Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware attack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware attack

Unread postby Barry07601 » December 23rd, 2011, 6:06 pm

I'm using Windows XP Pro Service pack 3 and I contracted the XP 2012 virus

Googled a fix on the Microsoft website:

----------
Follow below procedure to remove the annoying Spyware.

Start system in Safe Mode.
Change the windows settings to enable -
Show Hidden Files & Folders.
Hide Extensions For Known File Types.
Hide Protected Operating Systems.
Click OK to save the changes.

Go into C:\Documents and Settings\[UserName]\Local Settings\Application Data\ folder.
Find hidden executable file in this folder.
Name may vary e.g. wmi.exe. Rename wmi.exe to wmi.exe1 and click Yes to confirm file rename.
It will solve your problem partially.Now open Notepad & copy the below contents to it :

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

Now save file as Solution.reg to your Desktop.

Double clicking on it will ask you for the confirmation to merge it or not.
Click YES.

Restart the system in normal mode.Thats it.
-----------------
Installed Malawarebytes and Avast, ran this fix and now:

1. EVerytime I start a program I get a popup that says:
"Which user account do you want to use to run this program"

2. Keyboard is real sluggish and I no it's not the keyword because it works fine on my 2nd computer connected to my a/b switch.

3. Certain programs such as Nero MediaHome 4 won't boot up and my computer is running much slower.

============================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Run by Barry at 16:47:01 on 2011-12-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2321 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
svchost.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Barry\Application Data\Spotify\Spotify.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://secure.ingdirect.com/myaccount/ ... t/login.vm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: WormRadar.com IESiteBlocker.NavFilter - No File
BHO: SkypeIEPluginBHO - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe
uRun: [swg (1)] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spotify] "c:\documents and settings\barry\application data\spotify\Spotify.exe" /uri spotify:autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\MAFWTray.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
TCP: Interfaces\{01E4914B-7C86-4F83-A0CF-F2FBB1C4004A} : DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\
FF - prefs.js: browser.startup.homepage - hxxp://bossip.com/|http://mediatakeout.com/index.html
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\barry\application data\mozilla\firefox\profiles\s88ako4g.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pace anti-piracy\ilok\NPPaceILok.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2010-6-20 16384]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-12-14 56208]
R0 SC247XU;SC247XU;c:\windows\system32\drivers\SC247XU.sys [2010-6-6 14925]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-19 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-19 314456]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-12-18 76696]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-12-14 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-12-14 164112]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-19 44768]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-7-21 16400]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-6 632792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-12-14 931640]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-10 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2010-2-21 23600]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2011-12-14 21520]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 AVGIDSAgent;AVGIDSAgent; [x]
S2 avgwd;AVG WatchDog; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 akS56USB;AKAI S5000/S6000 Driver;c:\windows\system32\drivers\akS56USB.sys [2004-10-28 11392]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
S3 Avgfwdx;Avgfwdx; [x]
S3 Avgfwfd;AVG network filter service; [x]
S3 CEUSBAUD;Lexicon USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2010-6-20 17920]
S3 DVC150B;Dazzle DVC 150B;c:\windows\system32\drivers\dvc150b.sys [2010-8-5 30976]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2009-12-23 54328]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\drivers\mafw.sys [2010-7-20 192392]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MotuMidi;MOTU MIDI Device;c:\windows\system32\drivers\motumidi.sys [2010-4-23 36912]
S3 MotuUsb;MotuUsb;c:\windows\system32\drivers\MotuUsb.sys [2010-4-23 49712]
S3 MotuUsbIoDriver;MotuUsbIoDriver;c:\windows\system32\drivers\MotUsbIo.sys [2010-6-20 110592]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.exe=H6U
.
=============== Created Last 30 ================
.
2011-12-19 05:09:37 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 05:08:31 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 05:07:49 -------- d-----w- c:\program files\AVAST Software
2011-12-19 05:07:49 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-18 05:10:53 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-12-18 05:04:07 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-12-18 02:51:22 -------- d-----w- c:\documents and settings\barry\application data\Malwarebytes
2011-12-18 02:50:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-18 02:50:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-18 02:50:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-16 04:05:56 -------- d-----w- c:\program files\iTunes
2011-12-14 17:23:32 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-13 21:08:44 -------- d-----w- c:\documents and settings\barry\local settings\application data\PCHealth
2011-12-13 20:20:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-13 20:20:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 18:50:18 -------- d-----w- c:\documents and settings\barry\local settings\application data\Spotify
2011-12-12 18:50:01 -------- d-----w- c:\documents and settings\barry\application data\Spotify
2011-12-11 02:07:49 -------- d-----w- c:\documents and settings\barry\application data\AVG Secure Search
2011-12-10 13:26:10 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2011-12-10 13:25:56 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-10 13:25:52 -------- d-----w- c:\program files\AVG Secure Search
.
==================== Find3M ====================
.
2011-12-18 05:47:26 146432 ----a-w- c:\windows\regedit.exe
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 05:50:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-02 17:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
.
============= FINISH: 16:51:10.01 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2010 4:22:02 PM
System Uptime: 12/21/2011 1:27:44 AM (39 hours ago)
.
Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 82.924 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 468.186 GiB free.
G: is Removable
H: is FIXED (NTFS) - 932 GiB total, 793.911 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMPHILIPS_DVD+-RW_DVD8701_________________5D24____\594D4D3037393335303735313639513131303939
Manufacturer: (Standard CD-ROM drives)
Name: PHILIPS DVD+-RW DVD8701
PNP Device ID: IDE\CDROMPHILIPS_DVD+-RW_DVD8701_________________5D24____\594D4D3037393335303735313639513131303939
Service: cdrom
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: Microsoft TV/Video Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: Intel(R) PRO/100 VE Network Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx
.
==== System Restore Points ===================
.
RP695: 11/28/2011 4:48:00 PM - System Checkpoint
RP696: 12/6/2011 10:16:01 PM - System Checkpoint
RP697: 12/6/2011 10:16:02 PM - System Checkpoint
RP698: 12/6/2011 10:16:02 PM - System Checkpoint
RP699: 12/6/2011 10:16:02 PM - System Checkpoint
RP700: 12/4/2011 1:26:10 AM - System Checkpoint
RP701: 12/5/2011 2:20:52 AM - System Checkpoint
RP702: 12/6/2011 3:11:03 AM - System Checkpoint
RP703: 12/6/2011 10:17:13 PM - AVG Regisry Defrag - before defragmentation
RP704: 12/7/2011 11:41:00 PM - System Checkpoint
RP705: 12/9/2011 4:52:48 PM - System Checkpoint
RP706: 12/10/2011 5:32:15 PM - System Checkpoint
RP707: 12/11/2011 5:45:48 PM - System Checkpoint
RP708: 12/12/2011 6:02:05 PM - System Checkpoint
RP709: 12/13/2011 2:58:44 PM - Restore Operation
RP710: 12/13/2011 4:06:02 PM - Software Distribution Service 3.0
RP711: 12/14/2011 5:29:36 PM - Restore Operation
RP712: 12/15/2011 6:32:13 PM - System Checkpoint
RP713: 12/16/2011 7:29:59 PM - System Checkpoint
RP714: 12/17/2011 8:27:29 PM - System Checkpoint
RP715: 12/18/2011 12:55:43 AM - Restore Operation
RP716: 12/19/2011 12:07:49 AM - avast! Free Antivirus Setup
RP717: 12/19/2011 1:09:55 AM - Restore Operation
RP718: 12/19/2011 3:48:50 AM - Installed Microsoft Fix it 50202
RP719: 12/20/2011 4:33:38 AM - System Checkpoint
RP720: 12/20/2011 11:57:38 PM - Installed Rapport
RP721: 12/22/2011 12:00:19 AM - System Checkpoint
.
==== Installed Programs ======================
.
1&1 EasyLogin
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Advertising Center
aksys
Aksys S56 Theme Pack
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AstroViewer 3.1.1
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
Avery Wizard 3.1
AVG PC Tuneup 2011
Bonjour
Broadcom 440x 10/100 Integrated Controller
Canon Camera Access Library
Canon Camera Support Core Library
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Connect
Corel Paint Shop Pro X
Dell Driver Download Manager
Dell Photo AIO Printer 964
Dell Support Center
DesignPro 5
Digidesign Audio Drivers 8.0.1
Digidesign Pro Tools Creative Collection 8.0.1
Digidesign Pro Tools M-Powered 8.0.1
Download Updater (AOL LLC)
Emagic Logic Audio Platinum 5.5
Finale PrintMusic 2009
Finale PrintMusic 2011
Firebird SQL Server - MAGIX Edition
Free DigiRack Plug-Ins 8.0.1
Free YouTube Downloader 3.3.115
GOM Player
GoodSync
Google Chrome
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Hieroglyphic Font
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ieSpell
iLok Client Helper x32x64
Intel(R) PRO Network Connections Drivers
Interlok driver setup x32
iTunes
Jasc Animation Shop 3
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
LastPass (uninstall only)
Lexicon MX-Edit 1.0
Logitech Audio Echo Cancellation Component
Logitech Harmony Remote Software 7
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
M-Audio FireWire Driver 6.0.1 (x86)
MAGIX Music Maker 16 Premium Download Version
MAGIX Screenshare
MAGIX Speed 2 (MSI)
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaMonkey 3.2
MelodyneEssential 1.8
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MOTU USB MIDI Installer
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MVision
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
Octoshape add-in for Adobe Flash Player
Paltalk Messenger
Paltalk Messenger Interop
Picasa 3
Pinnacle Instant DVD Recorder
Print to Fax
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
PureVoice 1.3.2
QuickTime
Rapport
Razer Habu Config
RealPlayer
RealUpgrade 1.0
Reason 4.0
Registry Mechanic 10.0
Remote Control USB Driver
Rhapsody
Rhapsody Cloud Sync
RTLSetup
Safari
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB923789)
SigmaTel Audio
Skins
Skype Toolbars
Skype™ 5.0
Spotify
Stellarium 0.10.5
Studio 11
Studio 11 Bonus DVD
Text-To-Speech-Runtime
Torq LE 1.0.7 (Build 017 - 03 Oct 2008)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Vuze
WAV MP3 Converter v4.1 build 1218
WebFldrs XP
Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Desktop Login
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yamassic - Hieroglyphic Font
.
==== Event Viewer Messages From Past Week ========
.
12/21/2011 12:19:55 AM, error: NetBT [4321] - The name "EXCLUSIVE :0" could not be registered on the Interface with IP address 192.168.1.142. The machine with the IP address 192.168.1.1 did not allow the name to be claimed by this machine.
12/20/2011 11:52:27 PM, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
12/20/2011 11:52:20 PM, error: Service Control Manager [7000] - The Nero MediaHome 4 Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 11:52:20 PM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the path specified.
12/20/2011 11:52:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Nero MediaHome 4 Service service to connect.
12/20/2011 11:52:19 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/20/2011 11:52:19 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.
12/20/2011 11:52:19 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
12/20/2011 11:49:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.138 for the Network Card with network address 001372BF7091 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/20/2011 11:37:05 PM, error: NetBT [4321] - The name "EXCLUSIVE :0" could not be registered on the Interface with IP address 192.168.1.138. The machine with the IP address 192.168.1.1 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm
Advertisement
Register to Remove

Re: Malware attack

Unread postby deltalima » December 24th, 2011, 5:22 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby deltalima » December 24th, 2011, 5:32 pm

Hi Barry07601,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

EVerytime I start a program I get a popup that says:
"Which user account do you want to use to run this program"


If you are able to run the following programs please do so, if not please give me the exact wording of the error message that you receive.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Vuze


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » December 25th, 2011, 7:13 pm

Hi Deltalima

Thanks for assisting me with this problem.

To answer your question I use this computer for personal use only.

This is the popup message I get when I attempt open "notepad" and Google chrome:

"Which user account do you want to use to run this program?

[]Current user
[]Protect my computer and data from unauthorized program activity

This option can prevent computer viruses from harming your computer or personal data, but selecting it might cause the program to function improperly.


[]The following user:

[]User Name

[]Password

[Ok][Cancel]
==============


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files\corel\corel paint shop pro x\bump maps\cracked desert.pspimage
c:\program files\pinnacle\hollywood fx for studio\6.0\effects\65 - patriotic\firecracker.hfx
c:\program files\pinnacle\hollywood fx for studio\6.0\effects\70 - foods\crackers.hfx
c:\program files\pinnacle\hollywood fx for studio\6.0\objects\food\cracker.hfo
c:\program files\pinnacle\hollywood fx for studio\6.0\objects\patriotic\firecracker bam.hfo
c:\program files\pinnacle\hollywood fx for studio\6.0\objects\patriotic\firecracker bottom.hfo
c:\program files\pinnacle\hollywood fx for studio\6.0\objects\patriotic\firecracker top.hfo
c:\program files\pinnacle\studio 11\plugins\rtfx\3dserver\filtersplus3d\crackedslab3d.xml
c:\program files\pinnacle\studio 11\plugins\rtfx\hfxxml\crackers.xml
c:\program files\pinnacle\studio 11\plugins\rtfx\hfxxml\firecracker.xml
c:\program files\pinnacle\studio 11\plugins\rtfx\studioxml\rtfx volume 2\crackedslab-gpu.xml
scanner sequence 3.DK.11.JAAPWR
----- EOF -----
======================================
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {4E9EBA0A-12F1-4BDA-ACAB-0046DA68BB42}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Documents and Settings\Barry\Local

Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4E9EBA0A-12F1-

4BDA-ACAB-0046DA68BB42}

</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro

</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-

YD4YT</PKey><PID>76487-OEM-2211906-

00102</PID><PIDType>2</PIDType><SID>S-1-5-21-2052111302-507921405-

839522115</SID><SYSTEM><Manufacturer>Dell Inc.

</Manufacturer><Model>Dell DM051

</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.

</Manufacturer><Version>A07</Version><SMBIOSVersion major="2"

minor="3"/><Date>20070108000000.000000+000</Date><SLPBIOS>Dell

System,Dell Computer,Dell System,Dell

System</SLPBIOS></BIOS><HWID>DB1D326F0184EE7C</HWID><UserLCID>0409</

UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard

Time(GMT-05:00)

</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><nam

e></name><model></model></SBID><OEM/><GANotification><File

Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll"

Version="1.9.40.0"/></GANotification></MachineData><Software><Office

><Result>109</Result><Products/><Applications/></Office></Software><

/GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1AC4E:Dell Inc|1AC4E:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell

System,Dell System

OEM Activation 2.0 Data-->
N/A
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 26th, 2011, 9:08 am

Hi Barry07601,

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    AVG Anti-Virus Free Edition 2011
    avast! Antivirus

  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them.

Next, reboot the computer.

This is the popup message I get when I attempt open "notepad" and Google chrome:

"Which user account do you want to use to run this program?


Is that just with those two programs or with any others?

Is that from the start menu or from desktop shortcuts?

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » December 26th, 2011, 5:37 pm

Ran GMER, selected Rootkit tab and unchecked everything to the right except C drive and "Show all", ran scan and I get this popup message:

"GMER hasn't found any system modification"

------------
""Which user account do you want to use to run this program?" Shows up when I start most of the programs but not all. Ie: I doesn't' show up when I start Internet Explorer.

=====================
OTL logfile created on: 12/26/2011 2:58:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 71.90% Memory free
5.43 Gb Paging File | 4.49 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 83.91 Gb Free Space | 56.32% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 468.19 Gb Free Space | 67.01% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 793.91 Gb Free Space | 85.23% Space Free | Partition Type: NTFS

Computer Name: E510 | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Barry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Barry\Application Data\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
PRC - C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.)
PRC - C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Habu\razerhid.exe ()
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcjcoms.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\11122601\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11122601\aswRep.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG Secure Search\iGearedHelper.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\pdf.dll ()
MOD - C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\Locales\en-US.dll ()
MOD - C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\avutil-50.dll ()
MOD - C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\avformat-52.dll ()
MOD - C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\avcodec-52.dll ()
MOD - C:\Program Files\1&1\1&1 EasyLogin\EasyLoginCrypt.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Razer\Habu\razerhid.exe ()
MOD - C:\Program Files\Logitech\QuickCam10\LAppRes.DLL ()
MOD - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LCMServerPS.dll ()
MOD - C:\Program Files\Razer\Habu\download.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 964\dlcjcnv4.dll ()
MOD - C:\WINDOWS\system32\dlcjserv.dll ()
MOD - C:\WINDOWS\system32\dlcjlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 964\dlcjpplc.dll ()
MOD - C:\WINDOWS\system32\dlcjcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 964\dlcjcomc.dll ()
MOD - C:\WINDOWS\system32\dlcjprox.dll ()
MOD - C:\WINDOWS\system32\dlcjusb1.dll ()
MOD - C:\WINDOWS\system32\dlcjcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 964\dlcjcfg.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 964\dlcjdrec.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AVG Security Toolbar Service) -- File not found
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (dlcj_device) -- C:\WINDOWS\System32\dlcjcoms.exe ()
SRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)


========== Driver Services (SafeList) ==========

DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (iLokDrvr) -- C:\WINDOWS\system32\drivers\iLokDrvr.sys (PACE Anti-Piracy, Inc.)
DRV - (CEUSBAUD) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (MotuUsb) -- C:\WINDOWS\system32\drivers\MotuUsb.sys (MOTU, Inc)
DRV - (MotuMidi) -- C:\WINDOWS\system32\drivers\motumidi.sys (Mark of the Unicorn)
DRV - (motubus) -- C:\WINDOWS\system32\drivers\motubus.sys (Mark of the Unicorn)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (akS56USB) -- C:\WINDOWS\system32\drivers\akS56USB.sys (AKAI professional M.I. Corp.)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MAFW) -- C:\WINDOWS\system32\drivers\mafw.sys (Avid Technology, Inc.)
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (HabuFltr) -- C:\WINDOWS\system32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (DVC150B) -- C:\WINDOWS\system32\drivers\dvc150b.sys (Pinnacle Systems)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SC247XU) -- C:\WINDOWS\system32\DRIVERS\SC247XU.sys ( Technology Corp.)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (MotuUsbIoDriver) -- C:\WINDOWS\system32\drivers\MotUsbIo.sys (Mark of the Unicorn, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2052111302-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2052111302-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.ingdirect.com/myaccount/ ... t/login.vm
IE - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2052111302-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2052111302-507921405-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://bossip.com/|http://mediatakeout.com/index.html"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.4
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.73.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://www.google.co.in/search?btnG=Google+Search&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/10/26 20:38:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/03 16:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\ [2011/12/10 08:26:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/05 14:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 14:53:41 | 000,000,000 | ---D | M]

[2010/10/14 01:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Extensions
[2010/06/11 12:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Extensions\xulrunner@yoono.com
[2011/12/16 13:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\s88ako4g.default\extensions
[2011/11/08 10:47:55 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\s88ako4g.default\extensions\support@lastpass.com
[2010/10/14 19:52:01 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\s88ako4g.default\extensions\webmaster@keep-tube.com
[2011/12/05 14:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/23 17:27:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S88AKO4G.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BARRY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\S88AKO4G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/05 14:36:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/10 08:25:52 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/26 12:03:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/05 14:36:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\Application\10.0.648.205\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Barry\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.9_0\
CHR - Extension: LastPass = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.3_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Keep Tube: Download Youtube Videos, Dailymotion, Megavideo, Metacafe, Google, Yahoo, Spike, Myspace, Facebook, Veoh, Break, Current, Redtube videos and more! = C:\Documents and Settings\Barry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpcdjofmbnfbcfbeoiemgpjjclcfhmml\2.6_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" File not found
O4 - HKU\S-1-5-18..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" File not found
O4 - HKU\S-1-5-21-2052111302-507921405-839522115-1003..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-2052111302-507921405-839522115-1003..\Run: [Spotify] C:\Documents and Settings\Barry\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2052111302-507921405-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/ ... tion32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E4914B-7C86-4F83-A0CF-F2FBB1C4004A}: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop WallPaper: C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2010/06/20 20:32:24 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/29 13:33:51 | 000,000,067 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\...exe [@ = H6U] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 14:51:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2011/12/25 18:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/12/22 19:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barry\My Documents\Hacked
[2011/12/19 01:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/19 00:09:55 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/19 00:09:54 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/19 00:09:40 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/19 00:09:38 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/19 00:09:37 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/19 00:09:34 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/19 00:09:34 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/19 00:09:33 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/19 00:08:31 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/19 00:08:30 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/19 00:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/19 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/18 00:10:53 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/12/18 00:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/12/17 21:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Malwarebytes
[2011/12/17 21:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 21:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/17 21:50:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/17 21:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/15 23:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/15 23:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/14 12:23:32 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/12/13 16:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Local Settings\Application Data\PCHealth
[2011/12/13 15:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/13 14:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/12 13:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Local Settings\Application Data\Spotify
[2011/12/12 13:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\Spotify
[2011/12/10 21:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barry\Application Data\AVG Secure Search
[2011/12/10 08:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/10 08:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/10 08:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/28 21:25:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/10 20:19:26 | 000,730,192 | ---- | C] (How Inc.) -- C:\Program Files\Common Files\ZugoInstaller.exe
[2007/01/30 08:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 08:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 08:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 14:56:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/12/26 14:51:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2011/12/26 14:50:50 | 000,552,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/26 14:50:50 | 000,100,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/26 14:48:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 14:41:55 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 14:41:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-507921405-839522115-1003.job
[2011/12/26 14:41:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/12/26 14:41:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 14:21:44 | 055,613,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/26 14:21:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 14:07:05 | 000,433,114 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/12/26 14:04:16 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2011/12/25 23:40:00 | 000,002,244 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Google Chrome.lnk
[2011/12/25 18:05:11 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\CKScanner.exe
[2011/12/24 04:28:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-507921405-839522115-1003.job
[2011/12/23 13:00:17 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/22 21:15:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/22 19:39:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Barry\My Documents\New Folder
[2011/12/21 01:33:55 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/19 03:37:28 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/19 00:09:57 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/19 00:09:35 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/18 00:47:26 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedit.exe
[2011/12/18 00:10:53 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/12/18 00:04:05 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/12/17 21:50:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 21:40:00 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/12/15 23:08:04 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/15 18:48:03 | 000,256,186 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/14 21:22:44 | 000,011,738 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 21:22:43 | 000,011,738 | -HS- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 12:23:32 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/12/13 16:22:07 | 000,503,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 14:44:01 | 000,009,556 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k4sy65m2tj2bbm
[2011/12/13 14:44:00 | 000,009,556 | -HS- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\k4sy65m2tj2bbm
[2011/12/12 13:50:11 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Spotify.lnk
[2011/12/07 00:36:06 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/01 21:21:39 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 18:05:09 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\CKScanner.exe
[2011/12/22 19:39:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\New Folder
[2011/12/19 03:37:28 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/19 00:09:57 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/18 00:04:05 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/12/17 21:50:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/15 23:08:04 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/14 15:43:16 | 000,011,738 | -HS- | C] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/14 15:43:16 | 000,011,738 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ivxvcq4w1pxm8trh6uhg7v758u1d
[2011/12/13 14:36:30 | 000,009,556 | -HS- | C] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\k4sy65m2tj2bbm
[2011/12/13 14:36:30 | 000,009,556 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k4sy65m2tj2bbm
[2011/12/12 13:50:11 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\Barry\Start Menu\Programs\Spotify.lnk
[2011/12/12 13:50:11 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Spotify.lnk
[2011/11/14 19:43:41 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2011/06/15 02:49:36 | 000,780,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/22 17:49:56 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/01/28 16:03:41 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/01/28 15:20:51 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/01/07 23:04:08 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/01/01 12:36:07 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2010/11/30 13:42:04 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/11/23 17:28:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/19 17:06:52 | 000,000,054 | ---- | C] () -- C:\WINDOWS\CmdFile.INI
[2010/08/13 11:45:20 | 000,000,293 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/07/12 15:40:58 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Barry\Application Data\77F756
[2010/07/12 15:40:57 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Barry\Application Data\mcs.rma
[2010/07/08 18:15:59 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/01 11:37:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ClockWorks.dat
[2010/06/30 17:36:51 | 000,000,231 | ---- | C] () -- C:\WINDOWS\IMSpellchecker.INI
[2010/06/29 20:57:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/21 00:37:24 | 000,001,607 | ---- | C] () -- C:\WINDOWS\dop.ini
[2010/06/21 00:37:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\sndcheck.ini
[2010/06/21 00:36:40 | 000,000,910 | ---- | C] () -- C:\WINDOWS\acroread.ini
[2010/06/21 00:36:40 | 000,000,542 | ---- | C] () -- C:\WINDOWS\atm.ini
[2010/06/21 00:36:40 | 000,000,027 | ---- | C] () -- C:\WINDOWS\acrograf.ini
[2010/06/21 00:35:53 | 000,000,049 | ---- | C] () -- C:\WINDOWS\voydll.ini
[2010/06/21 00:35:52 | 000,000,287 | ---- | C] () -- C:\WINDOWS\recordext.ini
[2010/06/20 23:31:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2010/06/20 23:31:10 | 001,362,460 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2010/06/20 23:15:07 | 000,119,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/20 22:07:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2010/06/20 21:48:07 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2010/06/20 20:32:23 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/06/20 20:32:23 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/06/20 20:32:23 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/06/20 20:32:23 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/06/20 20:32:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/06/20 15:32:49 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Barry\Local Settings\Application Data\fusioncache.dat
[2010/06/14 20:15:42 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/06/11 14:53:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/07 19:16:47 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 20:14:50 | 000,000,596 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/06/06 15:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/05 21:19:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/06/05 21:16:57 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/06/05 16:20:42 | 000,000,489 | ---- | C] () -- C:\WINDOWS\demo.INI
[2010/06/05 15:22:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/05 15:13:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/05 11:01:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/05 10:58:43 | 000,503,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007/02/19 01:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 01:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/09/01 08:18:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2005/09/01 08:18:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2005/09/01 08:18:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2005/09/01 08:17:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2005/09/01 08:17:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2005/09/01 08:17:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2005/09/01 08:17:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2005/09/01 08:15:50 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2005/07/12 16:37:04 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2005/07/12 16:36:12 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2005/07/12 16:34:22 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2005/07/12 16:34:06 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2005/07/12 16:34:00 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.exe
[2005/07/12 16:33:18 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcjih.exe
[2005/07/12 16:33:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2005/07/12 16:33:02 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjcoms.exe
[2005/07/12 16:32:40 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2005/07/12 16:32:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2005/07/12 16:29:46 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2005/07/12 16:28:22 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2005/06/01 11:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2005/05/30 02:06:18 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005/05/25 12:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbucnv4.dll
[2005/03/21 20:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 20:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/17 00:32:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,552,638 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,100,786 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,003,143 | ---- | C] () -- C:\WINDOWS\System32\sqlwid.dll
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\regedit.exe:SummaryInformation
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 1332 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VXHZ1amsEsOBAzLI4anKeSc
@Alternate Data Stream - 1284 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:MriXLfblQHHFqvSowbagnJ0
@Alternate Data Stream - 1242 bytes -> C:\Program Files\Common Files\Microsoft Shared:UfcusOuEeAvT9lL9G2g0k
@Alternate Data Stream - 1233 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5ZGZRhUXG347SNkU44Bierap
@Alternate Data Stream - 1212 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:3r912mcTh96DaZPXFAe5u
@Alternate Data Stream - 1188 bytes -> C:\Documents and Settings\Barry\Cookies:RrNrs9L7XSroT558bby4bE
@Alternate Data Stream - 1185 bytes -> C:\Program Files\Outlook Express:TBsqHMf4INYZb5SVvgqt8Eqqmq
@Alternate Data Stream - 1167 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:M9LKAxTIq3DCRxGgfJ2ubPc
@Alternate Data Stream - 1151 bytes -> C:\Program Files\Common Files\System:aG6RupA7ynk6XRm5cpj84fe5rf0M
@Alternate Data Stream - 1136 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:EM4H25kkVQn1LsITzp52IU
@Alternate Data Stream - 1124 bytes -> C:\Documents and Settings\Barry\Cookies:2id3dtBfif0jKuwFUNkBLgxl

< End of report >
=======================
OTL Extras logfile created on: 12/26/2011 2:58:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Barry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 71.90% Memory free
5.43 Gb Paging File | 4.49 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 83.91 Gb Free Space | 56.32% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 468.19 Gb Free Space | 67.01% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 793.91 Gb Free Space | 85.23% Space Free | Partition Type: NTFS

Computer Name: E510 | User Name: Barry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2052111302-507921405-839522115-1003\SOFTWARE\Classes\<extension>]
.exe [@ = H6U] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\WINDOWS\system32\dlcjcoms.exe" = C:\WINDOWS\system32\dlcjcoms.exe:*:Enabled:Dell 964 Server -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcjpswx.exe:*:Enabled:Dell 964 Printer Status -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Pinnacle\Studio 11\programs\studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\studio.exe:*:Enabled:Studio program file -- (Pinnacle Systems)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe" = C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4 -- (Nero AG)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Barry\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Barry\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{14AA664E-9BFA-44C4-A083-83A2998679BA}" = Digidesign Pro Tools M-Powered 8.0.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3669E1E1-128A-BDB1-7652-651DAD28A448}" = Rhapsody Cloud Sync
"{39e5fa15-2f86-44ca-bc23-4f356220de3e}" = Nero MediaHome 4 Essentials
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Digidesign Pro Tools Creative Collection 8.0.1
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA12A20-67E8-43F4-B692-ED04E92E42EC}" = MOTU USB MIDI Installer
"{3E200203-ECB9-4E42-8765-684C3938E493}" = Aksys S56 Theme Pack
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D017485-24F5-46A2-A5CC-7DEF00EF2297}" = aksys
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{64522D5F-4743-4939-8E22-B1878FB68772}" = M-Audio FireWire Driver 6.0.1 (x86)
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9A17B0B6-AD89-4321-99E6-09D9ABFA254D}" = MelodyneEssential 1.8
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0.1
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.1 build 1218
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.3.115
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B32E6282-AE31-4466-BBC1-FC726268FC31}" = MAGIX Music Maker 16 Premium Download Version
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09F1573-6262-47F2-8B90-5B2290A58B12}" = MAGIX Speed 2 (MSI)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E56AF17E-01D7-4A27-B089-D69D7EE07DBE}" = Lexicon MX-Edit 1.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"1&1 EasyLogin" = 1&1 EasyLogin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AstroViewer 3.1.1" = AstroViewer 3.1.1
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"AVG" = AVG 2012
"C248DC5465E4500BAAAE52DF5A4C1714C1714ABE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Rhapsody.RhapsodyCloudSync" = Rhapsody Cloud Sync
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"Dell Support Center" = Dell Support Center
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"EOS Utility" = Canon Utilities EOS Utility
"Finale PrintMusic 2009" = Finale PrintMusic 2009
"Finale PrintMusic 2011" = Finale PrintMusic 2011
"GOM Player" = GOM Player
"Hieroglyphic Font" = Hieroglyphic Font
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ieSpell" = ieSpell
"InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"MAGIX Screenshare US" = MAGIX Screenshare
"MAGIX_MSI_mm16dlx" = MAGIX Music Maker 16 Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = Memorex exPressit Label Design Studio
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Paltalk Messenger Interop" = Paltalk Messenger Interop
"PalTalk8.2" = Paltalk Messenger
"Picasa 3" = Picasa 3
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROSet" = Intel(R) PRO Network Connections Drivers
"PureVoice" = PureVoice 1.3.2
"QcDrv" = Logitech® Camera Driver
"Rapport_msi" = Rapport
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stellarium_is1" = Stellarium 0.10.5
"Torq LE_is1" = Torq LE 1.0.7 (Build 017 - 03 Oct 2008)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yamassic - Hieroglyphic Font" = Yamassic - Hieroglyphic Font
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"LastPass" = LastPass (uninstall only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12/26/2011 3:45:58 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nero MediaHome 4 Service
service to connect.

Error - 12/26/2011 3:45:58 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The Nero MediaHome 4 Service service failed to start due to the following
error: %%1053

Error - 12/26/2011 3:45:59 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Startup and
Shutdown Monitor service service to connect.

Error - 12/26/2011 3:48:12 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nero MediaHome 4 Service
service to connect.

Error - 12/26/2011 3:48:13 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The Nero MediaHome 4 Service service failed to start due to the following
error: %%1053

Error - 12/26/2011 3:48:36 PM | Computer Name = E510 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 12/26/2011 3:48:53 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12/26/2011 3:48:54 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12/26/2011 3:50:49 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Nero MediaHome 4 Service
service to connect.

Error - 12/26/2011 3:50:49 PM | Computer Name = E510 | Source = Service Control Manager | ID = 7000
Description = The Nero MediaHome 4 Service service failed to start due to the following
error: %%1053


< End of report >
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 26th, 2011, 5:50 pm

Hi Barry07601,

Did you remove Avast or AVG?

I still see both in the logs.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » December 28th, 2011, 2:44 pm

Hi Deltalima

I removed AVG but I still have AVG Tune up. Also, I had a problem with the removal so I reinstalled AVG 2012 and then removed it. I'm not sure if anything was left out because that wasn't the version that was originally installed over a year ago.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 28th, 2011, 4:12 pm

Hi Barry07601,

Backup Your Registry:
* Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
* Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
* Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
* OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 30.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 30 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u30-windows-i586-p.exe to install the newest version

Now please visit this site and follow the instructions to run XP_RunAsShortcutFix.exe

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » December 29th, 2011, 3:32 am

Deltalima,

I don't see the Java version you mentioned on that page. Can you assist please.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 29th, 2011, 7:19 am

Hi Barry07601,

Here is a direct link to the page, you will need to accept the license agreement and then download jre-6u30-windows-i586.exe
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » December 29th, 2011, 5:18 pm

Ok, I updated Adobe and Java and ran XP_RunAsShortcutFix and I still have the same problem with the user admin popup. In addition I cannot gain access to my volume control from the taskbar it won't show. I have to go to the control panel to see it. On the plus side Nero Home Essentials 4 now boots up normally without a hitch.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 29th, 2011, 5:47 pm

Hi Barry07601,

I still have the same problem with the user admin popup


For one of the shortcuts that has the problem, please right click on the shortcut, select properties then select the Shortcut tab.

Click the Advanced button and the second window shown below will appear.

Image

Please remove the tick from Run with different credentials then click OK

Please let me know if that fixes the admin popup for that shortcut, If it does then please repeat the process for all shortcuts that have the problem.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » December 29th, 2011, 7:08 pm

Followed your instructions as per last post unchecked "run with credentials" under the shortcut/advanced tab. The popup still occurs.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 29th, 2011, 7:10 pm

And if you open the shortcut again, is the Run with different credentials box still unticked?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware