WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista Security 2011 Virus Problem

Started by Ultilee Stupid , May 04 2011 08:12 PM

This topic is locked

123 replies to this topic

#1 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 04 May 2011 - 08:12 PM

A month ago i had a "Vista Security 2011 Virus Problem" and a member on here called oldman960 kindly helped and although i have several anti virus programs installed it's happened again!!!

Last thread
Last Problem

Checking back at the old thread oldman960 told me when i was clear of the virus that one of my anti virus programs was out of date and should be removed. I was busy at the time and stupidly didn't do that and seek more advice on anti virus protection....so i'm back again and hoping someone can help. :blush:

I've tried to do a system restore 4 or 5 times to get rid of the problem but i keep getting this message when i log in after the attempted restore

system restore did not complete successfully. Yourt Computer system files and settings were not changed

Details

An unspecified error occurred during System Restore.

I was just going to try and do the scans from the last thread but thought i'd better get advice from the experts.

Thanks for any help.

EDIT: I share the PC with two others but it's only happening on my side of things. Is it possible to start a new account, delete the infected account and then run Malwarebytes Anti-Malware to make sure the problem's gone?

Edited by Ultilee Stupid, 04 May 2011 - 08:28 PM.

Advertisements

Register to Remove

#2 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 05 May 2011 - 04:11 AM

Hi Ultilee Stupid,

Sorry you are still having problems. What symptoms are you experiencing?

Is this the same account we worked on before or did you create a new one?

Download OTL to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop
C:\ProgramData\kFpNiJj06300\*.* /s
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 05 May 2011 - 09:24 AM

Thanks for your reply but i've managed to do a system restore. I posted the above at 3:15am british time, woke up this morning and tried to do a system restore this time in safe mode and it's worked.

Hi Ultilee Stupid,

Sorry you are still having problems. What symptoms are you experiencing?

It was the same symptoms .

Is this the same account we worked on before or did you create a new one?

I created a new account but it was a fresh infection, i clicked on a site last night i don't usually go on and all of a sudden it started again. Since the last time i have scanned with Malwarebytes Anti-Malware several times and the results have been clear.

Is there anything i can do to stop this happening again?

Thanks for your help.

#4 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 05 May 2011 - 12:42 PM

Hi Ultilee Stupid, I can give you some security tips. You should still post the logs requested so I can see if there are any traces and which security programs you currently have installed.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#5 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 05 May 2011 - 02:09 PM

Ok no problem.

Only the OTL.Txt appeared

OTL logfile created on: 05/05/2011 20:36:02 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 55.02 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
Drive D: | 3.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\lxdacoms.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1142338
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/04 01:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 01:00:58 | 000,000,000 | ---D | M]

[2010/07/22 16:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions
[2009/03/31 00:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/04/06 17:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions
[2010/11/07 23:51:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/07 23:51:56 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011/04/06 17:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 17:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/01/03 20:39:01 | 000,000,000 | ---D | M] (Seekeen) -- C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
[2009/03/31 00:46:30 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2009/03/31 00:46:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/04 01:00:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/04 01:00:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/04 01:00:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/04 01:00:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/02 21:08:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O24 - Desktop BackupWallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 12:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 12:19:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 12:19:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/13 12:09:21 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 12:09:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 12:08:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 12:08:47 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 12:08:46 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 12:08:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 12:08:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 12:08:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 12:08:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 12:08:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 12:08:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 12:08:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 12:08:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 12:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 12:08:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 12:08:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 12:08:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 12:08:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 12:08:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 12:08:27 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 12:08:25 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 12:08:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 12:08:08 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 12:08:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 12:08:00 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/26 15:44:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009/03/26 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009/03/26 15:44:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009/03/26 15:44:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009/03/26 15:44:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009/03/26 15:44:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009/03/26 15:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009/03/26 15:44:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009/03/26 15:44:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009/03/26 15:44:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009/03/26 15:44:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009/03/26 15:44:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009/03/26 15:44:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009/03/26 15:44:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009/03/26 15:44:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009/01/06 18:40:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\VJones\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/05 20:41:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
[2011/05/05 20:40:29 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011/05/05 20:39:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
[2011/05/05 20:37:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
[2011/05/05 20:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 20:11:08 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 20:11:08 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 20:09:35 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for VJones.job
[2011/05/05 18:12:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 16:10:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 16:10:32 | 2134,073,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 16:07:04 | 000,609,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 16:07:04 | 000,108,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 14:24:14 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
[2011/05/05 02:50:11 | 000,012,064 | -HS- | M] () -- C:\ProgramData\77x8elykc0s0
[2011/05/02 15:16:38 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/25 22:40:01 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/14 12:37:31 | 003,631,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/05 11:23:44 | 2134,073,344 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/05 01:46:18 | 000,012,064 | -HS- | C] () -- C:\ProgramData\77x8elykc0s0
[2011/04/02 20:48:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 20:48:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 20:48:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 20:48:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 20:48:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 21:54:27 | 000,000,036 | ---- | C] () -- C:\Users\VJones\AppData\Local\housecall.guid.cache
[2011/03/31 17:59:43 | 000,011,384 | -HS- | C] () -- C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/02/02 18:42:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/02 18:42:16 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/02 18:42:15 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/02 18:42:11 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/17 17:55:23 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/12/17 17:55:23 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/12/17 17:55:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/12/17 17:55:22 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/09/15 19:37:21 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/09/14 00:34:07 | 000,000,088 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/21 23:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/21 23:02:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 21:41:01 | 000,001,044 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2009/03/26 15:44:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009/03/26 15:44:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009/03/18 13:24:34 | 000,000,308 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009/01/22 22:29:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/01/21 21:31:33 | 000,013,824 | ---- | C] () -- C:\Users\VJones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 18:40:41 | 000,007,887 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.cat
[2009/01/06 18:40:41 | 000,001,144 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.inf
[2009/01/02 20:31:21 | 000,000,552 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d8caps.dat
[2009/01/02 20:28:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 19:03:58 | 000,000,680 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d9caps.dat
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/01/22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,631,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/27 13:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2009/09/12 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\DriverCure
[2009/09/15 18:34:59 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\FMZilla
[2009/03/31 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Greyfirst
[2010/02/22 01:02:19 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\ManyCam
[2009/09/12 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Reg Tool
[2009/09/12 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Systweak
[2009/09/14 00:34:09 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Template
[2011/04/05 17:09:12 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Vso
[2011/05/05 16:09:17 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/05 20:37:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
[2011/05/05 14:24:14 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
[2011/05/05 20:39:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
[2011/05/05 20:41:00 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/09/15 18:42:06 | 000,106,359 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/01/03 02:38:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/04/02 21:11:39 | 000,014,282 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2004/04/06 01:02:00 | 000,188,482 | ---- | M] (RealNetworks, Inc.) -- C:\helixprodctrl.dll
[2011/05/05 16:10:32 | 2134,073,344 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/18 13:16:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/09 19:09:30 | 000,001,284 | ---- | M] () -- C:\MP4debug.log
[2009/03/18 13:16:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/05 16:10:29 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys
[2002/12/06 15:02:00 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\pncrt.dll
[2009/01/09 17:30:48 | 000,004,747 | ---- | M] () -- C:\unins000.dat
[2003/11/28 05:00:00 | 000,075,922 | ---- | M] (Jordan Russell) -- C:\unins000.exe

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/31 18:33:06 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/01/29 05:05:52 | 000,102,400 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxdapp5c.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-05 11:15:18

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 13:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 13:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: EXPLORER.EXE-7A3328DA.PF >
[2011/05/05 19:13:19 | 000,264,714 | ---- | M] () MD5=D49A982037271445746E549ABA5F0B3B -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf

< MD5 for: IEXPLORE.EXE >
[2009/01/15 05:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2009/11/21 07:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/07/18 13:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 22:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/03/03 05:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 17:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010/02/23 16:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2009/04/11 07:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 06:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2010/01/02 15:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2010/05/04 07:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 07:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009/07/22 07:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/10/16 05:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2010/11/02 07:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/21 03:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 07:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2010/06/26 07:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 08:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2009/08/27 14:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2009/07/18 13:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2010/01/02 07:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/03 05:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2010/11/02 08:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2011/02/22 08:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2009/03/03 05:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2009/03/08 22:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 07:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\ERDNT\cache\iexplore.exe
[2010/12/18 07:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2009/07/21 22:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2009/04/24 17:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 07:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/04/24 17:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2008/10/16 05:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2009/11/21 16:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/03 05:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2009/07/18 12:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2010/06/26 07:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/15 05:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 17:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 13:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2009/03/08 22:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 22:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-1B894AFB.PF >
[2011/05/03 12:46:35 | 000,127,432 | ---- | M] () MD5=91A6C134AC37EA5D33721BE7237C0ACC -- C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/21 03:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/21 03:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 13:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/18 22:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 22:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< C:\ProgramData\kFpNiJj06300\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Edit: Just tried a second scan and still only one file appears.

Edited by Ultilee Stupid, 05 May 2011 - 02:28 PM.

#6 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 06 May 2011 - 03:57 AM

Hi Ultilee Stupid,

Only the OTL.Txt appeared

We'll get an EXtra.txt shortly.

There are some remnants of an infection showing in the log. You also appear to still have 2 antivirus programs running, AntiVir and COMODO Internet Security. These will conflict causing slow downs, system lockup, etc. Having multiple antivirus programs running will not give you more protection. Please uninstall one of them.

sfi.dat is a Comodo file related to it's antivirus program. This may explain why you had problems with System Restore in normal windows.
http://forums.mydigi...omodo-antivirus

Next, Right click on OTL.exe and chose Run as Administrator to run it

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:Files
C:\ProgramData\77x8elykc0s0
C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub

:Commands
[createrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

Next

Please open OTL if it is not opened after the reboot.

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the Extra Registry section change it to All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please the Extra.txt.

Please post back with

OTL fix log
Extra.txt
Which antivirus proram you are keeping
any and all symptoms you are experiencing

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#7 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 06 May 2011 - 10:33 AM

Small problem. after the Run Fix had rebooted i logged in on the admin side instead of mine, the notepad popped up i clicked the X to save it so i could move it to my side but it just disappeared and now i can't find it. :smack:

OTL.Txt

OTL logfile created on: 06/05/2011 17:27:37 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 52.10 Gb Free Space | 34.96% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

Extra.txt.

OTL Extras logfile created on: 06/05/2011 17:27:37 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 52.10 Gb Free Space | 34.96% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1639CFB5-57C2-422D-AA68-0596AC2DC476}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe |
"{1E890BF5-599E-44EC-93A1-E1D9F31D9DB0}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{3EE111F7-1585-42D6-8FC5-A7CA9953B01C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe |
"{4257CDA0-C586-4EBF-83A5-BD57E7B8AF97}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4E3BC2FD-3D7D-45D7-BD20-C635C424E231}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{577AE97C-FDA6-4CE9-9A8A-1B2D2C925A54}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{6139DE7E-4865-4770-AAF7-61CF96EA8433}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{9C8C5190-5E08-4711-91ED-8DBA45BCDC3F}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C1BAE1C5-7189-4CC6-99A8-2B07FF20BD71}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7F3617B-AE69-46E6-902F-E894EF0D63E6}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{DA64ED50-053E-4E53-8402-043D8F6B765F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F571D738-1649-498E-B1B8-7F3628BCDE91}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe |
"{F898DDBF-9D12-40A1-A6AF-C9775642D85D}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{FCF652B0-B858-446F-9A69-1A42D248A498}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe |
"TCP Query User{20C777A6-0D45-4F84-86D9-AB6F9D6D9970}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3EAF1F4D-ADF6-4E65-86B2-4E0F84D37CD8}C:\users\chughes\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\chughes\downloads\utorrent.exe |
"TCP Query User{6D0E48A2-106F-49BD-9A21-5C1156639BDB}C:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe" = protocol=6 | dir=in | app=c:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe |
"TCP Query User{728FB822-7833-4FB3-A5DD-3962382F2E31}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{82DE2037-1C5F-4BCA-9A35-FEB8288AA27D}C:\users\chughes\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\chughes\desktop\utorrent.exe |
"TCP Query User{A9DC45EF-E9D5-47EC-A54A-E9B2ED27D430}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C3C0F0F7-FBD5-45B0-B053-7E51A6A6EBB8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C8CC6774-5CA2-466F-9F49-0E83C2102D77}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D88C3258-6AC4-46D1-9230-73623C8DE799}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{E5690AD5-D590-4CEA-B390-9B36E3592F7A}C:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe" = protocol=6 | dir=in | app=c:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe |
"UDP Query User{1F6458CD-76C9-45A5-9F55-F8A2A0CD5745}C:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe" = protocol=17 | dir=in | app=c:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe |
"UDP Query User{2AD04F48-77F8-4CD0-9502-E6AE519A6B82}C:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe" = protocol=17 | dir=in | app=c:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe |
"UDP Query User{54EDFBE3-3F25-4A3D-94C8-42954A7A5566}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{628763CA-9C97-4A41-A1B3-18D103AAD62C}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{7C7214A0-7EA0-4F04-BB69-3C30A1EE3664}C:\users\chughes\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\chughes\downloads\utorrent.exe |
"UDP Query User{94D4AB4F-9CA1-441F-987D-B04F36A27BE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C1E520D2-C586-4E1E-B8BE-672B33184448}C:\users\chughes\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\chughes\desktop\utorrent.exe |
"UDP Query User{C3290CF2-E1E5-4F7A-A66E-FF3A222103BB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FBF68B1B-8C38-4FA3-8F56-5440B315BDEA}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{FDD187AC-1DCF-41B1-A206-FCBFA90298FC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.10.170c
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.7.343
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E47D2974-AA5E-FlvAVI-B984-3CA48DFA2849}_is1" = FLAV FLV to AVI Converter 2.58.16
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudibleManager" = AudibleManager
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Celtx (2.0)" = Celtx (2.0)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"FastImageResizer" = FastImageResizer (remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG F~648C5368_is1" = Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG FLV Converter V1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Lexmark 640 Series" = Lexmark 640 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"My.Freeze.com Toolbar" = My.Freeze.com Toolbar
"NSS" = Norton Security Scan
"RealPlayer 6.0" = RealPlayer
"Softonic_English Toolbar" = Softonic_English Toolbar
"Spotify" = Spotify
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"UltraISO_is1" = UltraISO Premium V9.35
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.0-rc3
"VobSub" = VobSub v2.23 (Remove Only)
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2011 11:13:54 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2011 12:01:23 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/05/2011 12:10:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D70560

Session-context:
0x00000000 Session-context ThreadId: 0x00000CD0 Cleanup: 0

Error - 06/05/2011 12:11:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D703E0

Session-context:
0x00000000 Session-context ThreadId: 0x000003C8 Cleanup: 0

Error - 06/05/2011 12:11:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D70560

Session-context:
0x00000000 Session-context ThreadId: 0x00000CD0 Cleanup: 0

Error - 06/05/2011 12:12:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D703E0

Session-context:
0x00000000 Session-context ThreadId: 0x000009E8 Cleanup: 0

Error - 06/05/2011 12:12:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D70560

Session-context:
0x00000000 Session-context ThreadId: 0x00000CD0 Cleanup: 0

Error - 06/05/2011 12:13:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D703E0

Session-context:
0x00000000 Session-context ThreadId: 0x00000F94 Cleanup: 0

Error - 06/05/2011 12:13:11 | Computer Name = Home-PC | Source = ESENT | ID = 624
Description = Windows (2284) Windows: The version store for this instance (0) cannot
grow because it is receiving Out-Of-Memory errors from the OS. It is likely that
a long-running transaction is preventing cleanup of the version store and causing
it to build up in size. Updates will be rejected until the long-running transaction
has been completely committed or rolled back. Current version store size for this
instance: 0Mb Maximum version store size for this instance: 127Mb Global memory pre-reserved
for all version stores: 0Mb Possible long-running transaction: SessionId: 0x00D70560

Session-context:
0x00000000 Session-context ThreadId: 0x00000CD0 Cleanup: 0

Error - 06/05/2011 12:16:51 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 06/05/2011 07:12:28 | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 06/05/2011 07:15:27 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 06/05/2011 11:13:54 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 06/05/2011 11:13:54 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 06/05/2011 11:56:38 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 06/05/2011 11:57:40 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 06/05/2011 12:01:23 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 06/05/2011 12:01:23 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 06/05/2011 12:16:52 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 06/05/2011 12:16:52 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description =

< End of report >

Edited by Ultilee Stupid, 06 May 2011 - 10:33 AM.

#8 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 06 May 2011 - 12:47 PM

Hi Ultilee Stupid,

No problem.

The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numders that reflect the date and time stamp the fix was ran. It will be something similar to 06052011_111009.log . Please copy and paste the contents into your next reply.

µTorrent
You have LimeWire, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx

http://www.internetw...cles/art053.htm

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel

Depending on your setings, either
[*] click on the Uninstall a program option under the Programs category.
[*]If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
[/list]If you wish to keep it, please do not use it until your computer is cleaned.

My.Freeze.com Toolbar and Softonic English Toolbar

Questionable toolbars. If you don't use them I suggest you uninstall them.
http://www.systemloo...istant_dll.html
http://www.systemloo...t...ec8e7023&s=

Did you uninstall AntiVir?

Please post back with the OTL fix log.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 06 May 2011 - 01:23 PM

µTorrent
You have LimeWire, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

Yeah you pointed it out last time, i haven't used it in nearly a year, i just keep forgetting to uninstall.

My.Freeze.com Toolbar and Softonic English Toolbar

Questionable toolbars. If you don't use them I suggest you uninstall them.
http://www.systemloo...istant_dll.html
http://www.systemloo...t...ec8e7023&s=

Did you uninstall AntiVir?

Please post back with the OTL fix log.

Thanks

Uninstalled both. Also uninstalled AntiVir, should have mentioned in last post.

OTL fix log.

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\ProgramData\77x8elykc0s0 moved successfully.
C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Caz
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 54817544 bytes
->Java cache emptied: 169348 bytes
->FireFox cache emptied: 99870129 bytes
->Flash cache emptied: 175684 bytes

User: CHughes
->Temp folder emptied: 0 bytes
->Java cache emptied: 4368989 bytes
->Flash cache emptied: 658366 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ultimo Lee
->Temp folder emptied: 57720 bytes
->Temporary Internet Files folder emptied: 27428340 bytes
->Java cache emptied: 999869 bytes
->FireFox cache emptied: 75382605 bytes
->Google Chrome cache emptied: 6542699 bytes
->Flash cache emptied: 105656 bytes

User: UltimoLee
->Temp folder emptied: 73306 bytes
->Temporary Internet Files folder emptied: 19473933 bytes
->Java cache emptied: 369425 bytes
->FireFox cache emptied: 113034288 bytes
->Google Chrome cache emptied: 7799496 bytes
->Flash cache emptied: 348181 bytes

User: VJones
->Temp folder emptied: 3354610 bytes
->Temporary Internet Files folder emptied: 26186296 bytes
->Java cache emptied: 8274388 bytes
->FireFox cache emptied: 100237460 bytes
->Flash cache emptied: 6042 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121705315 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 640.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_170341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 07 May 2011 - 08:10 AM

The same problem has just happened. I was on a site i visit all the time.

COMODO came up in the corner telling me a program was looking to access the computer i pressed Block, i was asked again i clicked Block again then Firefox crashed and "Vista Total Security 2011" started to scan the compiter, i stopped that.

Just about to try a system restore again.

EDIT: I restored back to yesterday after the OTL scan and it's gone again. None of the other accounts on the computer were infected just mine.

Does this probably mean it's not the sites i'm visiting that are causing the infection?

Could it be Firefox or a firefox plugin? Should i try scanning with Malwarebytes?

Also is there a program i could download that could block me from accessing dangerous sites or a site checker?

2nd edit: Since the reboot this appears when any user logs in

Avira AntiVir Personal - Free Antivirus

CCPLG.XML:
Unable to find file (C:\Program Files\Avira\AntiVirDesktop\ccplg.xml).

When i try to unistall Avira AntiVir again this pops up

Setup could not determine the feature control file or was not able to read it correctly
[Errorcode: 7]

Edited by Ultilee Stupid, 07 May 2011 - 02:05 PM.

Advertisements

Register to Remove

#11 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 08 May 2011 - 02:33 AM

Hi Ultilee Stupid,

System Restore is not a drive image and does not restore the computer to the exact same state as it was. The error regarding Antivir is a result of everthing not being restored since you uninstalled Antivir previously. Please refrain from using System Restore unless instructed to.

Please do not run any scans or tools unless requested.

I'm not sure why you wanted to reinstall Antivur as you all ready have an antivirus program.

We'll start over and deal with Antivir as we go along. You need to run these tools from your usual account.

Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Right click on the file you downloaded and click "Run as Administrator". If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If GMER will not run in normal windows, please run it in Safe Mode

Next

Download aswMBR.exe ( 511KB ) to your desktop.

Right click the aswMBR.exe and select "Run as Adminstrator" to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next

Right click on OTL.exe and click "Run as Adminstrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the Extra Registry section change it to All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open 2 notepad windows. OTL.Txt and Extras.Txt.

Please post back with

GMER log
aswMBR log
OTL.txt
Extra.txt

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#12 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 08 May 2011 - 12:02 PM

I'm not sure why you wanted to reinstall Antivur as you all ready have an antivirus program.

I said uninstall. I looked in the control panel after the restore and it seemed to still be installed.

Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Right click on the file you downloaded and click "Run as Administrator". If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your next reply.

Tried to scan but windows crashed twice, on one of the times the computer rebooted. i tried in safe mode and it crashed again.

Am i supossed to leave C:\ checked? i did but there wasn't another option like the H:\ in the picture.

Since doing the scan, i've logged back in and my desktop looks a bit like safe mode. Big buttons, grey instead of black etc. but the admin side is fine.

I didn't do any of the other scans just in case there's a new problem. Is this looking serious ro is it a miner thing?

#13 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 08 May 2011 - 12:11 PM

Hi Ultilee Stupid,

Sorry about the Antivir uninstall confusion, misread your post.

The H in the GMER picture is there just as an example of what to uncheck in that section. C:\ needs to be checked. Don't worry about the GMER scan for now, just continue with the others.

Try this for your desktop icons

-Right click anywhere on an empty area on your Windows desktop.
-From the right click menu, select View > Classic Icons

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#14 Ultilee Stupid

Authentic Member

Authentic Member
197 posts

Posted 08 May 2011 - 12:29 PM

Desktop sorted, it was in appearances.

OTL logfile created on: 08/05/2011 19:21:35 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 62.14 Gb Free Space | 41.70% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\lxdacoms.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Users\Ultimo Lee\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1142338
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/04 01:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 01:00:58 | 000,000,000 | ---D | M]

[2010/07/22 16:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions
[2009/03/31 00:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/04/06 17:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions
[2010/11/07 23:51:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/07 23:51:56 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
[2011/04/06 17:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 17:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/01/03 20:39:01 | 000,000,000 | ---D | M] (Seekeen) -- C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
[2009/03/31 00:46:30 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2009/03/31 00:46:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/04/04 01:00:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/04/04 01:00:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/04/04 01:00:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/04/04 01:00:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/04/02 21:08:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O24 - Desktop BackupWallPaper: C:\Users\VJones\Desktop\Documents\tigers.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 18:17:36 | 000,100,736 | ---- | C] (GMER) -- C:\kxldipow.sys
[2011/05/06 17:03:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/27 12:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 12:19:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 12:19:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/13 12:09:21 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 12:09:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 12:08:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/13 12:08:47 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/13 12:08:46 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/13 12:08:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/13 12:08:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/13 12:08:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/13 12:08:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/13 12:08:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/13 12:08:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/13 12:08:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/13 12:08:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/13 12:08:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/13 12:08:42 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/13 12:08:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/13 12:08:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/13 12:08:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/13 12:08:41 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/13 12:08:27 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 12:08:25 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/13 12:08:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 12:08:08 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/13 12:08:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/13 12:08:00 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/03/26 15:44:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009/03/26 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009/03/26 15:44:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009/03/26 15:44:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009/03/26 15:44:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009/03/26 15:44:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009/03/26 15:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009/03/26 15:44:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009/03/26 15:44:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009/03/26 15:44:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009/03/26 15:44:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009/03/26 15:44:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009/03/26 15:44:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009/03/26 15:44:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009/03/26 15:44:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009/01/06 18:40:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\VJones\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/08 19:24:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
[2011/05/08 19:22:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
[2011/05/08 19:21:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job
[2011/05/08 19:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/08 19:19:50 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011/05/08 19:12:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/08 19:12:10 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
[2011/05/08 19:10:03 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:10:03 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 19:09:52 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 18:47:14 | 003,631,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/08 18:30:59 | 220,121,519 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 18:17:36 | 000,100,736 | ---- | M] (GMER) -- C:\kxldipow.sys
[2011/05/08 12:30:22 | 000,609,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/08 12:30:22 | 000,108,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/07 15:05:29 | 000,008,914 | -HS- | M] () -- C:\ProgramData\3cpi6tpt7m70gnf
[2011/05/06 17:18:43 | 000,001,044 | ---- | M] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2011/05/05 20:09:35 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for VJones.job
[2011/05/02 15:16:38 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/25 22:40:01 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

========== Files Created - No Company Name ==========

[2011/05/08 18:44:00 | 2136,133,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/07 15:03:22 | 000,008,914 | -HS- | C] () -- C:\ProgramData\3cpi6tpt7m70gnf
[2011/04/02 20:48:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/02 20:48:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/02 20:48:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/02 20:48:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/02 20:48:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 21:54:27 | 000,000,036 | ---- | C] () -- C:\Users\VJones\AppData\Local\housecall.guid.cache
[2011/02/02 18:42:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/02/02 18:42:16 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/02 18:42:15 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/02 18:42:11 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/17 17:55:23 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2009/12/17 17:55:23 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2009/12/17 17:55:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2009/12/17 17:55:22 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2009/09/15 19:37:21 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/09/14 00:34:07 | 000,000,088 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/21 23:02:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/21 23:02:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/14 21:41:01 | 000,001,044 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\vso_ts_preview.xml
[2009/03/26 15:44:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009/03/26 15:44:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009/03/18 13:24:34 | 000,000,308 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2009/01/22 22:29:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/01/21 21:31:33 | 000,013,824 | ---- | C] () -- C:\Users\VJones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 18:40:41 | 000,007,887 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.cat
[2009/01/06 18:40:41 | 000,001,144 | ---- | C] () -- C:\Users\VJones\AppData\Roaming\pcouffin.inf
[2009/01/02 20:31:21 | 000,000,552 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d8caps.dat
[2009/01/02 20:28:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 19:03:58 | 000,000,680 | ---- | C] () -- C:\Users\VJones\AppData\Local\d3d9caps.dat
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007/01/22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,631,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/27 13:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2009/09/12 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\DriverCure
[2009/09/15 18:34:59 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\FMZilla
[2009/03/31 00:53:55 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Greyfirst
[2010/02/22 01:02:19 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\ManyCam
[2009/09/12 22:44:21 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Reg Tool
[2009/09/12 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Systweak
[2009/09/14 00:34:09 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Template
[2011/05/06 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\VJones\AppData\Roaming\Vso
[2011/05/08 19:04:03 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/08 19:22:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{04F1B430-67A1-4B31-962C-B500816EFE55}.job
[2011/05/08 19:12:10 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{09CC4FE3-90EB-45E2-9902-ADEE35007982}.job
[2011/05/08 19:24:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{26438954-F43E-45EA-B377-13E87D63FBD8}.job
[2011/05/08 19:21:00 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3E4E7D37-EA7D-43AC-8038-284715408613}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 08/05/2011 19:21:35 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ultimo Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 62.14 Gb Free Space | 41.70% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: VJones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1639CFB5-57C2-422D-AA68-0596AC2DC476}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe |
"{1E890BF5-599E-44EC-93A1-E1D9F31D9DB0}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{3EE111F7-1585-42D6-8FC5-A7CA9953B01C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe |
"{4257CDA0-C586-4EBF-83A5-BD57E7B8AF97}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4E3BC2FD-3D7D-45D7-BD20-C635C424E231}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{577AE97C-FDA6-4CE9-9A8A-1B2D2C925A54}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{6139DE7E-4865-4770-AAF7-61CF96EA8433}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{9C8C5190-5E08-4711-91ED-8DBA45BCDC3F}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{C1BAE1C5-7189-4CC6-99A8-2B07FF20BD71}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7F3617B-AE69-46E6-902F-E894EF0D63E6}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{DA64ED50-053E-4E53-8402-043D8F6B765F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F571D738-1649-498E-B1B8-7F3628BCDE91}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe |
"{F898DDBF-9D12-40A1-A6AF-C9775642D85D}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe |
"{FCF652B0-B858-446F-9A69-1A42D248A498}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe |
"TCP Query User{20C777A6-0D45-4F84-86D9-AB6F9D6D9970}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3EAF1F4D-ADF6-4E65-86B2-4E0F84D37CD8}C:\users\chughes\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\chughes\downloads\utorrent.exe |
"TCP Query User{6D0E48A2-106F-49BD-9A21-5C1156639BDB}C:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe" = protocol=6 | dir=in | app=c:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe |
"TCP Query User{728FB822-7833-4FB3-A5DD-3962382F2E31}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{82DE2037-1C5F-4BCA-9A35-FEB8288AA27D}C:\users\chughes\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\chughes\desktop\utorrent.exe |
"TCP Query User{A9DC45EF-E9D5-47EC-A54A-E9B2ED27D430}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C3C0F0F7-FBD5-45B0-B053-7E51A6A6EBB8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C8CC6774-5CA2-466F-9F49-0E83C2102D77}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D88C3258-6AC4-46D1-9230-73623C8DE799}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{E5690AD5-D590-4CEA-B390-9B36E3592F7A}C:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe" = protocol=6 | dir=in | app=c:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe |
"UDP Query User{1F6458CD-76C9-45A5-9F55-F8A2A0CD5745}C:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe" = protocol=17 | dir=in | app=c:\users\ultimolee\downloads\utorrent-1.8.2.upx.exe |
"UDP Query User{2AD04F48-77F8-4CD0-9502-E6AE519A6B82}C:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe" = protocol=17 | dir=in | app=c:\users\ultimolee\desktop\utorrent-1.8.2.upx.exe |
"UDP Query User{54EDFBE3-3F25-4A3D-94C8-42954A7A5566}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{628763CA-9C97-4A41-A1B3-18D103AAD62C}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{7C7214A0-7EA0-4F04-BB69-3C30A1EE3664}C:\users\chughes\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\chughes\downloads\utorrent.exe |
"UDP Query User{94D4AB4F-9CA1-441F-987D-B04F36A27BE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C1E520D2-C586-4E1E-B8BE-672B33184448}C:\users\chughes\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\chughes\desktop\utorrent.exe |
"UDP Query User{C3290CF2-E1E5-4F7A-A66E-FF3A222103BB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FBF68B1B-8C38-4FA3-8F56-5440B315BDEA}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{FDD187AC-1DCF-41B1-A206-FCBFA90298FC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.10.170c
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.7.343
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E47D2974-AA5E-FlvAVI-B984-3CA48DFA2849}_is1" = FLAV FLV to AVI Converter 2.58.16
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Celtx (2.0)" = Celtx (2.0)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"FastImageResizer" = FastImageResizer (remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG F~648C5368_is1" = Kingdia Video to AVI DIVX WMV DVD MOV ASF MPEG FLV Converter V1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Lexmark 640 Series" = Lexmark 640 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"My.Freeze.com Toolbar" = My.Freeze.com Toolbar
"NSS" = Norton Security Scan
"RealPlayer 6.0" = RealPlayer
"Softonic_English Toolbar" = Softonic_English Toolbar
"Spotify" = Spotify
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"UltraISO_is1" = UltraISO Premium V9.35
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.0-rc3
"VobSub" = VobSub v2.23 (Remove Only)
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/05/2011 13:37:06 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application gsumz65o.exe, version 1.0.15.15627, time stamp
0x4dc13e64, faulting module gsumz65o.exe, version 1.0.15.15627, time stamp 0x4dc13e64,
exception code 0xc0000005, fault offset 0x0000c676, process id 0xde4, application
start time 0x01cc0da61d6101cb.

Error - 08/05/2011 13:40:22 | Computer Name = Home-PC | Source = EventSystem | ID = 4609
Description =

Error - 08/05/2011 13:40:58 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/05/2011 13:42:52 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application gsumz65o.exe, version 1.0.15.15627, time stamp
0x4dc13e64, faulting module gsumz65o.exe, version 1.0.15.15627, time stamp 0x4dc13e64,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x73c, application
start time 0x01cc0da72b09ab2d.

Error - 08/05/2011 13:45:08 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 08/05/2011 13:45:49 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/05/2011 13:50:19 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 08/05/2011 13:51:41 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/05/2011 14:10:09 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 08/05/2011 14:11:39 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 08/05/2011 13:40:59 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 08/05/2011 13:41:00 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 08/05/2011 13:41:01 | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 08/05/2011 13:41:02 | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 08/05/2011 13:41:04 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 08/05/2011 13:45:50 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08/05/2011 13:47:05 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 08/05/2011 13:51:42 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08/05/2011 14:11:40 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08/05/2011 14:12:41 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

< End of report >

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-08 19:18:36
-----------------------------
19:18:36.540 OS Version: Windows 6.0.6002 Service Pack 2
19:18:36.540 Number of processors: 2 586 0xF0D
19:18:36.540 ComputerName: HOME-PC UserName: VJones
19:19:00.252 Initialize success
19:19:06.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:19:06.367 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
19:19:08.395 Disk 0 MBR read successfully
19:19:08.395 Disk 0 MBR scan
19:19:08.411 Disk 0 unknown MBR code
19:19:10.439 Disk 0 scanning sectors +312496128
19:19:10.470 Disk 0 scanning C:\Windows\system32\drivers
19:19:16.835 Service scanning
19:19:18.457 Disk 0 trace - called modules:
19:19:18.473 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:19:18.489 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859ef2a0]
19:19:18.489 3 CLASSPNP.SYS[88b9e8b3] -> nt!IofCallDriver -> [0x857fb268]
19:19:18.504 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85810b98]
19:19:18.504 Scan finished successfully
19:20:12.964 Disk 0 MBR has been saved successfully to "C:\Users\Ultimo Lee\Desktop\MBR.dat"
19:20:12.964 The log file has been saved successfully to "C:\Users\Ultimo Lee\Desktop\aswMBR.txt"

edit: a question i should probably ask somewhere else but i'm not sure were to ask. Is it safe to use paypal to pay on ebay if i'm stil infected with Vista Security 2011 Virus Problem?

Attached Files

aswMBR.txt 1.38KB 399 downloads

Edited by Ultilee Stupid, 08 May 2011 - 02:01 PM.

#15 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 08 May 2011 - 03:08 PM

Hi Ultilee Stupid,

Is it safe to use paypal to pay on ebay if i'm stil infected with Vista Security 2011 Virus Problem?

I wouldn't for now. I also suggest you change your password once we clean you up.

Click on the Start button > Control Panel

Depending on your setings, either

click on the Uninstall a program option under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

Uninstall the following programs

My.Freeze.com Toolbar
Softonic_English Toolbar

Next, Right click on OTL.exe and chose Run as Administrator to run it

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:OTL
IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)
[2010/11/07 23:51:56 | 000,000,000 | ---D | M] (Softonic English Toolbar) -- C:\Users\VJones\AppData\Roaming\Mozilla\Firefox\Profiles\b3ps2o0c.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll (W3i, LLC)

:Reg

:Files
C:\ProgramData\3cpi6tpt7m70gnf

:Commands
[creatrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix.

We'll try Revo Uninstaller to take care of the Antivir remnants.

Download Revo Uninstaller

Right click the installation file on the desktop and click "Run as Administrator" to run the installer.
Let it install to the default location.
Right click the new Revo Uninstaller Icon on the desktop and click "Run as Administrator" to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

Locate the program you are uninstalling <Avira AntiVir Personal>

(Note is the program is not in the list do not continue, just exit the program.)
Right Click the Icon then choose Uninstall.
Click yes to the warning and choose the Uninstall Mode
Choose the Advanced option and then click Next.
This will launch the programs built in uninstaller. Be patient it can take several seconds.
Once the uninstaller is done click Next.
Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
Once this scan is done click Next.
You will then be presented of the leftover entries found by Revo Uninstaller
Look at ALL of the entries to ensure they relate to the uninstall.
Next click Select All > Delete to remove the entries.
Click Next.
If there are any program file folders left over you will be presented with a list to be removed.
Again look at ALL of the entries to ensure they are related to the uninstall.
Click Select All > Delete to remove the entries.
Click Finish to go back to the uninstall list.
Close the program

Let me know how you make out.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Body Background

skin color theme