Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have the Total Codec Virus.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have the Total Codec Virus.

Unread postby totalcodec » December 29th, 2010, 1:29 pm

I cant play any video's at all, when I try I get a message saying I need to install a new codec and when I click on it, it takes me to a page were you have to pay $9.95 or something like that. I don't go any further than that I just click off of it and then hit ctrl alt del to get rid of the message.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
scanner sequence 3.EM.11
----- EOF -----

gmerRK.txt
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-29 12:28:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 TOSHIBA_MK1652GSX rev.LV011C
Running: smg7w720.exe; Driver: C:\Users\Phyllis\AppData\Local\Temp\pxtdyfod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E2A6BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E2A69D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E2A6B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 dvd43llh.sys (dvd43llh.sys/RIF)
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Here are my hijack this info:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Phyllis at 2010-12-29 10:33:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (3%) free of 143 GB
Total RAM: 1790 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:58 AM, on 29/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Phyllis\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\ehome\ehmsas.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\PROGRA~1\MICROS~2\WkDStore.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\Phyllis\Downloads\RSIT.exe
C:\Program Files\trend micro\Phyllis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Bell Canada Connection Manager] "C:\Program Files\Bell\Mobile Connect\BellCanadaCM.exe" -a
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Users\Phyllis\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O15 - Trusted Zone: http://staplescanada.webprint.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-ca.cab
O18 - Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - C:\Users\Phyllis\AppData\Local\Temp\11E0.tmp
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SMSI Con App Svc (CASMSI) - SmithMicro Inc. - C:\Program Files\Bell\Mobile Connect\ConAppsSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: Native WiFi Profile Importer (ProfileImpSvc) - SmithMicro Inc. - C:\Program Files\Bell\Mobile Connect\ProfileImpSvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SMSI Rc App Svc (SMSIRcAppSvc) - SmithMicro Inc. - C:\Program Files\Bell\Mobile Connect\RcAppSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14554 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{DE0F15B6-5362-4275-B5D9-3DB99A5D7DF3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-03 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-11-13 3913000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-11-13 3913000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-11-13 3913000]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-11-13 3913000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-04-01 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-20 215552]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"lxdxmon.exe"=C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe [2008-06-13 668328]
"EzPrint"=C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe [2008-06-13 107176]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"Bell Canada Connection Manager"=C:\Program Files\Bell\Mobile Connect\BellCanadaCM.exe [2010-06-15 87320]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2009-10-23 827904]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"WeatherEye"=C:\Users\Phyllis\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2009-10-26 718232]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-12-02 395128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"DisallowRun"=0
"NoFind"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Program Files\Internet Explorer\Iexplore.exe" %1

======List of files/folders created in the last 3 months======

2010-12-29 10:33:16 ----D---- C:\Program Files\trend micro
2010-12-29 10:33:12 ----D---- C:\rsit
2010-12-29 09:41:23 ----D---- C:\Users\Phyllis\AppData\Roaming\Media Player Classic
2010-12-29 09:38:30 ----A---- C:\Windows\avisplitter.ini
2010-12-29 09:38:18 ----A---- C:\Windows\system32\yv12vfw.dll
2010-12-29 09:38:17 ----A---- C:\Windows\system32\xvidvfw.dll
2010-12-29 09:38:17 ----A---- C:\Windows\system32\xvidcore.dll
2010-12-29 09:38:16 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-12-29 09:38:15 ----A---- C:\Windows\system32\ff_vfw.dll
2010-12-29 09:06:56 ----D---- C:\Users\Phyllis\AppData\Roaming\Leawo
2010-12-29 09:06:56 ----D---- C:\ProgramData\Leawo
2010-12-29 09:05:55 ----A---- C:\Windows\system32\unrar.dll
2010-12-29 09:05:48 ----D---- C:\Program Files\K-Lite Codec Pack
2010-12-29 09:05:00 ----D---- C:\Program Files\Leawo
2010-12-19 19:27:59 ----D---- C:\Program Files\iPod
2010-12-19 19:18:29 ----D---- C:\Windows\LastGood.Tmp
2010-12-16 11:26:41 ----D---- C:\Program Files\QuickTime
2010-12-15 17:50:49 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 17:50:24 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 17:45:04 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 17:45:03 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 17:45:02 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 17:45:01 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 17:45:00 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 17:44:56 ----A---- C:\Windows\system32\consent.exe
2010-12-15 17:44:51 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 17:44:51 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 17:44:50 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 17:44:34 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 17:44:32 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 17:44:31 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 17:44:31 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 17:44:21 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-15 17:44:20 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 17:44:19 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 17:44:19 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 17:44:19 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 17:44:19 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 17:44:17 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 17:44:16 ----A---- C:\Windows\system32\occache.dll
2010-12-15 17:44:16 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-15 17:44:16 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-15 17:44:16 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 17:44:15 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 17:44:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 17:44:15 ----A---- C:\Windows\system32\iesetup.dll
2010-12-15 17:44:14 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 17:44:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 17:44:14 ----A---- C:\Windows\system32\iernonce.dll
2010-12-04 10:30:56 ----D---- C:\Program Files\OurBabyMaker_27EI
2010-12-03 22:53:52 ----A---- C:\Windows\ITBackEnd.INI
2010-12-03 19:49:20 ----D---- C:\MAGICDVDCOPY_TEMP
2010-12-03 16:56:24 ----D---- C:\ProgramData\vsosdk
2010-12-03 16:40:16 ----A---- C:\Windows\system32\drivers\pcouffin.sys
2010-12-03 16:40:16 ----A---- C:\Users\Phyllis\AppData\Roaming\pcouffin.sys
2010-12-03 16:40:16 ----A---- C:\Users\Phyllis\AppData\Roaming\inst.exe
2010-12-03 16:40:13 ----D---- C:\Users\Phyllis\AppData\Roaming\Vso
2010-12-03 16:39:36 ----D---- C:\Program Files\MagicDVDCopier
2010-12-03 15:57:34 ----D---- C:\temp_dvd
2010-12-03 00:55:05 ----D---- C:\AoATemp
2010-12-03 00:54:54 ----D---- C:\Users\Phyllis\AppData\Roaming\dvdcss
2010-12-03 00:54:38 ----AD---- C:\ProgramData\TEMP
2010-12-03 00:54:30 ----D---- C:\Program Files\AoA DVD Copy
2010-12-02 23:44:59 ----D---- C:\Program Files\Conduit
2010-12-02 23:44:54 ----D---- C:\Program Files\ConduitEngine
2010-12-02 23:44:45 ----D---- C:\Program Files\uTorrentBar
2010-12-02 23:44:01 ----D---- C:\Program Files\uTorrent
2010-12-02 23:41:35 ----D---- C:\Users\Phyllis\AppData\Roaming\uTorrent
2010-12-02 23:33:07 ----D---- C:\Users\Phyllis\AppData\Roaming\FrostWire
2010-12-02 23:32:53 ----D---- C:\Program Files\Ask.com
2010-12-02 23:32:09 ----D---- C:\Program Files\FrostWire
2010-12-02 22:16:19 ----A---- C:\Windows\system32\drivers\dvd43llh.sys
2010-12-02 22:16:18 ----D---- C:\Program Files\dvd43
2010-12-02 22:13:06 ----A---- C:\Windows\DVDShrink.txt
2010-12-02 22:12:56 ----D---- C:\Users\Phyllis\AppData\Roaming\AVS4YOU
2010-12-02 22:12:56 ----D---- C:\ProgramData\AVS4YOU
2010-12-02 22:11:43 ----D---- C:\Program Files\Common Files\AVSMedia
2010-12-02 22:11:42 ----A---- C:\Windows\system32\msxml3a.dll
2010-12-02 22:11:42 ----A---- C:\Windows\system32\mfc70.dll
2010-12-02 22:11:35 ----D---- C:\Program Files\AVS4YOU
2010-11-12 18:52:43 ----A---- C:\Windows\system32\wdapi811.dll
2010-11-12 18:48:28 ----N---- C:\Windows\system32\drivers\wdmstub.sys
2010-11-12 18:48:28 ----N---- C:\Windows\system32\drivers\tiehdusb.sys
2010-11-12 18:48:28 ----D---- C:\Program Files\Common Files\TI Shared
2010-11-12 18:42:36 ----A---- C:\Windows\system32\drivers\windrvr6.sys
2010-11-12 18:42:35 ----N---- C:\Windows\system32\wd_utils.dll
2010-11-12 18:42:30 ----D---- C:\Program Files\Common Files\Vernier Software
2010-11-12 18:42:23 ----D---- C:\Program Files\Vernier Software
2010-11-09 10:04:27 ----D---- C:\ProgramData\NOS
2010-11-09 10:04:27 ----D---- C:\Program Files\NOS
2010-10-27 08:35:06 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 08:35:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 08:35:00 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-25 16:46:05 ----D---- C:\ProgramData\DataCardService
2010-10-25 16:43:30 ----A---- C:\Windows\system32\webservices.dll
2010-10-25 16:37:44 ----D---- C:\Program Files\Common Files\PctelEapPeer Authentication
2010-10-25 16:37:43 ----D---- C:\Program Files\Sierra Wireless
2010-10-25 16:37:43 ----D---- C:\Program Files\Bell
2010-10-25 16:17:32 ----D---- C:\Program Files\Novatel Wireless
2010-10-13 16:34:55 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 16:34:52 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 16:34:25 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 16:34:24 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 16:34:24 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 16:34:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 16:34:20 ----A---- C:\Windows\system32\netevent.dll
2010-10-13 16:34:09 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 16:34:06 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 16:34:03 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 16:33:41 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 16:33:40 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 16:33:32 ----A---- C:\Windows\system32\msshsq.dll
2010-10-13 16:33:29 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 16:33:26 ----A---- C:\Windows\system32\comctl32.dll
2010-10-11 09:05:45 ----D---- C:\Users\Phyllis\AppData\Roaming\Research In Motion
2010-10-11 08:57:11 ----A---- C:\Windows\system32\drivers\RimSerial.sys
2010-10-11 08:56:07 ----D---- C:\ProgramData\Research In Motion
2010-10-11 08:55:30 ----D---- C:\Program Files\Research In Motion
2010-10-11 08:55:30 ----D---- C:\Program Files\Common Files\Research In Motion

======List of files/folders modified in the last 3 months======

2010-12-29 10:34:52 ----D---- C:\Users\Phyllis\AppData\Roaming\LimeWire
2010-12-29 10:33:46 ----D---- C:\Windows\Temp
2010-12-29 10:33:16 ----RD---- C:\Program Files
2010-12-29 09:52:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-12-29 09:52:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-29 09:41:18 ----D---- C:\Users\Phyllis\AppData\Roaming\DivX
2010-12-29 09:38:30 ----D---- C:\Windows
2010-12-29 09:38:19 ----D---- C:\Windows\System32
2010-12-29 09:06:56 ----HD---- C:\ProgramData
2010-12-29 09:05:46 ----SHD---- C:\Windows\Installer
2010-12-29 07:49:07 ----D---- C:\Windows\Prefetch
2010-12-29 07:42:41 ----D---- C:\Windows\system32\catroot
2010-12-29 07:28:02 ----SHD---- C:\System Volume Information
2010-12-28 10:06:01 ----D---- C:\ProgramData\Microsoft Help
2010-12-21 15:10:14 ----D---- C:\Windows\Web
2010-12-19 19:29:38 ----D---- C:\Program Files\iTunes
2010-12-19 19:27:56 ----D---- C:\Program Files\Common Files\Apple
2010-12-19 19:20:30 ----D---- C:\Windows\inf
2010-12-19 19:08:59 ----D---- C:\Program Files\Safari
2010-12-18 03:24:56 ----D---- C:\Windows\Microsoft.NET
2010-12-18 03:24:55 ----RSD---- C:\Windows\assembly
2010-12-18 03:13:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-18 03:07:43 ----D---- C:\Windows\system32\en-US
2010-12-18 03:07:31 ----D---- C:\Program Files\Microsoft.NET
2010-12-16 13:10:36 ----D---- C:\Windows\rescache
2010-12-16 12:52:52 ----D---- C:\Windows\winsxs
2010-12-16 12:37:25 ----D---- C:\Program Files\Windows Mail
2010-12-16 12:37:24 ----D---- C:\Windows\system32\migration
2010-12-16 12:37:24 ----D---- C:\Program Files\Internet Explorer
2010-12-16 12:07:31 ----D---- C:\Program Files\Microsoft Works
2010-12-16 11:37:25 ----D---- C:\Windows\system32\fr-FR
2010-12-16 11:29:12 ----D---- C:\Windows\system32\catroot2
2010-12-16 10:13:45 ----A---- C:\Windows\system32\mrt.exe
2010-12-05 13:02:25 ----D---- C:\Program Files\LimeWire
2010-12-03 16:41:40 ----D---- C:\Windows\system32\drivers
2010-12-02 23:33:35 ----D---- C:\Windows\system32\Tasks
2010-12-02 22:11:43 ----D---- C:\Program Files\Common Files
2010-11-12 18:52:28 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-12 18:42:30 ----RSD---- C:\Windows\Fonts
2010-10-28 02:20:24 ----D---- C:\Windows\AppPatch
2010-10-25 16:43:05 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-25 16:42:02 ----D---- C:\Program Files\Microsoft
2010-10-25 16:37:43 ----D---- C:\ProgramData\Bell
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-14 02:38:26 ----D---- C:\Program Files\Windows Media Player
2010-09-30 19:40:27 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-12-20 135096]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-22 61960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-04-17 203776]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2010-12-02 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2009-07-15 230400]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-12-03 47360]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-02-29 24840]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2008-04-22 194362]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2010-03-20 116736]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HP1319EWS;HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [2008-11-10 12800]
S3 HP1319FAX;HP1319MFP FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [2008-11-10 13824]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-03-25 105984]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2009-11-20 27072]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2010-05-23 32408]
S3 pxtdyfod;pxtdyfod; \??\C:\Users\Phyllis\AppData\Local\Temp\pxtdyfod.sys []
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-08 267944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-05-29 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 lxdx_device;lxdx_device; C:\Windows\system32\lxdxcoms.exe [2008-02-27 594600]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 NvtlService;NovaCore SDK Service; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-11-20 82944]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-25 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-27 98984]
S3 CASMSI;SMSI Con App Svc; C:\Program Files\Bell\Mobile Connect\ConAppsSvc.exe [2010-05-23 124184]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-04-07 246520]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ProfileImpSvc;Native WiFi Profile Importer; C:\Program Files\Bell\Mobile Connect\ProfileImpSvc.exe [2010-05-23 169240]
S3 SMSIRcAppSvc;SMSI Rc App Svc; C:\Program Files\Bell\Mobile Connect\RcAppSvc.exe [2010-05-23 120088]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am
Advertisement
Register to Remove

Re: I have the Total Codec Virus.

Unread postby deltalima » December 30th, 2010, 2:46 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby deltalima » December 30th, 2010, 3:11 pm

Hi totalcodec,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please post only the requested logs.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    uTorrent
    FrostWire
    LimeWire


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    AVAST
    Avira AntiVir
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

System drive C: has 5 GB (3%) free of 143 GB


You need to free up some disk space on the computer.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby totalcodec » December 31st, 2010, 8:40 am

Thanks so much. Any suggestions to free up space? It's for home use
Leawo DVD Creator version 2.6.0.0
4Media iPod to PC Transfer
7-Zip 4.65
Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
AVI DVD Burner v5.6.0.186
Avira AntiVir Personal - Free Antivirus
AVS Disc Creator version 5.0.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BlackBerry Desktop Software 6.0
BlackBerry Desktop Software 6.0
Bonjour
CCleaner
Cisco Clean Access Agent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant HD Audio
CyberLink DVD Suite
Daniusoft DVD Creator(Build 1.5.0.20)
Daniusoft iPod Music Transfer(Build 1.2.10)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Free DVD Decrypter version 1.4
Graphical Analysis 3.4
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP Total Care Advisor
HP Update
HP User Guides 0110
HP Wireless Assistant
HPNetworkAssistant
iDump (Backing up your iPod)
InstallVC90Support
iTunes
Java(TM) 6 Update 20
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
Lexmark 3600-4600 Series
Logger Lite 1.4
MDL Chime/Chime Pro for Internet Explorer
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Money 2005
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Microsoft Word 2002
Microsoft Works
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mobile Broadband Generic Drivers
Mobile Connect
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
Photo Hosting Uploader 1.0
Power2Go
PowerDirector
PVSonyDll
QuickPlay SlingPlayer 0.4.6
QuickTime
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
Staples Copy & Print 2.0
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xilisoft AVI to DVD Converter 6
Yahoo! Toolbar
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am

Re: I have the Total Codec Virus.

Unread postby deltalima » December 31st, 2010, 3:21 pm

Hi totalcodec,

Any suggestions to free up space?


We will remove temporary files later in the clean up. Please check for media files (especially video) that can be removed or moved to another disk drive or DVD.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby totalcodec » December 31st, 2010, 9:32 pm

OTL.txt
OTL logfile created on: 31/12/2010 8:11:14 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Phyllis\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.72 Gb Total Space | 16.99 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Drive D: | 9.32 Gb Total Space | 1.68 Gb Free Space | 18.06% Space Free | Partition Type: NTFS

Computer Name: PHYLLIS-PC | User Name: Phyllis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Phyllis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Aimersoft\DVD Creator\DVDCreator.exe (Aimersoft)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\DataCardService\DCService.exe ()
PRC - C:\ProgramData\DataCardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\HP\HP Software Update\HPWUCli.exe (Hewlett-Packard)
PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Windows\System32\lxdxcoms.exe ( )


========== Modules (SafeList) ==========

MOD - C:\Users\Phyllis\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (DCService.exe) -- C:\ProgramData\DataCardService\DCService.exe ()
SRV - (SMSIRcAppSvc) -- C:\Program Files\Bell\Mobile Connect\RcAppSvc.exe (SmithMicro Inc.)
SRV - (ProfileImpSvc) -- C:\Program Files\Bell\Mobile Connect\ProfileImpSvc.exe (SmithMicro Inc.)
SRV - (CASMSI) -- C:\Program Files\Bell\Mobile Connect\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (lxdx_device) -- C:\Windows\System32\lxdxcoms.exe ( )
SRV - (lxdxCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwusbdev) -- C:\Windows\System32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewusbnet) -- C:\Windows\System32\DRIVERS\ewusbnet.sys File not found
DRV - (dvd43llh) -- C:\Windows\System32\DRIVERS\dvd43llh.sys File not found
DRV - (aswTdi) -- File not found
DRV - (aswSP) -- File not found
DRV - (aswRdr) -- File not found
DRV - (aswMonFlt) -- File not found
DRV - (aswFsBlk) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTINDIS5) -- C:\Windows\System32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HP1319FAX) -- C:\Windows\System32\drivers\HP1319FAX.sys (Marvell Semiconductor, Inc.)
DRV - (HP1319EWS) -- C:\Windows\System32\drivers\HP1319EWS.sys (Marvell Semiconductor, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
IE - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=14196&l=dis"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=4BD1AB64-75AC-4EEA-A30A-35F153EE0A91&apn_ptnrs=FM&apn_sauid=92D8FE9F-DEF8-49E6-97F7-E84E5FEF3B15&apn_dtid=TES002A3CA&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 11:34:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 11:34:03 | 000,000,000 | ---D | M]

[2009/01/31 21:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Extensions
[2009/01/31 21:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/31 07:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\a78iwyd8.default\extensions
[2009/09/02 09:36:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\a78iwyd8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/02 23:44:42 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\a78iwyd8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/11/09 09:58:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\a78iwyd8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/05/16 17:14:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\a78iwyd8.default\extensions\moveplayer@movenetworks.com
[2009/03/31 16:31:30 | 000,001,632 | ---- | M] () -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\a78iwyd8.default\searchplugins\live-search.xml
[2010/12/31 07:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 08:50:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/08 14:51:21 | 000,419,188 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14467 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bell Canada Connection Manager] C:\Program Files\Bell\Mobile Connect\BellCanadaCM.exe (BellCanada)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000..\Run: [WeatherEye] C:\Users\Phyllis\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..Trusted Domains: webprint.com ([staplescanada] http in Trusted sites)
O15 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..Trusted Domains: webprint.com ([staplescanada] https in Trusted sites)
O15 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... den-ca.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... den-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Ripple.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Ripple.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/02 11:19:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{393c2d71-e45c-11dd-b5c5-001d727f5b28}\Shell\AutoRun\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{393c2d71-e45c-11dd-b5c5-001d727f5b28}\Shell\open\command - "" = RECYCLER\restore.exe
O33 - MountPoints2\{49fffe5d-6044-11df-bbc3-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{49fffe5d-6044-11df-bbc3-001d727f5b28}\Shell\AutoRun\command - "" = F:\AutoLaunch.exe -- File not found
O33 - MountPoints2\{59d4717b-ff02-11de-bcdc-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{59d4717b-ff02-11de-bcdc-001d727f5b28}\Shell\AutoRun\command - "" = F:\laucher.exe -- File not found
O33 - MountPoints2\{59d47266-ff02-11de-bcdc-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{59d47266-ff02-11de-bcdc-001d727f5b28}\Shell\AutoRun\command - "" = G:\laucher.exe -- File not found
O33 - MountPoints2\{8c3bac14-84d7-11df-b36b-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3bac14-84d7-11df-b36b-001d727f5b28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c3bac29-84d7-11df-b36b-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{8c3bac29-84d7-11df-b36b-001d727f5b28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9bc8090d-dad9-11df-8983-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{9bc8090d-dad9-11df-8983-001d727f5b28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9dfec24f-823b-11df-a627-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{9dfec24f-823b-11df-a627-001d727f5b28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9dfec25a-823b-11df-a627-001d727f5b28}\Shell - "" = AutoRun
O33 - MountPoints2\{9dfec25a-823b-11df-a627-001d727f5b28}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/31 12:17:41 | 000,000,000 | ---D | C] -- C:\DVD CreatorTemp
[2010/12/31 08:08:15 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\DVD Creator
[2010/12/31 08:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2010/12/31 07:23:26 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\Daniusoft DVD Creator
[2010/12/30 09:35:37 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\AviDvdBurner
[2010/12/30 09:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\AviDvdBurner
[2010/12/29 23:56:52 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Desktop\5 Day Inferno
[2010/12/29 23:49:53 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2010/12/29 23:49:51 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2010/12/29 23:49:25 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2010/12/29 23:45:30 | 001,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2010/12/29 20:28:02 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\Xilisoft AVI to DVD Converter 6
[2010/12/29 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Local\Xilisoft
[2010/12/29 20:19:58 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\Xilisoft
[2010/12/29 20:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2010/12/29 10:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/12/29 10:33:12 | 000,000,000 | ---D | C] -- C:\rsit
[2010/12/29 09:41:23 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\Media Player Classic
[2010/12/29 09:06:56 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\Leawo
[2010/12/29 09:06:56 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\Leawo
[2010/12/29 09:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2010/12/29 09:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/12/29 09:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2010/12/19 19:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/16 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/15 17:50:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/15 17:50:24 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/15 17:45:03 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/15 17:45:02 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/15 17:45:00 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/15 17:44:56 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/15 17:44:51 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/15 17:44:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/15 17:44:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/15 17:44:31 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/15 17:44:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/15 17:44:19 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/15 17:44:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/15 17:44:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/15 17:44:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/15 17:44:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/15 17:44:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/15 17:44:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/15 17:44:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/15 17:44:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/15 17:44:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/15 17:44:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/15 17:44:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/15 17:44:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/15 17:44:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/15 17:44:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/04 10:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\OurBabyMaker_27EI
[2010/12/03 16:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/12/03 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Local\MagicSoftware
[2010/12/03 16:40:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Phyllis\AppData\Roaming\pcouffin.sys
[2010/12/03 16:40:15 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\PcSetup
[2010/12/03 16:40:13 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\Vso
[2010/12/03 15:57:34 | 000,000,000 | ---D | C] -- C:\temp_dvd
[2010/12/03 00:55:05 | 000,000,000 | ---D | C] -- C:\AoATemp
[2010/12/03 00:54:54 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\dvdcss
[2010/12/03 00:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/03 00:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\AoA DVD Copy
[2010/12/03 00:49:43 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Desktop\VIDEO_TS
[2010/12/03 00:49:43 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Desktop\AUDIO_TS
[2010/12/02 23:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/02 23:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/02 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2010/12/02 23:33:28 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\FrostWire
[2010/12/02 23:33:07 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\FrostWire
[2010/12/02 23:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/12/02 23:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/12/02 22:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43
[2010/12/02 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\AVS4YOU
[2010/12/02 22:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/12/02 22:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/12/02 22:11:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
[2010/12/02 22:11:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010/12/02 22:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/10/20 08:57:03 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2009/10/20 08:57:03 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2009/10/20 08:57:02 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2009/10/20 08:57:02 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2009/10/20 08:57:02 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2009/10/20 08:57:01 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2009/10/20 08:57:01 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2009/10/20 08:57:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2009/10/20 08:56:59 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2009/10/20 08:56:57 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2009/10/20 08:56:57 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[4 C:\Users\Phyllis\Documents\*.tmp files -> C:\Users\Phyllis\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/31 19:39:26 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE0F15B6-5362-4275-B5D9-3DB99A5D7DF3}.job
[2010/12/31 19:39:24 | 000,065,229 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/12/31 19:39:20 | 000,065,229 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/12/31 19:39:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/31 14:39:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/31 14:39:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/31 08:07:20 | 000,000,973 | ---- | M] () -- C:\Users\Phyllis\Desktop\Aimersoft DVD Creator.lnk
[2010/12/31 07:24:46 | 000,001,013 | ---- | M] () -- C:\Users\Phyllis\Desktop\Daniusoft DVD Creator.lnk
[2010/12/30 09:35:00 | 000,000,876 | ---- | M] () -- C:\Users\Phyllis\Application Data\Microsoft\Internet Explorer\Quick Launch\AVI DVD Burner.lnk
[2010/12/30 09:35:00 | 000,000,852 | ---- | M] () -- C:\Users\Phyllis\Desktop\AVI DVD Burner.lnk
[2010/12/29 23:51:49 | 000,001,086 | ---- | M] () -- C:\Users\Phyllis\Desktop\AVS4YOU Software Navigator.lnk
[2010/12/29 23:50:21 | 000,001,030 | ---- | M] () -- C:\Users\Phyllis\Desktop\AVS Video Converter.lnk
[2010/12/29 23:48:42 | 000,000,994 | ---- | M] () -- C:\Users\Phyllis\Desktop\AVS Disc Creator.lnk
[2010/12/29 20:17:58 | 000,001,993 | ---- | M] () -- C:\Users\Phyllis\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft AVI to DVD Converter 6.lnk
[2010/12/29 20:17:58 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft AVI to DVD Converter 6.lnk
[2010/12/29 11:42:09 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/29 11:40:31 | 1877,348,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/29 11:40:29 | 261,576,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/29 10:36:02 | 000,030,904 | ---- | M] () -- C:\Users\Phyllis\Documents\Let's Get It.docx
[2010/12/29 10:35:56 | 000,033,512 | ---- | M] () -- C:\Users\Phyllis\AppData\Roaming\wklnhst.dat
[2010/12/29 09:59:32 | 000,000,858 | ---- | M] () -- C:\Users\Phyllis\Desktop\CKScanner - Shortcut.lnk
[2010/12/29 09:05:25 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\Leawo DVD Creator.lnk
[2010/12/29 07:44:56 | 000,353,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/28 11:43:31 | 000,046,080 | ---- | M] () -- C:\Users\Phyllis\Documents\The Great Doctrines of the Bible The Doctrine of the Scriptures.doc
[2010/12/25 14:40:08 | 006,024,280 | ---- | M] () -- C:\Users\Phyllis\Desktop\nosejob
[2010/12/20 14:56:43 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/19 19:29:42 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/19 19:09:03 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/12/19 19:09:03 | 000,001,854 | ---- | M] () -- C:\Users\Phyllis\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/12/19 19:05:39 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/12/18 19:10:31 | 000,014,509 | ---- | M] () -- C:\Users\Phyllis\Documents\Budget.xlsx
[2010/12/18 03:13:35 | 000,681,856 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/12/18 03:13:35 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/18 03:13:35 | 000,130,648 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/12/18 03:13:35 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/16 11:30:42 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/13 14:37:24 | 010,915,840 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2010/12/13 14:37:20 | 010,833,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2010/12/03 22:53:52 | 000,000,025 | ---- | M] () -- C:\Windows\ITBackEnd.INI
[2010/12/03 16:40:16 | 000,087,608 | ---- | M] () -- C:\Users\Phyllis\AppData\Roaming\inst.exe
[2010/12/03 16:40:16 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Phyllis\AppData\Roaming\pcouffin.sys
[2010/12/03 16:40:16 | 000,007,887 | ---- | M] () -- C:\Users\Phyllis\AppData\Roaming\pcouffin.cat
[2010/12/03 16:40:16 | 000,001,144 | ---- | M] () -- C:\Users\Phyllis\AppData\Roaming\pcouffin.inf
[2010/12/03 16:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
[2010/12/03 09:35:11 | 009,685,179 | ---- | M] () -- C:\Users\Phyllis\Desktop\P90X Poster.pdf
[2010/12/02 16:21:59 | 000,224,415 | ---- | M] () -- C:\Users\Phyllis\Desktop\VERIFICATION OF ENROLMENT2960015.pdf
[2010/12/02 16:21:09 | 000,515,892 | ---- | M] () -- C:\Users\Phyllis\Documents\VERIFICATION OF ENROLMENT2960015.docx
[2010/12/02 16:02:15 | 000,515,902 | ---- | M] () -- C:\Users\Phyllis\Documents\Verification of Enrolment.docx
[2010/12/02 00:02:49 | 000,069,120 | ---- | M] () -- C:\Users\Phyllis\Desktop\LAN Final Paper- Andrea Dias.doc
[4 C:\Users\Phyllis\Documents\*.tmp files -> C:\Users\Phyllis\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/31 08:07:20 | 000,000,973 | ---- | C] () -- C:\Users\Phyllis\Desktop\Aimersoft DVD Creator.lnk
[2010/12/31 07:24:46 | 000,001,013 | ---- | C] () -- C:\Users\Phyllis\Desktop\Daniusoft DVD Creator.lnk
[2010/12/30 09:35:00 | 000,000,876 | ---- | C] () -- C:\Users\Phyllis\Application Data\Microsoft\Internet Explorer\Quick Launch\AVI DVD Burner.lnk
[2010/12/30 09:35:00 | 000,000,852 | ---- | C] () -- C:\Users\Phyllis\Desktop\AVI DVD Burner.lnk
[2010/12/29 23:51:24 | 000,001,086 | ---- | C] () -- C:\Users\Phyllis\Desktop\AVS4YOU Software Navigator.lnk
[2010/12/29 23:50:21 | 000,001,030 | ---- | C] () -- C:\Users\Phyllis\Desktop\AVS Video Converter.lnk
[2010/12/29 23:48:42 | 000,000,994 | ---- | C] () -- C:\Users\Phyllis\Desktop\AVS Disc Creator.lnk
[2010/12/29 20:17:58 | 000,001,993 | ---- | C] () -- C:\Users\Phyllis\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft AVI to DVD Converter 6.lnk
[2010/12/29 20:17:58 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft AVI to DVD Converter 6.lnk
[2010/12/29 11:03:57 | 261,576,758 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/29 09:59:32 | 000,000,858 | ---- | C] () -- C:\Users\Phyllis\Desktop\CKScanner - Shortcut.lnk
[2010/12/29 09:07:07 | 000,000,077 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\moyea_dia2.log
[2010/12/29 09:05:55 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/29 09:05:25 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\Leawo DVD Creator.lnk
[2010/12/25 15:52:16 | 000,046,080 | ---- | C] () -- C:\Users\Phyllis\Documents\The Great Doctrines of the Bible The Doctrine of the Scriptures.doc
[2010/12/25 14:39:16 | 006,024,280 | ---- | C] () -- C:\Users\Phyllis\Desktop\nosejob
[2010/12/19 19:29:42 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/16 11:30:42 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/03 22:53:52 | 000,000,025 | ---- | C] () -- C:\Windows\ITBackEnd.INI
[2010/12/03 16:41:56 | 000,000,034 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\pcouffin.log
[2010/12/03 16:40:16 | 000,087,608 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\inst.exe
[2010/12/03 16:40:16 | 000,007,887 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\pcouffin.cat
[2010/12/03 16:40:16 | 000,001,144 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\pcouffin.inf
[2010/12/03 15:57:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2010/12/03 09:35:11 | 009,685,179 | ---- | C] () -- C:\Users\Phyllis\Desktop\P90X Poster.pdf
[2010/12/02 16:21:59 | 000,224,415 | ---- | C] () -- C:\Users\Phyllis\Desktop\VERIFICATION OF ENROLMENT2960015.pdf
[2010/12/02 16:16:39 | 000,515,892 | ---- | C] () -- C:\Users\Phyllis\Documents\VERIFICATION OF ENROLMENT2960015.docx
[2010/12/02 16:02:12 | 000,515,902 | ---- | C] () -- C:\Users\Phyllis\Documents\Verification of Enrolment.docx
[2010/12/02 00:02:47 | 000,069,120 | ---- | C] () -- C:\Users\Phyllis\Desktop\LAN Final Paper- Andrea Dias.doc
[2010/10/11 09:05:48 | 000,000,077 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\Rim.Desktop.Exception.log
[2010/10/11 08:56:56 | 000,000,801 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/03 17:10:52 | 000,000,670 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\Tempm.vbs
[2010/01/24 22:17:03 | 000,000,000 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\FnF4.txt
[2010/01/18 18:29:25 | 000,167,936 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2009/10/28 08:25:44 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2009/10/20 09:02:17 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxdxcoin.dll
[2009/10/20 09:00:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2009/10/20 08:58:10 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2009/10/20 08:58:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2009/10/20 08:58:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2009/10/20 08:57:25 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2009/10/20 08:57:03 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2009/10/20 08:56:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2009/09/12 21:14:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/05 18:27:15 | 000,018,432 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/30 12:49:43 | 000,000,680 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\d3d9caps.dat
[2008/12/29 23:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\QSwitch.txt
[2008/12/29 23:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\DSwitch.txt
[2008/12/29 23:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\AtStart.txt
[2008/12/29 21:35:33 | 000,033,512 | ---- | C] () -- C:\Users\Phyllis\AppData\Roaming\wklnhst.dat
[2008/12/29 21:20:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/10 03:49:28 | 000,065,229 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/10 03:49:28 | 000,065,229 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/06/02 11:40:21 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/29 17:08:08 | 000,024,840 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8E3D07DE

< End of report >


Extras.txt
OTL Extras logfile created on: 31/12/2010 8:11:14 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Phyllis\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.72 Gb Total Space | 16.99 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Drive D: | 9.32 Gb Total Space | 1.68 Gb Free Space | 18.06% Space Free | Partition Type: NTFS

Computer Name: PHYLLIS-PC | User Name: Phyllis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03990537-99C1-4B47-B325-68B94B7A7C74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{04F1F182-B3A4-4F9D-9E16-FB413F4632F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A8BAE4F-80AB-4AC9-B164-E81AF59F9CBB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20B41B65-1BEB-4227-BA9D-2A1DDE772FBA}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E1BFFEB-12A9-4141-987C-67F9D806A4C9}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{3FBF69EB-96F0-4C7A-80EB-79590BAC33CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{576902C6-7F05-42DF-8B33-952A3E9F1769}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D753989-2013-48EA-8BDF-FC10BCBCB787}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{735AD1D3-930D-49EC-86D7-074BF77C0E09}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{779BEA5C-8EE7-41DA-B936-4A09B3699D26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E7DDF95-7849-4997-8CB1-B9A8EC4A832A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{86DBB387-2E6B-44F5-A05F-1C24036AFE44}" = lport=138 | protocol=17 | dir=in | app=system |
"{913C0BC9-2D62-4524-8A60-F2CF26386865}" = rport=137 | protocol=17 | dir=out | app=system |
"{95980709-70DC-4801-8AC2-D92F54B8D9D5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A67914A1-38B5-445B-98C4-60A47791B98E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{AECD7A37-5CF8-49BB-AB90-DC81C06431A6}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{CDCCBF9D-14F7-49B5-99C3-EF61CE2E715E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{E33DF97D-2BB3-4C91-9352-4F9104F02E6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED393D1C-1755-4D87-A08A-2FBFFA3372DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8C1BB61-A671-4841-ADAE-E44BD0B249FC}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B5E623-3469-4F4A-A6C7-7FA2CC909E3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{04A1E660-7EEF-4FAC-ADFD-8EEBDD2A5E2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{05E3F34F-CB5E-4D44-A808-D622D79E1798}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{10772079-F3E7-4D26-8CEA-4E861E7F73C3}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{11817562-9859-4455-8013-BC7C57C326C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1500CE92-BABB-4948-9EE4-47FCD9D4BF61}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{150E33C6-3BFE-4C8F-9BEC-194EE132AB84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B0E9FC9-6B44-4856-B97A-43A11593B892}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3427A718-1168-496C-89FE-D0318E3A8018}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{347D86BE-D4D6-497D-AD19-7CBF5D8F56EE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3A357243-3F8E-4E15-8D14-CFBF40237848}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{44FE020D-3440-4C7E-9A19-A51E5CDF10D8}" = protocol=17 | dir=in | app=c:\users\phyllis\appdata\local\temp\lxdx\wireless\lxdxwpss.exe |
"{479DC70B-6094-442F-A136-32A8AAA75FB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59755EE3-7A75-4465-ACA0-11078A08F8D0}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{5E3B4AD0-C959-485E-B474-DFA709A2CF2C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5E940CAB-B4C5-4717-B80B-6F0959D3766F}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{61CDFC55-ADA4-4CCA-A28C-F084435337F8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{620CD8DD-7A68-4FC0-A35B-73114E7DD8BD}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{6550E041-319C-4386-AE62-AF40FD3D710C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
"{6F2DDCA7-C5D2-434B-B153-8B8CD4ACEC3A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcfg.exe |
"{795057CB-C433-4C9D-B1E7-2DD4EFC75272}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{85BAADBE-15CF-4226-B057-916B14FEB69C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{8A84E67F-23E8-41EF-9E17-11A413A84C00}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{8F9292F4-571A-40B1-858B-43808EF38531}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A7D705F4-0D80-44F2-A03E-F3B69E7B7D30}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B26E7F20-B325-4E5F-A041-4F462DF9FD6E}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{D0A2F17B-CBDB-46CA-BD14-22680658C30A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5A87180-5993-4577-AD04-030F5C8B4C2B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcfg.exe |
"{DBBC9C91-3BBE-469F-B092-FD9E9AFFA18A}" = protocol=6 | dir=in | app=c:\users\phyllis\appdata\local\temp\lxdx\wireless\lxdxwpss.exe |
"{DBE91FC3-CDA2-4961-93AB-1110F187475C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9D56DA5-607F-4E8B-BCF1-47413E9E547A}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EC5ED5C5-7799-45B7-A89E-4BEDE7DA29A1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
"{FE16FA7B-1221-4AC3-BBD5-34BA7FAA951C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F0F3AE8-0098-4373-947F-59A431BB55B9}" = Staples Copy & Print 2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 20
"{29312768-5795-483C-805A-7D01B8FC7C0E}_is1" = Leawo DVD Creator version 2.6.0.0
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32AB3886-B470-4955-B51F-B0A6FBA5BB70}" = Graphical Analysis 3.4
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46761278-BF32-4008-833B-93487FF0A06E}" = MDL Chime/Chime Pro for Internet Explorer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BACF7B1-CC1B-49BB-8991-8B2B6E6ABA4A}" = Mobile Broadband Generic Drivers
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D67B749-7AA8-4AFF-AD3B-DB785822A505}" = Logger Lite 1.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9ED9FE34-126E-4A40-9A42-6BA25ED6EAEC}" = Mobile Connect
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B640E7CC-7091-4A24-AE76-2140065D2054}" = HP User Guides 0110
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Media iPod to PC Transfer" = 4Media iPod to PC Transfer
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.2.7.3)
"AVI DVD Burner_is1" = AVI DVD Burner v5.6.0.186
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Disc Creator_is1" = AVS Disc Creator version 5.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Daniusoft DVD Creator_is1" = Daniusoft DVD Creator(Build 1.5.0.20)
"Daniusoft iPod Music Transfer_is1" = Daniusoft iPod Music Transfer(Build 1.2.10)
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"iDump" = iDump (Backing up your iPod)
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Hosting Uploader_is1" = Photo Hosting Uploader 1.0
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1098441020-3741544624-255374291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/08/2010 1:41:46 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14336

Error - 05/08/2010 1:41:46 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14336

Error - 05/08/2010 1:41:47 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/08/2010 1:41:47 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15350

Error - 05/08/2010 1:41:47 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15350

Error - 05/08/2010 1:41:48 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/08/2010 1:41:48 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16473

Error - 05/08/2010 1:41:48 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16473

Error - 05/08/2010 1:41:49 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/08/2010 1:41:49 AM | Computer Name = Phyllis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17597

[ OSession Events ]
Error - 01/02/2010 9:40:26 PM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/03/2010 11:08:10 PM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/03/2010 2:44:19 PM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 183419
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 10/10/2010 5:40:04 AM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126269
seconds with 3240 seconds of active time. This session ended with a crash.

Error - 10/10/2010 6:07:28 AM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 254
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/10/2010 6:19:51 AM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 726
seconds with 720 seconds of active time. This session ended with a crash.

Error - 10/10/2010 6:27:56 AM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 471
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/10/2010 12:59:44 PM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 109894
seconds with 13800 seconds of active time. This session ended with a crash.

Error - 12/10/2010 10:45:26 AM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76522
seconds with 11820 seconds of active time. This session ended with a crash.

Error - 12/10/2010 11:01:46 AM | Computer Name = Phyllis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 245
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/12/2010 12:42:15 PM | Computer Name = Phyllis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/12/2010 12:42:15 PM | Computer Name = Phyllis-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 29/12/2010 12:42:15 PM | Computer Name = Phyllis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/12/2010 12:58:25 PM | Computer Name = Phyllis-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 29/12/2010 7:35:04 PM | Computer Name = Phyllis-PC | Source = bowser | ID = 8003
Description =

Error - 30/12/2010 12:28:49 AM | Computer Name = Phyllis-PC | Source = BROWSER | ID = 8032
Description =

Error - 30/12/2010 7:50:09 PM | Computer Name = Phyllis-PC | Source = Print | ID = 6161
Description = The document Full page photo, owned by Phyllis, failed to print on
printer HP LaserJet M1319f MFP. Try to print the document again, or restart the
print spooler. Data type: RAW. Size of the spool file in bytes: 4. Number of bytes
printed: 4. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\PHYLLIS-PC. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 30/12/2010 7:50:30 PM | Computer Name = Phyllis-PC | Source = bowser | ID = 8003
Description =

Error - 31/12/2010 11:47:20 AM | Computer Name = Phyllis-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 31/12/2010 8:51:05 PM | Computer Name = Phyllis-PC | Source = bowser | ID = 8003
Description =


< End of report >
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am

Re: I have the Total Codec Virus.

Unread postby deltalima » January 1st, 2011, 8:11 am

Hi totalcodec,

Please post the Malwarebytes log when complete.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby totalcodec » January 1st, 2011, 12:00 pm

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5432

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

01/01/2011 1:10:44 AM
mbam-log-2011-01-01 (01-10-43).txt

Scan type: Quick scan
Objects scanned: 156480
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Phyllis\AppData\Local\Temp\11E0.tmp (Trojan.FakeCodec) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{08C72DD4-19AD-49f1-83DA-8542B4D302C5} (Trojan.FakeCodec) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{007474e7-1a02-46e1-af4c-fd819a1e8d15} (Trojan.FakeCodec) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{AA78D26D-9527-4BD9-9378-1A9B8B153ADB} (Trojan.FakeCodec) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{F10F9ACD-E010-4B53-8FA8-F7C6402826E5} (Trojan.FakeCodec) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuickTimeAudioDecoder.QuickTimeAudioD.1 (Trojan.FakeCodec) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\QuickTimeAudioDecoder.QuickTimeAudioDec (Trojan.FakeCodec) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Program Files\Internet Explorer\Iexplore.exe" %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Phyllis\AppData\Local\Temp\11E0.tmp (Trojan.FakeCodec) -> Delete on reboot.
c:\program files\DivX\divx common filters\gzHF330.ddc (Trojan.FakeCodec) -> Quarantined and deleted successfully.
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am

Re: I have the Total Codec Virus.

Unread postby totalcodec » January 1st, 2011, 12:05 pm

I think it worked! I can watch videos using Internet Explorer and Windows Media Player now
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am

Re: I have the Total Codec Virus.

Unread postby deltalima » January 1st, 2011, 12:35 pm

Hi totalcodec,

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Ask Toolbar
    click Remove
    highlight uTorrentBar Toolbar
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-1098441020-3741544624-255374291-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Users\Phyllis\AppData\Roaming\inst.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby totalcodec » January 1st, 2011, 2:02 pm

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1098441020-3741544624-255374291-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1098441020-3741544624-255374291-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Phyllis
->Temp folder emptied: 887956635 bytes
->Temporary Internet Files folder emptied: 195483853 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51291842 bytes
->Flash cache emptied: 9193177 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11427196 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,102.00 mb


OTL by OldTimer - Version 3.2.18.2 log created on 01012011_124320

Files\Folders moved on Reboot...
C:\Users\Phyllis\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\Phyllis\AppData\Local\Temp\~DF796.tmp not found!
File\Folder C:\Users\Phyllis\AppData\Local\Temp\~DF7BA.tmp not found!
File\Folder C:\Users\Phyllis\AppData\Local\Temp\~DF7F1.tmp not found!
File\Folder C:\Users\Phyllis\AppData\Local\Temp\~DF816.tmp not found!

Registry entries deleted on Reboot...


virus total
File name:
inst.exe
Submission date:
2011-01-01 17:56:55 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)

VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.01.00 2010.12.31 -
AntiVir 7.11.0.247 2010.12.31 -
Antiy-AVL 2.0.3.7 2011.01.01 -
Avast 4.8.1351.0 2011.01.01 -
Avast5 5.0.677.0 2011.01.01 -
AVG 9.0.0.851 2011.01.01 -
BitDefender 7.2 2011.01.01 -
CAT-QuickHeal 11.00 2011.01.01 -
ClamAV 0.96.4.0 2011.01.01 -
Command 5.2.11.5 2011.01.01 -
Comodo 7263 2011.01.01 -
DrWeb 5.0.2.03300 2011.01.01 -
Emsisoft 5.1.0.1 2011.01.01 -
eSafe 7.0.17.0 2010.12.30 -
eTrust-Vet 36.1.8074 2010.12.31 -
F-Prot 4.6.2.117 2010.12.31 -
F-Secure 9.0.16160.0 2011.01.01 -
Fortinet 4.2.254.0 2011.01.01 -
GData 21 2011.01.01 -
Ikarus T3.1.1.90.0 2011.01.01 -
Jiangmin 13.0.900 2011.01.01 -
K7AntiVirus 9.75.3406 2010.12.31 -
Kaspersky 7.0.0.125 2011.01.01 -
McAfee 5.400.0.1158 2011.01.01 -
McAfee-GW-Edition 2010.1C 2011.01.01 -
Microsoft 1.6402 2011.01.01 -
NOD32 5752 2011.01.01 -
Norman 6.06.12 2011.01.01 -
nProtect 2011-01-01.01 2011.01.01 -
Panda 10.0.2.7 2011.01.01 -
PCTools 7.0.3.5 2011.01.01 -
Prevx 3.0 2011.01.01 -
Rising 22.80.04.04 2010.12.31 -
Sophos 4.60.0 2011.01.01 -
SUPERAntiSpyware 4.40.0.1006 2011.01.01 -
Symantec 20101.3.0.103 2011.01.01 -
TheHacker 6.7.0.1.109 2010.12.30 -
TrendMicro 9.120.0.1004 2011.01.01 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.01 -
VBA32 3.12.14.2 2010.12.30 -
VIPRE 7911 2011.01.01 -
ViRobot 2010.12.31.4232 2011.01.01 -
VirusBuster 13.6.121.0 2010.12.30 -
Additional information
Show all
MD5 : 254fbca565e049648b0cce2ceadf05d2
SHA1 : f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c
SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am

Re: I have the Total Codec Virus.

Unread postby deltalima » January 1st, 2011, 2:07 pm

Hi totalcodec,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 23 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby totalcodec » January 1st, 2011, 2:32 pm

yay! thanks so much
Happy New Year!
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am

Re: I have the Total Codec Virus.

Unread postby deltalima » January 1st, 2011, 2:33 pm

You're welcome!

Glad we could help.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I have the Total Codec Virus.

Unread postby totalcodec » January 1st, 2011, 2:42 pm

which antivirus do you recommend?
totalcodec
Active Member
 
Posts: 14
Joined: December 29th, 2010, 11:17 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware