000000000000:0
.rsrc:C573A2C73DF8A98C13BC23872E9A8794:8192


Scan completed!

Scan result: 31 detected items
Scan completed in: Scan completed in 23 minute(s) 18 sec.
Files were scanned: 22639

Edited by ColtsFan18, 25 March 2011 - 09:29 PM.

  • 0

Advertisements

#2
ColtsFan18
Posted 25 March 2011 - 09:39 PM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
I now see that I have a winlogon taskman trojan, I found it in the registry... looking through some older posts I have deleted that registry value but I'm sure that won't be the end of it. Not sure if there is something in the startup programs I should look for. Again, my apologies for so much information but I'm hoping to get you all the necessary info up front.
  • 0

#3
ColtsFan18
Posted 25 March 2011 - 09:52 PM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
Rebooted in normal mode and it is still there. I took a screenshot of the program that wont die. I'm going to post it here and run yet another full scan in Safe mode. Lastly, on the msconfig start up menu I have a program called TFTC that I've never seen. Address is c;\programfiles\YmEwGJXgpidLPI.exe. The .exe makes me wonder if it's not the core of the problem. I'm running another scan and the number of the virus has changed yet again.

Attached Thumbnails

  • screenshot.jpg

Edited by ColtsFan18, 25 March 2011 - 11:11 PM.

  • 0

#4
Essexboy
Posted 02 April 2011 - 10:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay. I have a few programmes for you to run initially. The first to kill any rogues and the others to see what else is there

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

FOLLOWED BY

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Click on Scan all users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#5
ColtsFan18
Posted 02 April 2011 - 10:43 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
RogueKiller Report:
RogueKiller V4.3.6 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Steve & Tammy [Admin rights]
Mode: Remove -- Date : 04/02/2011 11:37:28

Bad processes: 1
[APPDT/TMP/DESKTOP] Panda_URL_Filtering.exe -- c:\programdata\panda security url filtering\panda_url_filtering.exe -> KILLED

Registry Entries: 2
[APPDT/TMP/DESKTOP] HKLM\[...]\Run : Panda Security URL Filtering ("C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe") -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX

HOSTS File:
127.0.0.1 localhost
::1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#6
ColtsFan18
Posted 02 April 2011 - 10:44 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-04-02 11:38:34
-----------------------------
11:38:34.811 OS Version: Windows 6.0.6002 Service Pack 2
11:38:34.811 Number of processors: 1 586 0x5F03
11:38:34.813 ComputerName: STEVEANDTAMMY UserName: Steve & Tammy
11:38:59.982 Initialize success
11:39:16.882 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
11:39:16.884 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3
11:39:16.887 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000004c
11:39:16.890 Disk 1 Vendor: ST316081 4.AA Size: 152627MB BusType: 6
11:39:18.925 Disk 1 MBR read successfully
11:39:18.928 Disk 1 MBR scan
11:39:20.932 Disk 1 scanning sectors +312579760
11:39:20.960 Disk 1 scanning C:\Windows\system32\drivers
11:39:26.728 Service scanning
11:39:27.976 Disk 1 trace - called modules:
11:39:27.996 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys i8042prt.sys mouclass.sys
11:39:28.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85b48ac8]
11:39:28.004 3 CLASSPNP.SYS[879a08b3] -> nt!IofCallDriver -> [0x84f0d5f8]
11:39:28.007 5 acpi.sys[8060c6bc] -> nt!IofCallDriver -> \Device\0000004c[0x84b15c28]
11:39:28.015 Scan finished successfully
  • 0

#7
Essexboy
Posted 02 April 2011 - 10:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see what OTL tells me :D
  • 0

#8
ColtsFan18
Posted 02 April 2011 - 10:50 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
OTL Scan log:
OTL logfile created on: 4/2/2011 11:45:14 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steve & Tammy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 45.96 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive E: | 69.00 Gb Total Space | 21.33 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive F: | 5.50 Gb Total Space | 1.20 Gb Free Space | 21.73% Space Free | Partition Type: FAT32

Computer Name: STEVEANDTAMMY | User Name: Steve & Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Steve & Tammy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Users\Steve & Tammy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll (Panda Security, S.L.)
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll (Panda Security, S.L.)
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll (Panda Security, S.L.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceTypes.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WMVCORE.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WMASF.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (QBCFMonitorService) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (QBFCService) -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...209&m=et1161-05
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...209&m=et1161-05
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hidemyass.com/
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....=PCAFSI1143&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/12 21:55:22 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2011/04/02 09:01:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 20:57:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 10:24:52 | 000,000,000 | ---D | M]

[2009/04/27 10:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Extensions
[2009/04/27 10:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/04/02 09:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\extensions
[2010/05/18 21:25:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 01:30:21 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/04/02 09:01:02 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/04/02 09:16:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/09 23:23:49 | 000,002,427 | ---- | M] () -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\searchplugins\askcom.xml
[2010/07/26 18:13:31 | 000,001,834 | ---- | M] () -- C:\Users\Steve & Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\z4dmcm57.default\searchplugins\bing.xml
[2011/04/02 09:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/09 10:15:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 11:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 09:57:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/08 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 17:45:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/02 09:01:16 | 000,000,000 | ---D | M] (Panda Identity Protect) -- C:\PROGRAM FILES\PANDA SECURITY\PANDA ID PROTECT\FIREFOX
[2010/11/12 21:55:22 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/03/26 09:57:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000..\Run: [EPSON NX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000..\Run: [Uniblue RegistryBooster 2] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steve & Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\Steve & Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {41293422-93FD-443C-B848-E07EDBF866C3} http://216.159.150.3...es/AXClient.cab (CMediaPlayerCtrl Object)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{660f13c0-336f-11de-a8fd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 11:39:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Steve & Tammy\Desktop\OTL.exe
[2011/04/02 11:38:28 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Steve & Tammy\Desktop\aswMBR.exe
[2011/04/02 11:37:28 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\Desktop\RK_Quarantine
[2011/04/02 09:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/04/02 09:01:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2011/04/02 09:01:11 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Roaming\SurfSecret Privacy Suite
[2011/04/02 09:01:03 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Local\panda2_0dn
[2011/04/01 17:04:19 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Roaming\vlc
[2011/04/01 17:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/03/26 10:24:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/26 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Local\Adobe
[2011/03/26 08:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyRail4EN
[2011/03/26 08:37:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Local\AnyRail
[2011/03/25 18:53:48 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
[2011/03/08 23:39:17 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Local\IsolatedStorage
[2011/03/08 23:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Earth 3D
[2011/03/07 17:43:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\McAfee
[2011/03/06 13:56:47 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Roaming\DRail Modelspoor Software
[2011/03/06 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\AnyRail4EN
[2011/03/03 18:27:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\AlawarWrapper
[2011/03/03 18:27:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/02 11:48:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/02 11:44:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/02 11:44:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/02 11:40:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Tammy\Desktop\OTL.exe
[2011/04/02 11:39:45 | 000,000,512 | ---- | M] () -- C:\Users\Steve & Tammy\Desktop\MBR.dat
[2011/04/02 11:38:31 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Steve & Tammy\Desktop\aswMBR.exe
[2011/04/02 11:36:59 | 001,058,816 | ---- | M] () -- C:\Users\Steve & Tammy\Desktop\RogueKiller.exe
[2011/04/02 09:44:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/04/02 09:44:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/02 09:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/02 09:43:54 | 2011,664,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/02 09:39:56 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat
[2011/04/02 09:25:59 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-836566805-2028440598-3766242597-1000.job
[2011/04/02 09:02:07 | 000,855,641 | ---- | M] () -- C:\Users\Steve & Tammy\AppData\Roaming\PandaIDProtectHelp.chm
[2011/04/02 01:48:28 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~39837448r
[2011/04/02 01:48:28 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~39837448
[2011/04/02 01:43:26 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39837448
[2011/03/28 14:43:08 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/03/26 10:31:15 | 000,024,488 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS 13.any
[2011/03/26 10:03:34 | 000,071,654 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS 12.any
[2011/03/26 09:57:26 | 000,005,120 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2011/03/26 09:55:47 | 001,872,472 | ---- | M] () -- C:\Users\Steve & Tammy\Desktop\SmitfraudFix.exe
[2011/03/26 08:40:22 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AnyRail 4 EN.lnk
[2011/03/25 23:17:50 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~39182088r
[2011/03/25 23:17:50 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~39182088
[2011/03/25 22:42:58 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39182088
[2011/03/25 21:40:39 | 000,000,660 | ---- | M] () -- C:\Windows\System32\$UNREGISTERCMD$.CMD
[2011/03/25 20:58:46 | 000,000,384 | -H-- | M] () -- C:\ProgramData\29548296
[2011/03/25 20:52:32 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~29548296r
[2011/03/25 20:52:32 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~29548296
[2011/03/25 19:24:34 | 000,000,376 | -H-- | M] () -- C:\ProgramData\24829704
[2011/03/25 19:23:21 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~24829704r
[2011/03/25 19:23:21 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~24829704
[2011/03/25 18:53:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40427272r
[2011/03/25 18:53:49 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~40427272
[2011/03/25 18:53:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\40427272
[2011/03/24 09:39:13 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/24 09:39:13 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/18 10:54:57 | 000,067,891 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\Al Fresco Market Tote.pdf
[2011/03/14 03:34:57 | 000,043,493 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS11.any
[2011/03/14 03:09:14 | 000,095,037 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS3.any
[2011/03/13 21:53:43 | 000,025,836 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS10.any
[2011/03/13 21:28:45 | 000,015,940 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS9.any
[2011/03/13 21:22:04 | 000,030,696 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS8.any
[2011/03/13 21:07:43 | 000,031,223 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS6.any
[2011/03/13 20:51:53 | 000,018,704 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS5.any
[2011/03/13 18:01:51 | 000,082,927 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS4.any
[2011/03/12 20:08:18 | 000,059,503 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS2.any
[2011/03/09 16:58:03 | 000,211,256 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\21st ZX2.jpg
[2011/03/09 16:50:17 | 000,209,808 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\21st Plow Truck.jpg
[2011/03/09 16:32:39 | 000,184,364 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\21st wagon.jpg
[2011/03/09 00:08:06 | 000,088,576 | ---- | M] () -- C:\Users\Steve & Tammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/07 00:07:56 | 000,080,362 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\RGS1.any
[2011/03/06 14:04:16 | 000,000,346 | ---- | M] () -- C:\Users\Steve & Tammy\Documents\Untitled.any
[2011/03/05 14:52:32 | 000,088,815 | ---- | M] () -- C:\Windows\wininit.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 11:39:45 | 000,000,512 | ---- | C] () -- C:\Users\Steve & Tammy\Desktop\MBR.dat
[2011/04/02 11:36:54 | 001,058,816 | ---- | C] () -- C:\Users\Steve & Tammy\Desktop\RogueKiller.exe
[2011/04/02 09:35:21 | 2011,664,384 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/02 09:02:04 | 000,855,641 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Roaming\PandaIDProtectHelp.chm
[2011/04/02 01:43:58 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~39837448r
[2011/04/02 01:43:57 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~39837448
[2011/04/02 01:43:26 | 000,000,336 | -H-- | C] () -- C:\ProgramData\39837448
[2011/03/26 10:31:15 | 000,024,488 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS 13.any
[2011/03/26 10:03:34 | 000,071,654 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS 12.any
[2011/03/26 09:57:26 | 000,005,120 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2011/03/26 09:55:46 | 001,872,472 | ---- | C] () -- C:\Users\Steve & Tammy\Desktop\SmitfraudFix.exe
[2011/03/25 22:43:07 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~39182088r
[2011/03/25 22:43:07 | 000,000,080 | -H-- | C] () -- C:\ProgramData\~39182088
[2011/03/25 22:42:58 | 000,000,336 | -H-- | C] () -- C:\ProgramData\39182088
[2011/03/25 20:52:32 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~29548296r
[2011/03/25 20:52:31 | 000,000,080 | -H-- | C] () -- C:\ProgramData\~29548296
[2011/03/25 20:52:21 | 000,000,384 | -H-- | C] () -- C:\ProgramData\29548296
[2011/03/25 19:23:21 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~24829704r
[2011/03/25 19:23:21 | 000,000,080 | -H-- | C] () -- C:\ProgramData\~24829704
[2011/03/25 19:23:11 | 000,000,376 | -H-- | C] () -- C:\ProgramData\24829704
[2011/03/25 19:19:16 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-836566805-2028440598-3766242597-1000.job
[2011/03/25 18:53:49 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~40427272r
[2011/03/25 18:53:49 | 000,000,080 | -H-- | C] () -- C:\ProgramData\~40427272
[2011/03/25 18:53:45 | 000,000,336 | -H-- | C] () -- C:\ProgramData\40427272
[2011/03/18 10:54:57 | 000,067,891 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\Al Fresco Market Tote.pdf
[2011/03/14 03:34:57 | 000,043,493 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS11.any
[2011/03/13 21:53:42 | 000,025,836 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS10.any
[2011/03/13 21:28:45 | 000,015,940 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS9.any
[2011/03/13 21:22:04 | 000,030,696 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS8.any
[2011/03/13 21:07:43 | 000,031,223 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS6.any
[2011/03/13 20:51:53 | 000,018,704 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS5.any
[2011/03/13 18:01:51 | 000,082,927 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS4.any
[2011/03/12 19:49:09 | 000,095,037 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS3.any
[2011/03/12 18:32:23 | 000,059,503 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS2.any
[2011/03/09 16:35:38 | 000,209,808 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\21st Plow Truck.jpg
[2011/03/09 16:34:29 | 000,211,256 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\21st ZX2.jpg
[2011/03/09 16:32:39 | 000,184,364 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\21st wagon.jpg
[2011/03/08 23:38:31 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2011/03/06 23:27:47 | 000,080,362 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\RGS1.any
[2011/03/06 14:04:16 | 000,000,346 | ---- | C] () -- C:\Users\Steve & Tammy\Documents\Untitled.any
[2011/03/06 13:56:17 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AnyRail 4 EN.lnk
[2011/02/03 10:57:54 | 000,000,552 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Local\d3d8caps.dat
[2011/01/24 20:06:54 | 000,000,239 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Roaming\prefsdb.dat
[2010/12/16 11:07:24 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2010/09/04 13:19:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/09/04 13:19:14 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/06/09 10:12:53 | 000,007,728 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Local\d3d9caps.dat
[2010/05/25 19:04:35 | 000,025,409 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Roaming\UserTile.png
[2010/05/05 18:15:14 | 000,000,036 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Local\housecall.guid.cache
[2010/04/27 12:48:06 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/01/22 21:37:53 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/12/30 16:12:21 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/12/04 16:02:37 | 000,000,000 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Local\prvlcl.dat
[2009/11/15 15:09:59 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/29 12:28:00 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/09/18 23:29:53 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/09/18 23:29:52 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/09/18 23:29:52 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/09/18 23:29:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/09/03 12:15:05 | 000,000,000 | ---- | C] () -- C:\Windows\ResortingToDanger.INI
[2009/07/01 18:14:18 | 000,007,261 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/09 20:06:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/09 20:06:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/14 19:47:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/05/08 19:45:43 | 000,088,815 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/29 11:13:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/29 11:13:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/29 11:13:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/29 11:13:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/29 11:13:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/04/29 11:13:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/29 11:13:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/29 11:13:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/29 11:13:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/29 11:13:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/29 11:13:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/29 11:13:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/29 11:13:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/29 11:13:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/29 11:13:50 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/29 11:13:50 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/29 11:02:10 | 000,000,044 | ---- | C] () -- C:\Windows\EPNX100.ini
[2009/04/27 16:13:16 | 000,000,108 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/04/26 22:45:17 | 000,088,576 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 20:13:52 | 000,000,236 | ---- | C] () -- C:\Users\Steve & Tammy\AppData\Roaming\wklnhst.dat
[2009/04/26 19:53:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/12 00:23:09 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/28 21:37:42 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/10/28 21:24:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,432,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/10/27 15:24:56 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Aerohills
[2009/08/14 21:30:36 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Aisle 5 Games, Inc
[2011/02/15 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Alawar
[2010/08/16 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Anarchy
[2009/09/18 23:32:53 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Any Video Converter
[2010/10/09 15:23:13 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Artifex Mundi
[2011/01/25 17:53:01 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Artogon
[2010/03/07 17:41:54 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Aveyond 3
[2010/10/13 10:47:02 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\AVG10
[2010/08/05 22:06:59 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Awem
[2009/06/19 22:20:43 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Azuaz Games
[2010/03/07 17:44:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\AzuazGames
[2011/02/24 23:09:26 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Azureus
[2010/02/11 02:14:06 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\BanzaiInteractive
[2010/10/16 13:25:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Big Fish Games
[2011/03/25 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\BitTorrent
[2009/11/25 20:24:53 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\blg
[2009/06/12 13:30:39 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\BloodTies
[2010/06/13 12:36:09 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Boomzap
[2009/12/08 01:41:34 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\ChaYoWo Games
[2009/10/04 12:06:39 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/04/06 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2009/11/13 17:54:55 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Dekovir
[2010/01/14 21:40:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Dragon Altar Games
[2011/03/06 13:56:48 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\DRail Modelspoor Software
[2011/02/17 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Dying for Daylight
[2011/02/17 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Dying for Daylight Shared
[2010/12/27 13:51:27 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\EleFun Games
[2010/02/28 18:29:24 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\ElementalsTheMagicKey
[2009/07/22 18:20:36 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Enlightenus
[2010/08/10 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Enlightenus2_BFG
[2009/10/31 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\EPSON
[2010/02/28 12:30:30 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\ERS G-Studio
[2011/02/23 19:18:14 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\ERS Game Studios
[2009/11/26 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\EscapeTheMuseum2
[2010/05/04 13:13:28 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Facebook
[2010/01/25 22:21:48 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Flood Light Games
[2009/10/08 23:05:51 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\FlyWheelGames
[2009/06/13 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\ForgottenRiddles2
[2011/02/25 20:51:03 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Friday's games
[2010/12/18 21:00:49 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Frogwares
[2011/01/25 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\FrostWire
[2009/09/26 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\funkitron
[2009/12/21 03:10:34 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Game Mill Entertainment
[2009/08/10 09:08:34 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\GameInvest
[2010/08/04 13:04:04 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Gamelab
[2009/12/08 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Gamers Digital
[2009/07/28 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Games
[2009/07/10 21:50:02 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\GAMESHASTRA
[2010/02/02 20:49:16 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Gestalt Games
[2010/03/20 15:33:26 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\GetRightToGo
[2010/09/09 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Ghost Ship Studios
[2011/01/24 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Gogii
[2010/01/22 20:25:53 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Green Clover Games
[2009/05/08 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\HiT-MM
[2010/02/01 20:18:45 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\iMaxGen
[2009/06/17 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\IOMediaSupport6SZZ001s
[2010/05/12 16:34:20 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Island
[2009/05/01 16:02:18 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Jasc
[2010/03/28 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Jetdogs Studios
[2009/10/19 01:23:58 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\KlickTock
[2010/05/17 01:23:52 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Lazy Turtle Games
[2009/04/29 11:16:07 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Leadertech
[2010/04/06 21:55:00 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\LegacyInteractive
[2011/01/20 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\LittleGamesCompany
[2010/11/13 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\MA2
[2009/10/05 23:32:01 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Magic Academy 2
[2009/12/09 15:06:08 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\MastersOfMystery2
[2010/03/23 22:32:45 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Merscom
[2010/02/09 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\MissTeriTale3
[2011/01/16 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Mystery of Mortlake Mansion
[2009/11/19 13:58:27 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\MysteryStudio
[2011/01/27 18:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Namco
[2009/04/30 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Office-Kit.com
[2011/02/08 16:11:27 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\OpenOffice.org
[2009/12/01 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Orneon
[2010/12/16 11:08:20 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Panda Security
[2010/05/25 19:04:35 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\PeerNetworking
[2009/10/18 12:03:21 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Ph03nixNewMedia
[2011/02/18 19:53:10 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Phantasmat_bf_se1
[2009/10/13 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Pirateville
[2010/09/04 10:35:32 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\PlayFirst
[2009/12/24 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Playrix Entertainment
[2010/03/20 20:20:12 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\PoBros
[2010/11/21 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\PopCapv1000
[2009/08/24 23:44:53 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Princess Isabella
[2010/03/18 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\QB9
[2010/03/28 15:40:59 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Roaming
[2011/01/18 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Robin Hood
[2009/06/20 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Shape games
[2011/01/25 23:21:19 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Shareaza
[2009/08/30 23:02:43 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\she_is_a_shadow
[2010/02/21 14:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Silverback Productions
[2010/06/25 17:03:04 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Skunk Studios
[2010/04/03 09:35:15 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Specialbit
[2009/06/17 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Spinapse
[2009/09/18 22:03:32 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\SprillRichiEng
[2009/06/16 18:31:09 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\SultansLabyrinth
[2010/05/26 00:01:56 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\SulusGames
[2011/04/02 09:01:11 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\SurfSecret Privacy Suite
[2009/06/17 18:26:04 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Suspects and Clues Players
[2009/06/17 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Suspects and Clues Prefs
[2009/04/30 08:01:53 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Template
[2010/01/21 01:13:49 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\TheFixerUpper
[2010/08/15 18:32:32 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\TikisLab
[2009/11/07 21:56:40 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\TitanicMystery
[2010/05/02 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Top Evidence
[2010/02/21 19:01:54 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\TripleHippo
[2009/07/09 09:46:35 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Uniblue
[2009/09/07 14:22:11 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\V-Games
[2010/01/30 02:38:32 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Valusoft
[2009/10/04 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\VampireSaga
[2010/08/11 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Vast Studios
[2010/05/01 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\VendelGAMES
[2010/10/22 11:59:17 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\Vogat Interactive
[2009/05/01 17:34:08 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\WildTangent
[2010/01/07 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\Steve & Tammy\AppData\Roaming\YoudaGames
[2011/03/28 14:43:08 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/04/02 09:41:58 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< aswMBR version 0.9.4 Copyright© 2011 AVAST Software >

< Run date: 2011-04-02 11:38:34 >

< ----------------------------- >

< 11:38:34.811 OS Version: Windows 6.0.6002 Service Pack 2 >

< 11:38:34.811 Number of processors: 1 586 0x5F03 >

< 11:38:34.813 ComputerName: STEVEANDTAMMY UserName: Steve & Tammy >

< 11:38:59.982 Initialize success >

< 11:39:16.882 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 >

< 11:39:16.884 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3 >

< 11:39:16.887 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000004c >

< 11:39:16.890 Disk 1 Vendor: ST316081 4.AA Size: 152627MB BusType: 6 >

< 11:39:18.925 Disk 1 MBR read successfully >

< 11:39:18.928 Disk 1 MBR scan >

< 11:39:20.932 Disk 1 scanning sectors +312579760 >

< 11:39:20.960 Disk 1 scanning C:\Windows\system32\drivers >

< 11:39:26.728 Service scanning >

< 11:39:27.976 Disk 1 trace - called modules: >

< 11:39:27.996 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys i8042prt.sys mouclass.sys >

< 11:39:28.000 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85b48ac8] >

< 11:39:28.004 3 CLASSPNP.SYS[879a08b3] -> nt!IofCallDriver -> [0x84f0d5f8] >

< 11:39:28.007 5 acpi.sys[8060c6bc] -> nt!IofCallDriver -> \Device\0000004c[0x84b15c28] >

< 11:39:28.015 Scan finished successfully >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:FDDD8917
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:404390E0
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:3D36932D
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:28CDD861
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:506E1E25
@Alternate Data Stream - 451 bytes -> C:\ProgramData\Temp:60A06E3E
@Alternate Data Stream - 270 bytes -> C:\ProgramData\Temp:49EF37B6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:123A86B5
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:938EB9FC
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:35FAD15D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:341C1FBD
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DC21D414
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FD000392
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:B190BE3A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:3AD6342E
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:2495D97A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:05670151
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E14FA16F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:AA0BC725
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:9720EBEF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:71004506
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:D2593961
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:ADE67221
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:89C28CF6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:32ED8AE7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C48A983C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5F7DD688
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F142DBA9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:7A032A04
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:32A82570
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:054F0F17
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:FED25C29
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:88A44CC1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:65AB2A58
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6247E766
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E29063FF
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:737160C1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6F0B6A5A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4C8FA829
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D8F9D810
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9491C9C7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:29629382
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:10CFA7D4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A3B8F70C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EA1919C7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D055FC10
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A5241382
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:90865A6D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7FCB9D0D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6444B424
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5FA4CB99
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:27D1368B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E7B49FBF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6C6EB3B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DE875C30
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D8134D8F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7FD903D7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5D351BC6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:471AD3D0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1181620C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E774F04D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DB77E2C4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C86B29EB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:BAC2F271
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:439E3411
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:3651A580
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2BC498A4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:25249477
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E732B44B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5FFC2819
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:EE39C93C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:AED33A42
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89CF6F9C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5025C6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E9FAC3AB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:98982C88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7ADB695A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:32FFF2D1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ED2998F5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:BA05E0C4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A56D6987
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:65B8AF94
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5EF1AD34
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5AE33054
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:38B32B54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:378824DE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:13EF4AF6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:C10635F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:700B9342
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4F8B72C9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:268BA8AB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:072F1F69
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:EB40BC91
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0D278FB5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:9E9A3410
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:85C3B823
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:82529191
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:7A0FEE87
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E2CFA9CD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:523B97A0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2DF54B62
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:96C9689F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6FD219F5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:041C0562
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5F8E280
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A60D0FA6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:386B39C3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:A6346EE9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:91DEEE71
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:5345C8F6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E91ADC66
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D92485C9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:708BB0FA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:086DE893
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:569CEE83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:090FB735
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:00D5EBC2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:DE47A3DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:57176330
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:55818279
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A2865730
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:96C05DC7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:40D8F125
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3539CD43
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3433021E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:1CB96B16
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:C8E82994
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:7881FECE
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:3595B780
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:598E0FFA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:55E1514E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:551BED5F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:45F3AD49
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:331B76C7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:2342AE46
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:957E9765
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:EEB25EAE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A00BCDEF
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:51F17BB8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:5197985B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:1C6CB897
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D0668210
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:69AF9D20
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:F9E10A82
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:F5B69884
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:12D2EB9C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:9B285B76
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:17C48B08
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:A93CCA6B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:ECCE99EF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:59C113EC
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5E9B629B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:51E1A4D8

< End of report >
  • 0

#9
ColtsFan18
Posted 02 April 2011 - 10:50 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
Extras Scan Log:
OTL Extras logfile created on: 4/2/2011 11:45:14 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steve & Tammy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 45.96 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive E: | 69.00 Gb Total Space | 21.33 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive F: | 5.50 Gb Total Space | 1.20 Gb Free Space | 21.73% Space Free | Partition Type: FAT32

Computer Name: STEVEANDTAMMY | User Name: Steve & Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C4F4CF-FD41-4DAC-8FED-BD2FC8CB09F6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{01A50E53-CB8A-4F1F-8379-89AD5B7E7215}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0529752E-6714-450D-A0B3-2FD032976CDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0850422A-AB69-4108-AEA0-71513C827EEB}" = rport=445 | protocol=6 | dir=out | app=system |
"{10960029-976E-467F-9F88-A4FA7DA219F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E984ED5-E32E-41B2-B959-87D017A06481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{204EFD27-71B2-418C-8004-48A7E50163BE}" = lport=138 | protocol=17 | dir=in | app=system |
"{221E969B-B32C-42DD-B509-2BC3E42D109F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{22D8418B-24C3-4B6C-8599-882BE2987EA3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{30095A12-8E01-482F-87CF-B55973E276A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31E7F418-ABD2-4E5D-BDD2-C54735174D75}" = lport=137 | protocol=17 | dir=in | app=system |
"{4885CC0E-A8E0-411D-9371-AC6505F69D74}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4F729BDA-1D20-43DE-880E-0D89DF75E282}" = rport=138 | protocol=17 | dir=out | app=system |
"{529F2E6E-096D-408A-8222-0580B2083D18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56BB5847-EAE1-4F56-98A8-29745EC3BA4B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63189415-236A-4A2C-BA3E-D71FCDE9F903}" = lport=10243 | protocol=6 | dir=in | app=system |
"{68B38338-4F5F-4331-AFCC-0FB01A2A7751}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6C1A7F9E-0B12-4782-ACC2-7007AC0BC536}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C40DF44-3B5D-41A3-929C-066EE38967CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6DD9776A-2774-4DBA-81EA-DC0906E99513}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B853078-EEFF-4A8C-9673-B13C55C1C102}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{832A3A29-B5E5-4132-90F8-6F36225D0DE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84ADD239-1C63-4E42-BF96-E97BD19B8B71}" = lport=139 | protocol=6 | dir=in | app=system |
"{AA0A1077-4429-4304-9EBF-476ED4CFFE59}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA2F2294-6E16-4849-81E4-CEF99C890D0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B079CEA1-553B-4D01-BA62-5EC7DEEB1E79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D956EC0F-6486-48AE-B7E3-EBBDB64D1901}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DFF217C9-70E6-474F-A67A-6F36FF8CA350}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F542C1B3-70DA-4482-9750-F4E33263180B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F85137B6-D113-47B2-954E-C5203CF214CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC36012B-96B0-45EA-9190-49B7034B3822}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024C01F1-225F-4F54-8B84-039341C63DAC}" = protocol=58 | dir=in | [email protected],-28545 |
"{048FFBF9-A84F-48F1-B0A2-780B46B29D37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E5F80BE-9C17-4ED7-84F7-52A28C41AC9B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{19277E00-0467-4A17-98D0-8F524A99FDD6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1B8F167E-294C-4163-B256-F1642575BCE2}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{303B721A-84ED-498D-ADD4-589A04D7EADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C22A2E4-6A58-4A81-95A3-5313CB4C1505}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5287E482-E769-4433-BB5D-E3F0ED5FCDEE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{53A773C8-DE41-490D-8D7C-FECE873CABF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5604550A-BEE6-4823-93D7-99802A91380D}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{569D493A-5F40-432D-AB54-810860A2584C}" = protocol=1 | dir=out | [email protected],-28544 |
"{58E5EE36-83F5-4DD4-B039-6440668A26EA}" = protocol=58 | dir=out | [email protected],-28546 |
"{5A69B170-533B-4832-A7D4-73230AE86606}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5BFFA0D3-FB27-43C5-ABE7-3E4FC4F5AC7B}" = protocol=6 | dir=out | app=system |
"{5E013535-AC60-453A-B865-069824C2AB04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65549EE5-0F2D-49EC-AFBD-DA3499920F5C}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{658841C6-691D-46FD-B609-4489A067D6E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71106936-B941-477A-8BD9-67E054DB70E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76A9C682-F3D6-41E9-A19D-7C1EC3949F8B}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{77CFC679-9C54-4653-8C35-A5C9F5CAF6BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{803767F9-34DB-4566-9143-1CD614B85DBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EC9FE82-8ED5-4C87-8746-FA3C7D9DA294}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F4BFC8A-C80E-40FE-A928-B5FC1AFE6759}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92177D82-0343-469B-B078-A8400EB16B5F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C7E87A3B-A330-4078-9A5A-857FA135DCB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD630E2E-E414-4344-BE1C-BFE49948E845}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{DE6710AA-620F-4EC6-996F-B8D7CDB840E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E6005EE9-1144-4C39-97A5-3B2A9C646391}" = protocol=1 | dir=in | [email protected],-28543 |
"{EA713773-CC38-4887-9E25-6CAB0DC645FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2561F0C-6222-47C5-BF0C-991CCE736015}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{06F8C536-D366-4000-B36F-7E2259C36B91}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{08E7EDD7-2878-452E-9954-883EB2FA7773}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{0D317FC6-6D59-44D8-980C-502CD6C5819E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{205BB548-166D-43C5-936C-9378E2918296}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{587AABC2-15E4-41DA-B29D-750CBBEB8049}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F108F0B-6180-4768-A4EF-A05C19B3CA63}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{64C5EEA8-633C-4C80-AE8F-FDF96087B106}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9E286EB3-FBA5-4DF0-9CDA-D317640A573F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{CBD7C178-3F9C-4EFC-8FE5-872DFB5DD38F}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0F8E62DF-0503-4FEC-B5F0-B610ACA45910}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{31B8C87A-2FAE-49BD-8CF2-6B6D7E7D0787}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3E0B3048-2176-40DF-9E9F-20A451F48FB1}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{76B91426-F271-491D-A3B8-9126EF6CFCC9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{90094502-6BF2-47DB-9614-13FF2CC976B8}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{94FFDCED-1FC1-43BC-B8C8-86429D534A66}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{A15AB9EC-3C53-427F-9DD3-C29FF9066EAB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E6F0D631-D631-4429-87FF-8382DCB9EBE8}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{FECA9247-8D74-4FB6-B9D5-3AED5DF38A4F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30DF32A9-EECA-4473-A73C-3E20F2EA9C89}" = Introductory Algebra
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9E6BCB-130E-4911-9193-F07B7B4998E6}" = AnyRailEN
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCF08FE4-C3CD-475B-9960-9F53EAF1808C}" = Jasc Digital Camera Support v5.01
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0901}" = Microsoft Picture It! Express 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB3D4C8C-62CA-4BAD-B3F5-58AC76692132}" = AnyRail4EN
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AviSynth" = AviSynth 2.5
"Behind the Reflection1.0" = Behind the Reflection
"BWIMC" = Cisco Video Surveillance Client
"CameraUserGuide-PSSX120IS" = Canon PowerShot SX120 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Introductory Algebra (Fall 2009 Student Version)" = Introductory Algebra (Fall 2009 Student Version)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Identity Protect" = Panda Identity Protect 3.0.44
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Picture It! Express 9
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"VLC media player" = VLC media player 1.1.8
"WildTangent emachines Master Uninstall" = eMachines Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-836566805-2028440598-3766242597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#10
Essexboy
Posted 02 April 2011 - 11:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill what I can see (and also tidy up a bit)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
    IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
    FF - prefs.js..browser.search.defaulturl: "http://www.startsearcher.com/?q="
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    [2010/06/09 10:15:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/11 11:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/01 09:57:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/08 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-836566805-2028440598-3766242597-1000..\Run: [Uniblue RegistryBooster 2] File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
    O33 - MountPoints2\{660f13c0-336f-11de-a8fd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Info.exe -- [2002/09/10 21:54:58 | 000,040,960 | -HS- | M] (XSS)
    [2011/04/02 11:38:28 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Steve & Tammy\Desktop\aswMBR.exe
    [2011/03/25 18:53:48 | 000,000,000 | ---D | C] -- C:\Users\Steve & Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Repair
    [2011/04/02 11:39:45 | 000,000,512 | ---- | M] () -- C:\Users\Steve & Tammy\Desktop\MBR.dat
    [2011/04/02 01:48:28 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~39837448r
    [2011/04/02 01:48:28 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~39837448
    [2011/04/02 01:43:26 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39837448
    [2011/03/25 23:17:50 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~39182088r
    [2011/03/25 23:17:50 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~39182088
    [2011/03/25 22:42:58 | 000,000,336 | -H-- | M] () -- C:\ProgramData\39182088
    [2011/03/25 20:58:46 | 000,000,384 | -H-- | M] () -- C:\ProgramData\29548296
    [2011/03/25 20:52:32 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~29548296r
    [2011/03/25 20:52:32 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~29548296
    [2011/03/25 19:24:34 | 000,000,376 | -H-- | M] () -- C:\ProgramData\24829704
    [2011/03/25 19:23:21 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~24829704r
    [2011/03/25 19:23:21 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~24829704
    [2011/03/25 18:53:49 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~40427272r
    [2011/03/25 18:53:49 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~40427272
    [2011/03/25 18:53:45 | 000,000,336 | -H-- | M] () -- C:\ProgramData\40427272

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

Advertisements

#11
ColtsFan18
Posted 02 April 2011 - 11:33 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
I'm having an issue with OTL. I followed your instructions and every time the program stops responding. I thought the first time it was maybe just a glitch. It wiped out the desktop and I had to go to the task manager to end the process. I still had no screen so I restarted and tried it again. Same thing. I let it sit for 15 minutes in the (not responding) mode and gave up and restarted again. Is there any way around this or something else I should try?
  • 0

#12
Essexboy
Posted 02 April 2011 - 11:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Jump straight to the Malwarebytes run please and once done run a fresh OTL scan. Did you notice from the bottom bar at what point OTL stopped responding ?
  • 0

#13
ColtsFan18
Posted 02 April 2011 - 11:41 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
Stopped responding right when is said [reboot]

I'll do the malwarebytes now and then try it again.
  • 0

#14
Essexboy
Posted 02 April 2011 - 11:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta for that data :D
  • 0

#15
ColtsFan18
Posted 02 April 2011 - 11:54 AM

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 389 posts
Malwarebytes log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6246

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/2/2011 12:53:38 PM
mbam-log-2011-04-02 (12-53-38).txt

Scan type: Quick scan
Objects scanned: 184492
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Going to try the OTL again now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP