1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

LiveSearchNow and Wgsdgsdgdsgsd.exe

Discussion in 'Virus & Other Malware Removal' started by SilveryMoon, Feb 23, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    Something seems strange in my (Vista Home) computer. One day about a month ago my browsers started redirecting to LiveSearchNow and a few other strange links. I uninstalled and reinstalled Chrome, Internet Explorer 9 and Mozilla Firefox. Opera didn't seem to be infected so I left that in. They all stopped redirecting me after that, but Chrome has 4 or 5 times since, just for one search, so I'm not sure if I'm rid of it. I also had a problem with searchcompletion in December, but Norton, which I had then said it was fixed, but it still shows in HijackThis. I ran both Norton Power Eraser (found 1 registry file) and Malwarebytes (found nothing). I now have McAfee Security 2012. That didn't find anything either. On the 16th I found an odd file in my user folder named Wgsdgsdgdsgsd.exe. McAfee and Malwarebytes said it was fine, but reading on the internet it sounded connected to dangerous programs. I wasn't sure if I should shred it or delete it. Would shredding such a file activate it? Anyway, I changed the name to Wgsdgsdgdsgsd.badfile and sent it to the recycle bin, where it never went, and Mcafee immediately hopped up and said it had quarantined this file: Artemis!28E03DE8DCC7. For some reason McAfee won't show me the quarantined items so I can't see if it's that, just renamed (if it came from the same spot). Now I see three odd folders in C Program Data: DYA_BIIIVEDKGJAIVQPOM, DYA_NDWVHOBHTDWUCLQVO, and n7-89-o9-3r-4t-r9. Not sure if they are safe or not, but they are all from February and I never saw such strange names before. Also svhost seems to suddenly be using a lot of memory which slows down the computer, but I'm not sure if it has anything to do with that, or if it's McAfee. I don't have System Restore enabled. That's all I can think of that I noticed. Thank you for any suggestions.

    _______________________________________________________________________________________________

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Basic, Service Pack 2, 32 bit
    Processor: Intel(R) Celeron(R) D CPU 3.46GHz, x64 Family 15 Model 6 Stepping 5
    Processor Count: 1
    RAM: 1014 Mb
    Graphics Card: Intel(R) 82945G Express Chipset Family, 256 Mb
    Hard Drives: C: Total - 145369 MB, Free - 390 MB; D: Total - 7255 MB, Free - 896 MB;
    Motherboard: ECS, Livermore
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
    ____________________________________________________________________________________________________

    HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:58:25 AM, on 2/22/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\Program Files\CapTrue\captrue.exe
    C:\Program Files\TweakRAM2\TweakRAM.exe
    C:\0Extra\Space\Space.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\JJ\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com?si=10188&bs=true&q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=10188&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com?si=10188&bs=true&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10188&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10188&bs=true&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [NetWorx] "C:\Users\JJ\Desktop\Extras\Networx_32-bit\networx.exe" /auto
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [CapTrue] C:\Program Files\CapTrue\captrue.exe
    O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM2\TweakRAM.exe
    O4 - HKCU\..\Run: [MoonSpace] C:\0Extra\Space\Space.exe AutoStart
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Adobe] rundll32 "C:\Users\JJ\AppData\Local\AIM Toolbar\Adobe\rrzfkmzis.dll",DllRegisterServerW (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

    --
    End of file - 9515 bytes


    dds.scr

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_30
    Run by JJ at 5:02:57 on 2013-02-22
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.231 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\Program Files\CapTrue\captrue.exe
    C:\Program Files\TweakRAM2\TweakRAM.exe
    C:\0Extra\Space\Space.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\PROGRA~1\McAfee\MSC\McAPExe.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\PROGRA~1\COMMON~1\McAfee\Platform\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = Preserve
    uSearch Page = hxxp://search.searchcompletion.com?si=10188&bs=true&q=
    mSearch Page = hxxp://search.searchcompletion.com?si=10188&bs=true&q=
    mDefault_Search_URL = hxxp://search.searchcompletion.com?si=10188&bs=true&q=
    mSearchAssistant = hxxp://home.peoplepc.com/search
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Accelerator Plugin: {656EC4B7-072B-4698-B504-2A414C1F0037} - c:\program files\peoplepc accelerated\prpl_IePopupBlocker.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - c:\program files\aim toolbar\aimtb.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    uRun: [CapTrue] c:\program files\captrue\captrue.exe
    uRun: [fsm] <no file>
    mRun: [NetWorx] "c:\users\jj\desktop\extras\networx_32-bit\networx.exe" /auto
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
    mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
    IE: Download web site with Free Download Manager - c:\program files\free download manager\dlpage.htm
    IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{DDD0648D-93A5-41FB-8EAF-925A24718BF0} : DHCPNameServer = 192.168.1.254
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jj\appdata\roaming\mozilla\firefox\profiles\87bwjs27.default\
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-01-13 04:30; [email protected]; c:\programdata\free download manager\firefox\extensions\1.5.7.9
    FF - ExtSQL: 2013-01-22 13:43; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\mcafee\SiteAdvisor
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-12-4 77004]
    R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2013-1-3 65856]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-9 565352]
    R1 aflfile;AFLFile;c:\windows\system32\drivers\aflfile.sys [2012-11-18 22984]
    R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-2-4 81720]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-9 210136]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-14 21504]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-1-2 167784]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 184288]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 184288]
    R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 184288]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 184288]
    R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-1-4 632344]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-4 168880]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-9 60480]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-9 234824]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-9 362640]
    R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 252200]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-4 167344]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-1-4 147472]
    S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2013-1-2 203080]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-9 65488]
    S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81456]
    S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2012-10-1 19024]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 acthelper;Ashampoo CoreTuner Helper Service;c:\program files\gotdashampoo\ashampoo core tuner\ACTHelperService.exe [2012-5-1 902488]
    S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    S4 DfSdkS;Defragmentation-Service;c:\program files\gotd\ashampoo\ashampoo hdd control\DfSdkS.exe [2011-9-7 406016]
    S4 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 184288]
    S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-1-2 167784]
    S4 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2012-9-5 69632]
    S4 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2012-7-30 9216]
    .
    =============== File Associations ===============
    .
    ShellExec: BlazeDVD.exe: open=".\BlazePhotoUI.exe" "%1"
    ShellExec: PhotoPlus Starter Edition.exe: open=c:\progra~1\serif\photop~1\2.0\program\PHOTOP~1.EXE "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-21 18:42:33 -------- d-----w- c:\program files\HungryFrog
    2013-02-21 18:41:22 -------- d-----w- c:\program files\HungryFrog.com LLC
    2013-02-21 18:28:34 -------- d-----w- C:\0Language_Mixed
    2013-02-21 18:28:17 -------- d-----w- C:\0Language_Others
    2013-02-21 18:26:47 -------- d-----w- C:\0Language_German
    2013-02-19 00:45:39 -------- d-----w- C:\0Language_Russian
    2013-02-18 21:56:33 -------- d-----w- c:\programdata\Double Trump
    2013-02-15 21:26:33 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
    2013-02-15 21:26:18 -------- d-----w- c:\users\jj\appdata\roaming\GameHouse
    2013-02-15 05:17:11 -------- d-----w- c:\program files\MunSoft
    2013-02-14 18:59:30 -------- d-----w- c:\program files\Inpaint
    2013-02-12 04:54:21 -------- d-----w- c:\users\jj\appdata\local\Screentime
    2013-02-12 04:47:00 -------- d-----w- c:\users\jj\appdata\roaming\jackdesktopwidget_3177724
    2013-02-10 20:56:34 -------- d-----w- C:\0Downloads_Giveaway(Game)_Skipped
    2013-02-10 18:56:33 -------- d-----w- c:\users\jj\appdata\roaming\Astro Gemini Software
    2013-02-10 18:44:13 -------- d-----w- c:\program files\Video to Picture
    2013-02-08 01:56:49 -------- d-----w- c:\program files\common files\Adobe Systems Shared
    2013-02-08 01:47:01 -------- d-----w- C:\PhSp_CS2_UE_Ret
    2013-02-06 21:26:22 -------- d-----w- c:\users\jj\appdata\roaming\DYA_NDWVHOBHTDWUCLQVO
    2013-02-06 21:26:21 -------- d-----w- c:\programdata\DYA_NDWVHOBHTDWUCLQVO
    2013-02-06 21:20:45 -------- d-----w- c:\users\jj\appdata\roaming\DYA_BIIIVEDKGJAIVQPOM
    2013-02-06 21:20:44 -------- d-----w- c:\programdata\DYA_BIIIVEDKGJAIVQPOM
    2013-02-05 10:10:20 -------- d-----w- C:\0GamesNotInstalled
    2013-02-04 09:02:59 -------- d-----w- c:\program files\Sketch Drawer
    2013-02-04 08:36:41 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
    2013-02-04 08:36:40 -------- d-----w- c:\users\jj\appdata\local\Zemana
    2013-02-04 08:36:33 -------- dc-h--w- c:\programdata\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
    2013-02-04 08:36:24 -------- d-----w- c:\program files\AntiLogger
    2013-02-03 08:49:16 -------- d-----w- c:\users\jj\appdata\roaming\Sky Bros
    2013-02-03 07:27:53 -------- d-----w- c:\program files\Easy Cash Manager
    2013-02-01 20:30:15 974848 ------w- c:\windows\system32\mfc70.dll
    2013-02-01 20:30:15 57344 ------w- c:\windows\system32\mfc70enu.dll
    2013-02-01 20:30:13 -------- d-----w- c:\program files\common files\Macromedia Shared
    2013-02-01 20:30:11 -------- d-----w- c:\program files\common files\Macromedia
    2013-02-01 20:29:42 -------- d-----w- c:\program files\Macromedia
    2013-01-25 01:39:54 -------- d-----w- c:\programdata\flipBook
    2013-01-25 01:36:07 -------- d-----w- c:\programdata\flipbuilder
    2013-01-24 18:17:06 -------- d--h--w- c:\programdata\Common Files
    2013-01-24 18:17:05 -------- d-----w- c:\users\jj\appdata\local\MFAData
    2013-01-24 18:17:05 -------- d-----w- c:\programdata\MFAData
    .
    ==================== Find3M ====================
    .
    2013-02-21 00:39:45 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-21 00:39:44 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-06 19:45:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-06 19:45:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 5:06:01.82 ===============

    Attach Log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista&#8482; Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/1/2007 2:36:09 AM
    System Uptime: 2/22/2013 2:46:39 AM (3 hours ago)
    .
    Motherboard: ECS | | Livermore
    Processor: Intel(R) Celeron(R) D CPU 3.46GHz | CPU 1 | 3466/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 0.443 GiB free.
    D: is FIXED (NTFS) - 7 GiB total, 0.876 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0003
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #2
    PNP Device ID: ROOT\*6TO4MP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0004
    Manufacturer: Microsoft
    Name: isatap.{D5A1F91E-94AE-4CA8-ACA8-A4C87DD5E157}
    PNP Device ID: ROOT\*ISATAP\0004
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    1-abc.net Duplicate Finder (Remove only)
    1AVCenter version 2.3.1.21
    2 Pic
    25 Clips
    A+ Folder Locker 1.0.1
    ABBYY FineReader 4.0 Sprint
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.5.3
    Adobe Shockwave Player 11.6
    Adobe Stock Photos 1.0
    Advanced Diary v1.3
    Aidfile recovery software professional version 3.5.0.0
    AIM 6
    AIM Toolbar
    Alchemy and Bejeweled Pack
    All My Gods
    AllMySongs Database
    Amazon Kindle
    Aml Pages 9.35
    AntiLogger
    AntiPhotoSpy 2012
    AnVir Task Manager
    Ashampoo Core Tuner 1.21
    Ashampoo HDD Control 1.12
    Ashampoo Photo Commander 8 v.8.5.0
    Ashampoo Undeleter v.1.1.0
    Ashtons Family Resort
    AT&T Digital Directories - Winston-Salem, NC
    Auslogics Disk Defrag Professional
    AusLogics Registry Defrag
    Bejeweled 2 Deluxe 1.1
    Beyond Share 2.1.8.68
    Bing Bar
    Blitz FlashCards (GOTD Version) (remove only)
    BlueVoda Website Builder 11.4G
    Brickshooter Egypt 1.0
    Bubble Ice Age
    Bull Run Fever
    BusinessCards MX
    Call of Atlantis
    CapTrue
    Chinese Simplified Fonts Support For Adobe Reader 9
    Christmas Eve 3D Screensaver 1.0
    Chrysanth Diary [Starter]
    CleverPrint
    Clickie
    Cloud System Booster
    Compaq Connections (remove only)
    Cook'n Recipe Organizer
    Copy/Move To Extensions
    Coupon Printer for Windows
    Dark Calendar version 1.9
    DayMate
    DesignBox version 1.06.02
    Desktop Icon Toy 4.6
    Digital Diary 4.6
    DiskBoss Pro 2.0.16
    Doronix Math ToolBox version 1.0.3
    Double Solitaire
    Download Updater (AOL LLC)
    dpeg Cicada
    Dropbox
    DVD Play
    EASEUS Data Recovery Wizard Professional 4.3.6
    Easy Drive Data Recovery
    Elves Inc
    Enhanced Multimedia Keyboard Solution
    Enigma Virtual Box v5.40 Build 20121018
    Eraser
    FBM PDF Converter
    Feedback Tool
    FileStream Turbo Browser
    FileStream Web Boomerang
    Flash Card Master
    Flash Movie Player 1.5
    FLV Player 1.3.3
    Focus Photoeditor 6.3.9.8 SE
    Folder Size & Analyze Professional
    Free Download Manager 3.9.2
    Golden Autumn 3D Screensaver 1.0
    Google Chrome
    Google Update Helper
    Greeting Card Factory Express Workshop
    GridinSoft Notepad
    GTD Timer
    GUnzip
    Halotea Lite v1.105
    Halotea v1.061
    Hardware Diagnostic Tools
    HHD Software Hex Editor Neo 5.13
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Driver Diagnostics
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Memories Disc
    HP On-Screen Caps/Num/Scroll Lock Indicator
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    HP Photosmart Essential
    HP Picasso Media Center Add-In
    hp psc 1200 series
    HP Total Care Advisor
    HP Update
    HPSSupply
    HTML-Kit
    Hungry_Frog_Software
    iCare Card Recovery Pro 2.0
    iDailyDiary 3.41
    Inpaint 4.7
    Insaniquarium Deluxe 1.1
    InstallMgr
    Intel(R) Graphics Media Accelerator Driver
    iPixSoft Flash Slideshow Creator (4.0.0.1)
    iPixSoft SWF to Video Converter (1.6.2.0)
    IrfanView (remove only)
    Island Tribe 4
    Island_Tribe
    Islands
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 30
    Jet Screenshot v 3.0.1
    Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
    KC Softwares AVIToolbox
    Kingsoft Presentation (8.1.0.3019)
    Kit and Ellis
    LaunchMate
    Lazesoft Data Recovery version 3.2 Professional Edition
    Light Developer v7.1, build 12452
    LightScribe 1.4.136.1
    LockHunter version 1.0 beta 3, 32 bit edition
    Macromedia Fireworks MX 2004
    Macromedia Flash MX 2004
    Macromedia FreeHand MXa
    Magic Collage
    MahJong Suite 2012 v9.0
    Malwarebytes Anti-Malware version 1.70.0.1100
    Maple Professional
    McAfee Total Protection
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Default Manager
    Microsoft Greetings 2000
    Microsoft Greetings 2001
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Streets and Trips 2001
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Windows Media Video 9 VCM
    Microsoft Works
    Microsoft_VC100_CRT_x86
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MP3 Tag Express 6.8.5
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    My HP Games
    Namosofts Data Recovery 2
    Netscape (7.1)
    Netscape Navigator (9.0.0.1)
    OGA Notifier 2.0.0048.0
    Opera 12.14
    Ozzy Bubbles
    Paint Shop Pro 7 ESD
    PaintSupreme
    PC Fresh
    PC Tutor&#8482; Learn Windows Vista&#8482;
    PDF Protector Splitter and Merger v1.0
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    PeoplePC Online
    Photo Cutter 1.0
    Photo Toolbox for Windows version 1.7.4.5
    PhoXo
    Postcard Maker 1.7
    Premium Booster
    Premium Booster's Scheduler
    Premium Booster (Vista)
    PresentationTube Recorder 1.0
    Process Lasso
    Python 2.4.3
    Rapture's King Sol
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rhapsody
    Rhapsody Player Engine
    RoboTask
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Serif DrawPlus Starter Edition
    Serif PagePlus Starter Edition
    Serif PhotoPlus Starter Edition
    ShadowExplorer 0.8
    Shared C Run-time for x86
    Shockwave
    Simply Good Pictures 2
    SimplyGoodPictures
    Sketch Drawer 1.1
    SlimPublisher
    Smart Diary Suite 4.7.4.0
    SmartSleep 3.62
    Soft Data Fax Modem with SmartCP
    Softdiv PDF to Image Converter 1.1
    Software Informer 1.1
    Sokoban++ (remove only)
    Sothink Logo Maker Special
    SpringPublisher
    Spybot - Search & Destroy 1.4
    SugarSync Manager
    swMSM
    SysResources Manager
    ThunderSoft Flash Slideshow Factory (2.8.2.0)
    TinyCars2
    Treasure Of Persia
    Turtle Odyssey
    Turtle Odyssey 2
    TweakRAM
    TwistedBrush
    TwistedBrush Pro Studio
    Ulead Photo Explorer 7.0 SE
    UnloadSupport
    Unlocker 1.8.5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Viewpoint Media Player
    VX Search Pro 3.4.38
    Webshots Desktop
    WinPatrol 2008
    WinRAR archiver
    WinSysClean X3
    WinSysClean X3 Trial
    Winter 3D Screensaver 1.0
    WinZip
    Wondershare DVD Creator(Build 2.6.5)
    World's Greatest Places Mahjong
    World Mosaics 3: Fairy Tales (remove only)
    X mas Blox
    Xara Xtreme 5
    XQDC X-Setup Pro 9.2.100
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer
    Youda Fairy
    ZoneAlarm LTD Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/22/2013 2:52:26 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
    2/22/2013 2:48:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SMR310
    2/22/2013 2:48:54 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/21/2013 4:25:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    2/21/2013 3:58:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    2/21/2013 3:52:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfecore service.
    .
    ==== End Of File ===========================



    and Gmer log which I'm not sure if I did correctly but it took almost 24 hours:


    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-23 03:12:46
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600JS-60NCB1 rev.10.02E02 149.05GB
    Running: ho05wvbo.exe; Driver: C:\Users\JJ\AppData\Local\Temp\pgldypoc.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateFile [0x8CEEAF0E]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateSymbolicLinkObject [0x8CEEB4D4]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwCreateThread [0x8CEE9B20]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteKey [0x8CEEAAA2]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeleteValueKey [0x8CEEA974]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwDeviceIoControlFile [0x8CEEB7CC]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwLoadDriver [0x8CEE971C]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwMapViewOfSection [0x8CEE9278]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenFile [0x8CEEB28A]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenKey [0x8CEEAEC8]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenProcess [0x8CEEA100]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwOpenThread [0x8CEEA42C]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwProtectVirtualMemory [0x8CEEB494]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwQueueApcThread [0x8CEE9E46]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSecureConnectPort [0x8CEEB42C]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetContextThread [0x8CEE8FA4]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetSystemInformation [0x8CEE9AB2]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwSetValueKey [0x8CEEAB6E]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwTerminateProcess [0x8CEEA84A]
    SSDT \??\C:\Windows\system32\drivers\AntiLog32.sys (Zemana AntiLogger Driver/Zemana Ltd.) ZwWriteVirtualMemory [0x8CEE8BF6]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!KeSetEvent + 1D9 82AC989C 4 Bytes [0E, AF, EE, 8C]
    .text ntkrnlpa.exe!KeSetEvent + 21D 82AC98E0 8 Bytes [D4, B4, EE, 8C, 20, 9B, EE, ...]
    .text ntkrnlpa.exe!KeSetEvent + 2D5 82AC9998 4 Bytes [A2, AA, EE, 8C]
    .text ntkrnlpa.exe!KeSetEvent + 2E1 82AC99A4 8 Bytes [74, A9, EE, 8C, CC, B7, EE, ...]
    .text ntkrnlpa.exe!KeSetEvent + 37D 82AC9A40 4 Bytes [1C, 97, EE, 8C]
    .text ...

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[2876] kernel32.dll!LoadLibraryW 771093F0 5 Bytes JMP 705B8690 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[2876] kernel32.dll!LoadLibraryA 7710956C 5 Bytes JMP 705B8590 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\AntiLogger\AntiLogger.exe[3008] kernel32.dll!CreateThread + 1A 7712CB28 4 Bytes CALL 007F46D9 C:\Program Files\AntiLogger\AntiLogger.exe (Zemana AntiLogger User Interface/Zemana Ltd.)
    .text C:\Program Files\TweakRAM2\TweakRAM.exe[3024] kernel32.dll!CreateThread + 1A 7712CB28 4 Bytes CALL 004511B5 C:\Program Files\TweakRAM2\TweakRAM.exe (TweakRAM/Elcor Software)

    ---- Registry - GMER 2.1 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BE518F3-FF8C-1054-6AB8-6688F45B1D5F}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BE518F3-FF8C-1054-6AB8-6688F45B1D5F}@habldmadpecbkmfa 0x61 0x62 0x61 0x6B ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BE518F3-FF8C-1054-6AB8-6688F45B1D5F}@jamkmmiaignldcdpnmog 0x64 0x62 0x6E 0x6B ...

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    There is a big problem with your system apart from any malware, the available space on C:\ drive is not enough:

    C: is FIXED (NTFS) - 142 GiB total, 0.443 GiB free.

    You will need a minimum of 15% free space for Windows to work efficiently, you will have to do something about that ASAP...
    When that space is created, turn on System restore and create a new Restorepoint before you progress.

    Next,

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin... :)
     
  3. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    # AdwCleaner v2.113 - Logfile created 02/25/2013 at 00:36:28
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
    # User : JJ - JJ-PC
    # Boot Mode : Normal
    # Running from : C:\Users\JJ\Desktop\2-adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files\Ask.com
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Users\JJ\AppData\LocalLow\Viewpoint
    ***** [Registry] *****
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\Software\SimplyGen
    Key Deleted : HKLM\Software\Viewpoint
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://www.searchcompletion.com?si=10188&home=true --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://www.searchcompletion.com?si=10188&home=true --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://www.searchcompletion.com?si=10188&home=true --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://www.searchcompletion.com?si=10188&home=true --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.searchcompletion.com?si=10188&bs=true&q= --> hxxp://www.google.com
    -\\ Mozilla Firefox v18.0.1 (en-US)
    File : C:\Users\GH\AppData\Roaming\Mozilla\Firefox\Profiles\62f3a97c.default\prefs.js
    [OK] File is clean.
    File : C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\87bwjs27.default\prefs.js
    [OK] File is clean.
    -\\ Google Chrome v24.0.1312.56
    File : C:\Users\JJ\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    -\\ Opera v12.14.1738.0
    File : C:\Users\JJ\AppData\Roaming\Opera\Opera\operaprefs.ini
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [11739 octets] - [25/02/2013 00:36:28]
    ########## EOF - C:\AdwCleaner[S1].txt - [11800 octets] ##########


    ComboFix didn't have me reboot at all or reboot itself. I did restart the computer when it finished.


    ComboFix 13-02-24.01 - JJ 02/25/2013 3:54.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.351 [GMT -5:00]
    Running from: c:\users\JJ\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\15a05a1824a8793fae296ac6f79b78023a0c9d3c
    c:\programdata\DYA_BIIIVEDKGJAIVQPOM
    c:\programdata\DYA_BIIIVEDKGJAIVQPOM\1.0.0\Data\app.dat
    c:\programdata\DYA_BIIIVEDKGJAIVQPOM\1.0.0\Data\updates.dat
    c:\programdata\DYA_NDWVHOBHTDWUCLQVO
    c:\programdata\DYA_NDWVHOBHTDWUCLQVO\1.0.0\Data\app.dat
    c:\programdata\DYA_NDWVHOBHTDWUCLQVO\1.0.0\Data\updates.dat
    c:\users\GH\AppData\Roaming\.#
    c:\users\JJ\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
    c:\users\JJ\AppData\Roaming\DYA_BIIIVEDKGJAIVQPOM
    c:\users\JJ\AppData\Roaming\DYA_BIIIVEDKGJAIVQPOM\1.0.0\Data\dya.dat
    c:\users\JJ\AppData\Roaming\DYA_NDWVHOBHTDWUCLQVO
    c:\users\JJ\AppData\Roaming\DYA_NDWVHOBHTDWUCLQVO\1.0.0\Data\dya.dat
    c:\users\JJ\AppData\Roaming\Microsoft\~DFK288a45.tmp
    c:\users\JJ\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\JJ\AppData\Roaming\Microsoft\bass.dll
    c:\users\JJ\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\JJ\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\JJ\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\JJ\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\JJ\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\JJ\Error.log
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\desktop
    c:\windows\desktop\Cook'n Recipe Organizer.lnk
    c:\windows\iun6002.exe
    c:\windows\system32\PPCOUNIN.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-25 09:33 . 2013-02-25 09:33 -------- d-----w- c:\users\GH\AppData\Local\temp
    2013-02-25 09:32 . 2013-02-25 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-21 18:42 . 2013-02-21 18:49 -------- d-----w- c:\program files\HungryFrog
    2013-02-21 18:28 . 2013-02-21 18:39 -------- d-----w- C:\0Language_Mixed
    2013-02-21 18:28 . 2013-02-21 18:38 -------- d-----w- C:\0Language_Others
    2013-02-21 18:26 . 2013-02-21 18:40 -------- d-----w- C:\0Language_German
    2013-02-19 00:45 . 2013-02-21 18:55 -------- d-----w- C:\0Language_Russian
    2013-02-18 21:56 . 2013-02-18 21:56 -------- d-----w- c:\programdata\Double Trump
    2013-02-15 21:26 . 2013-02-15 21:26 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
    2013-02-15 21:26 . 2013-02-17 21:17 -------- d-----w- c:\users\JJ\AppData\Roaming\GameHouse
    2013-02-15 05:17 . 2013-02-15 05:17 -------- d-----w- c:\program files\MunSoft
    2013-02-12 04:54 . 2013-02-20 22:10 -------- d-----w- c:\users\JJ\AppData\Local\Screentime
    2013-02-11 19:11 . 2013-02-11 19:11 -------- d-----w- c:\users\JJ\AppData\Roaming\Aim
    2013-02-10 20:56 . 2013-02-24 21:32 -------- d-----w- C:\0Downloads_Giveaway(Game)_Skipped
    2013-02-10 18:56 . 2013-02-10 18:56 -------- d-----w- c:\users\JJ\AppData\Roaming\Astro Gemini Software
    2013-02-10 18:44 . 2013-02-10 18:51 -------- d-----w- c:\program files\Video to Picture
    2013-02-05 10:10 . 2013-02-24 21:41 -------- d-----w- C:\0GamesNotInstalled
    2013-02-04 09:02 . 2013-02-04 09:03 -------- d-----w- c:\program files\Sketch Drawer
    2013-02-04 08:36 . 2013-02-04 08:36 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
    2013-02-04 08:36 . 2013-02-04 08:37 -------- d-----w- c:\users\JJ\AppData\Local\Zemana
    2013-02-04 08:36 . 2013-02-04 08:36 -------- dc-h--w- c:\programdata\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
    2013-02-04 08:36 . 2013-02-04 08:36 -------- d-----w- c:\program files\AntiLogger
    2013-02-03 08:49 . 2013-02-03 08:49 -------- d-----w- c:\users\JJ\AppData\Roaming\Sky Bros
    2013-02-03 07:27 . 2013-02-03 07:34 -------- d-----w- c:\program files\Easy Cash Manager
    2013-02-01 20:30 . 2002-01-05 12:48 974848 ------w- c:\windows\system32\mfc70.dll
    2013-02-01 20:30 . 2002-01-05 12:10 57344 ------w- c:\windows\system32\mfc70enu.dll
    2013-02-01 20:29 . 2013-02-24 09:19 -------- d-----w- c:\program files\Macromedia
    2013-01-27 08:57 . 2013-01-27 08:57 -------- d-----w- c:\users\JJ\AppData\Roaming\PlayFirst
    2013-01-27 08:57 . 2013-01-27 08:57 -------- d-----w- c:\programdata\PlayFirst
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-21 00:39 . 2012-09-21 00:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-21 00:39 . 2012-09-21 00:01 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-17 08:06 . 2013-01-17 08:06 161792 ----a-w- c:\windows\system32\msls31.dll
    2013-01-17 08:06 . 2013-01-17 08:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2013-01-17 08:06 . 2013-01-17 08:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-01-17 08:06 . 2013-01-17 08:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-01-17 08:06 . 2013-01-17 08:06 63488 ----a-w- c:\windows\system32\tdc.ocx
    2013-01-17 08:06 . 2013-01-17 08:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-01-17 08:06 . 2013-01-17 08:06 367104 ----a-w- c:\windows\system32\html.iec
    2013-01-17 08:06 . 2013-01-17 08:06 74752 ----a-w- c:\windows\system32\iesetup.dll
    2013-01-17 08:06 . 2013-01-17 08:06 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2013-01-17 08:06 . 2013-01-17 08:06 152064 ----a-w- c:\windows\system32\wextract.exe
    2013-01-17 08:06 . 2013-01-17 08:06 150528 ----a-w- c:\windows\system32\iexpress.exe
    2013-01-17 08:06 . 2013-01-17 08:06 35840 ----a-w- c:\windows\system32\imgutil.dll
    2013-01-17 08:06 . 2013-01-17 08:06 11776 ----a-w- c:\windows\system32\mshta.exe
    2013-01-17 08:06 . 2013-01-17 08:06 101888 ----a-w- c:\windows\system32\admparse.dll
    2013-01-17 08:06 . 2013-01-17 08:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-12-16 13:12 . 2013-01-17 01:40 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50 . 2013-01-17 01:40 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49 . 2013-01-23 08:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-06 19:45 . 2012-12-06 19:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-06 19:45 . 2011-11-08 18:43 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-23 01:36 . 2013-01-23 01:35 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CapTrue"="c:\program files\CapTrue\captrue.exe" [2008-09-05 673280]
    "TweakRAM"="c:\program files\TweakRAM2\TweakRAM.exe" [2011-08-27 997888]
    "MoonSpace"="c:\0extra\Space\Space.exe" [2005-01-20 553476]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2013-01-17 6860288]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 514936]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 514936]
    "AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-12-04 14597616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-12-9 157008]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clock.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clock.lnk
    backup=c:\windows\pss\Clock.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskTop Startup Dock.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DeskTop Startup Dock.lnk
    backup=c:\windows\pss\DeskTop Startup Dock.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk
    backup=c:\windows\pss\hp psc 1000 series.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^JJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^25Clips.lnk]
    path=c:\users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\25Clips.lnk
    backup=c:\windows\pss\25Clips.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^JJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^JJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
    path=c:\users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    backup=c:\windows\pss\Webshots.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
    2007-08-07 22:15 25944 ------w- c:\program files\PeoplePC\ISP6630\Bin\PPCOLink.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
    2006-12-06 19:38 81920 ----a-w- c:\program files\HP\DVDPlay\DPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2013-01-17 04:06 6860288 ----a-w- c:\program files\Free Download Manager\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
    2007-06-10 23:02 40960 ----a-w- c:\program files\Free Download Manager\fumoei.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-06-19 01:01 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-02-17 01:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2006-12-08 15:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
    2006-11-20 11:34 155648 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-06-19 01:01 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
    2011-08-08 17:31 828416 ----a-w- c:\windows\System32\PrintDisp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-10-25 09:52 4702208 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
    2012-03-27 16:20 1686528 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R4 acthelper;Ashampoo CoreTuner Helper Service;c:\program files\GOTDAshampoo\Ashampoo Core Tuner\ACTHelperService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 09:43 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 00:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\87bwjs27.default\
    FF - ExtSQL: 2013-01-13 04:30; [email protected]; c:\programdata\Free Download Manager\Firefox\Extensions\1.5.7.9
    FF - ExtSQL: 2013-01-22 13:43; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-fsm - (no file)
    HKLM-Run-NetWorx - c:\users\JJ\Desktop\Extras\Networx_32-bit\networx.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-TkBellExe - c:\program files\Real\realplayer\update\realsched.exe
    AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-25 04:33
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1336639222-2632254384-3752122086-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BE518F3-FF8C-1054-6AB8-6688F45B1D5F}*]
    "habldmadpecbkmfa"=hex:61,62,61,6b,6b,61,70,6d,70,65,69,68,61,62,62,65,6f,6d,
    6a,70,64,6f,6f,6d,62,6e,6a,6c,6c,62,6d,67,6d,63,00,74
    "jamkmmiaignldcdpnmog"=hex:64,62,6e,6b,6c,6e,65,6b,63,62,70,68,70,70,65,6f,61,
    6d,62,70,6f,62,6a,70,6c,6a,67,6c,64,63,65,69,6f,63,6d,6a,67,70,61,6b,00,72
    .
    [HKEY_USERS\S-1-5-21-1336639222-2632254384-3752122086-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F2FFDB73-833C-A76F-654C-5F98A93FBEF8}*]
    "hafbjabgmecclmpf"=hex:61,62,6b,63,6d,6b,6e,66,65,68,69,68,6c,65,63,6e,65,68,
    67,6d,6c,70,6e,6e,63,61,67,61,62,64,63,63,68,67,00,75
    "jagbedcjfdkhogeppnei"=hex:64,62,69,61,68,6f,6a,6c,6c,63,66,69,69,62,63,63,68,
    61,63,6a,6a,6c,70,62,70,6f,69,61,6c,6c,61,6f,6b,68,68,6f,63,6b,6f,6c,00,43
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2013-02-25 04:40:06
    ComboFix-quarantined-files.txt 2013-02-25 09:39
    .
    Pre-Run: 5,254,832,128 bytes free
    Post-Run: 5,234,298,880 bytes free
    .
    - - End Of File - - 096BD25CF4ED71FC122BC2BCD2E2EA91
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    OK, continue:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    RegNull::
    [HKEY_USERS\S-1-5-21-1336639222-2632254384-3752122086-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BE518F3-FF8C-1054-6AB8-6688F45B1D5F}*]
    [HKEY_USERS\S-1-5-21-1336639222-2632254384-3752122086-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F2FFDB73-833C-A76F-654C-5F98A93FBEF8}*]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Post both logs, let me know what issues or concerns remain....

    Kevin
     
  5. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    Thanks again for your help. Sorry it took awhile, but the scan took almost 26 hours and found over 800 items, mostlyHTML/ScrInject.B.Gen virus. I'm having trouble posting it, perhaps it's too large so I'll attach it. Here's the Combofix file:


    ComboFix 13-02-24.01 - JJ 02/25/2013 17:38:29.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.354 [GMT -5:00]
    Running from: c:\users\JJ\Desktop\ComboFix.exe
    Command switches used :: c:\users\JJ\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-25 23:16 . 2013-02-25 23:16 -------- d-----w- c:\users\GH\AppData\Local\temp
    2013-02-25 23:16 . 2013-02-25 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-21 18:42 . 2013-02-21 18:49 -------- d-----w- c:\program files\HungryFrog
    2013-02-21 18:28 . 2013-02-21 18:39 -------- d-----w- C:\0Language_Mixed
    2013-02-21 18:28 . 2013-02-21 18:38 -------- d-----w- C:\0Language_Others
    2013-02-21 18:26 . 2013-02-21 18:40 -------- d-----w- C:\0Language_German
    2013-02-19 00:45 . 2013-02-21 18:55 -------- d-----w- C:\0Language_Russian
    2013-02-18 21:56 . 2013-02-18 21:56 -------- d-----w- c:\programdata\Double Trump
    2013-02-15 21:26 . 2013-02-15 21:26 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9
    2013-02-15 21:26 . 2013-02-17 21:17 -------- d-----w- c:\users\JJ\AppData\Roaming\GameHouse
    2013-02-15 05:17 . 2013-02-15 05:17 -------- d-----w- c:\program files\MunSoft
    2013-02-12 04:54 . 2013-02-20 22:10 -------- d-----w- c:\users\JJ\AppData\Local\Screentime
    2013-02-11 19:11 . 2013-02-11 19:11 -------- d-----w- c:\users\JJ\AppData\Roaming\Aim
    2013-02-10 20:56 . 2013-02-24 21:32 -------- d-----w- C:\0Downloads_Giveaway(Game)_Skipped
    2013-02-10 18:56 . 2013-02-10 18:56 -------- d-----w- c:\users\JJ\AppData\Roaming\Astro Gemini Software
    2013-02-10 18:44 . 2013-02-10 18:51 -------- d-----w- c:\program files\Video to Picture
    2013-02-05 10:10 . 2013-02-24 21:41 -------- d-----w- C:\0GamesNotInstalled
    2013-02-04 09:02 . 2013-02-04 09:03 -------- d-----w- c:\program files\Sketch Drawer
    2013-02-04 08:36 . 2013-02-04 08:36 81720 ----a-w- c:\windows\system32\drivers\AntiLog32.sys
    2013-02-04 08:36 . 2013-02-04 08:37 -------- d-----w- c:\users\JJ\AppData\Local\Zemana
    2013-02-04 08:36 . 2013-02-04 08:36 -------- dc-h--w- c:\programdata\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
    2013-02-04 08:36 . 2013-02-04 08:36 -------- d-----w- c:\program files\AntiLogger
    2013-02-03 08:49 . 2013-02-03 08:49 -------- d-----w- c:\users\JJ\AppData\Roaming\Sky Bros
    2013-02-03 07:27 . 2013-02-03 07:34 -------- d-----w- c:\program files\Easy Cash Manager
    2013-02-01 20:30 . 2002-01-05 12:48 974848 ------w- c:\windows\system32\mfc70.dll
    2013-02-01 20:30 . 2002-01-05 12:10 57344 ------w- c:\windows\system32\mfc70enu.dll
    2013-02-01 20:29 . 2013-02-24 09:19 -------- d-----w- c:\program files\Macromedia
    2013-01-27 08:57 . 2013-01-27 08:57 -------- d-----w- c:\users\JJ\AppData\Roaming\PlayFirst
    2013-01-27 08:57 . 2013-01-27 08:57 -------- d-----w- c:\programdata\PlayFirst
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-21 00:39 . 2012-09-21 00:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-21 00:39 . 2012-09-21 00:01 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-17 08:06 . 2013-01-17 08:06 161792 ----a-w- c:\windows\system32\msls31.dll
    2013-01-17 08:06 . 2013-01-17 08:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2013-01-17 08:06 . 2013-01-17 08:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-01-17 08:06 . 2013-01-17 08:06 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-01-17 08:06 . 2013-01-17 08:06 63488 ----a-w- c:\windows\system32\tdc.ocx
    2013-01-17 08:06 . 2013-01-17 08:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-01-17 08:06 . 2013-01-17 08:06 367104 ----a-w- c:\windows\system32\html.iec
    2013-01-17 08:06 . 2013-01-17 08:06 74752 ----a-w- c:\windows\system32\iesetup.dll
    2013-01-17 08:06 . 2013-01-17 08:06 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2013-01-17 08:06 . 2013-01-17 08:06 152064 ----a-w- c:\windows\system32\wextract.exe
    2013-01-17 08:06 . 2013-01-17 08:06 150528 ----a-w- c:\windows\system32\iexpress.exe
    2013-01-17 08:06 . 2013-01-17 08:06 35840 ----a-w- c:\windows\system32\imgutil.dll
    2013-01-17 08:06 . 2013-01-17 08:06 11776 ----a-w- c:\windows\system32\mshta.exe
    2013-01-17 08:06 . 2013-01-17 08:06 101888 ----a-w- c:\windows\system32\admparse.dll
    2013-01-17 08:06 . 2013-01-17 08:06 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-12-16 13:12 . 2013-01-17 01:40 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 10:50 . 2013-01-17 01:40 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49 . 2013-01-23 08:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-06 19:45 . 2012-12-06 19:50 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-06 19:45 . 2011-11-08 18:43 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-23 01:36 . 2013-01-23 01:35 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2011-10-24 23:54 323584 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CapTrue"="c:\program files\CapTrue\captrue.exe" [2008-09-05 673280]
    "TweakRAM"="c:\program files\TweakRAM2\TweakRAM.exe" [2011-08-27 997888]
    "MoonSpace"="c:\0extra\Space\Space.exe" [2005-01-20 553476]
    "Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2013-01-17 6860288]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 514936]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 514936]
    "AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2012-12-04 14597616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-12-9 157008]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clock.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clock.lnk
    backup=c:\windows\pss\Clock.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskTop Startup Dock.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DeskTop Startup Dock.lnk
    backup=c:\windows\pss\DeskTop Startup Dock.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk
    backup=c:\windows\pss\hp psc 1000 series.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
    backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^JJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^25Clips.lnk]
    path=c:\users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\25Clips.lnk
    backup=c:\windows\pss\25Clips.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^JJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^JJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
    path=c:\users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    backup=c:\windows\pss\Webshots.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
    2007-08-07 22:15 25944 ------w- c:\program files\PeoplePC\ISP6630\Bin\PPCOLink.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
    2006-12-06 19:38 81920 ----a-w- c:\program files\HP\DVDPlay\DPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    2013-01-17 04:06 6860288 ----a-w- c:\program files\Free Download Manager\fdm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
    2007-06-10 23:02 40960 ----a-w- c:\program files\Free Download Manager\fumoei.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-06-19 01:01 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-02-17 01:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2006-12-08 15:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
    2006-11-20 11:34 155648 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-06-19 01:01 133656 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
    2011-08-08 17:31 828416 ----a-w- c:\windows\System32\PrintDisp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-10-25 09:52 4702208 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
    2012-03-27 16:20 1686528 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R4 acthelper;Ashampoo CoreTuner Helper Service;c:\program files\GOTDAshampoo\Ashampoo Core Tuner\ACTHelperService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 09:43 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 00:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\87bwjs27.default\
    FF - ExtSQL: 2013-01-13 04:30; [email protected]; c:\programdata\Free Download Manager\Firefox\Extensions\1.5.7.9
    FF - ExtSQL: 2013-01-22 13:43; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-25 18:17
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    [-411006357] 0x9B2B3AE1
    [-411006357] 0x8CDE5FC3
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(55620)
    c:\users\JJ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    Completion time: 2013-02-25 18:23:08
    ComboFix-quarantined-files.txt 2013-02-25 23:23
    ComboFix2.txt 2013-02-25 09:40
    .
    Pre-Run: 5,104,291,840 bytes free
    Post-Run: 5,038,940,160 bytes free
    .
    - - End Of File - - 329049F0F4BA2B37A78C82431A6985C0
     

    Attached Files:

  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    Can you work your way through that list and delete those files from the system.

    Next,

    OTL by Oldtimer
    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Post those logs from OTL, give an update on current issues/concerns...
     
  7. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    Delete every last file on the list or just the ones with HTML/ScrInject.B.Gen virus on the end? There were a few image programs in the list (with something different on the end) that I liked, but I'll delete everything if I must. However, I really want to know before I start, do I just delete them to the recycle bin, or do I erase them (I usually use Eraser) or, if the answer is to delete them to the recycle bin, can I erase the recycle bin after that? Thanks.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    I`d delete all files listed by ESET, they are classed as a threat. If you delete to the recycle bin when finished right click on the bin and select empty...
     
  9. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    OK - I'll get busy. I only meant that I usually erase them as an extra precaution, because I didn't know if, if I just delete them, whether or not they are still lurking around in the background of my computer, with the malware waiting to reappear at a later date, or, on the other hand, if I erase them, whether it would activate something to start it spreading to more files. Okay, I will just delete....
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    Thanks for update, use whatever means you wish to delete those files from your system....
     
  11. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    All files have been deleted to the recycle bin and erased.

    OTL run and files pasted below, but I was wondering about the other settings, but I just left the ones you didn't mention as they were. Also my screen keeps going black (while I'm in the middle of working on something). It was a few weeks ago as well, but I had disabled Superfetch and when I turned it back on, it seemed okay so I thought that was the problem, but maybe it wasn't. Would it have anything to do with this or is it a completely different problem of some sort? It seems okay today but last night it wasn't, and my usually silent keyboard was making strange squeaky noises, but maybe that had nothing to do with anything.

    OTL logfile created on: 2/28/2013 12:18:58 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JJ\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.64 Mb Total Physical Memory | 118.84 Mb Available Physical Memory | 11.71% Memory free
    2.42 Gb Paging File | 1.52 Gb Available in Paging File | 62.51% Paging File free
    Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 141.96 Gb Total Space | 3.29 Gb Free Space | 2.32% Space Free | Partition Type: NTFS
    Drive D: | 7.09 Gb Total Space | 0.88 Gb Free Space | 12.36% Space Free | Partition Type: NTFS

    Computer Name: JJ-PC | User Name: JJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/27 12:25:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JJ\Desktop\OTL.exe
    PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2013/01/16 23:06:36 | 006,860,288 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
    PRC - [2012/12/04 11:25:57 | 014,597,616 | ---- | M] (Zemana Ltd.) -- C:\Program Files\AntiLogger\AntiLogger.exe
    PRC - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2012/10/19 09:49:52 | 000,513,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
    PRC - [2012/10/07 04:02:38 | 000,140,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
    PRC - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    PRC - [2012/10/07 03:12:36 | 000,252,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    PRC - [2012/10/06 07:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2011/08/27 10:28:37 | 000,997,888 | ---- | M] (Elcor Software) -- C:\Program Files\TweakRAM2\TweakRAM.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/09/05 11:55:41 | 000,673,280 | ---- | M] () -- C:\Program Files\CapTrue\captrue.exe
    PRC - [2007/10/29 17:28:48 | 003,294,544 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
    PRC - [2005/01/20 14:20:30 | 000,553,476 | ---- | M] (MoonTown) -- C:\0Extra\Space\Space.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
    MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
    MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
    MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
    MOD - [2012/12/26 08:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll
    MOD - [2008/09/05 11:55:41 | 000,673,280 | ---- | M] () -- C:\Program Files\CapTrue\captrue.exe
    MOD - [2008/04/29 13:59:44 | 000,077,824 | ---- | M] () -- C:\Program Files\CapTrue\captrue.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
    SRV - [2013/02/27 15:50:40 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/22 20:36:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/11/22 04:40:54 | 000,279,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
    SRV - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2012/10/07 03:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
    SRV - [2012/10/06 07:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe -- (mfecore)
    SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/01/28 12:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
    SRV - [2011/01/02 20:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Disabled | Stopped] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc)
    SRV - [2010/04/29 04:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Disabled | Stopped] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
    SRV - [2010/02/15 13:00:10 | 000,902,488 | ---- | M] (Ashampoo Development GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\GOTDAshampoo\Ashampoo Core Tuner\ACTHelperService.exe -- (acthelper)
    SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Disabled | Stopped] -- C:\Program Files\GOTD\Ashampoo\Ashampoo HDD Control\DfSdkS.exe -- (DfSdkS)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR310.SYS -- (SMR310)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JJ\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/02/04 03:36:41 | 000,081,720 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AntiLog32.sys -- (AntiLog32)
    DRV - [2012/11/09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2012/11/09 06:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2012/11/09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2012/11/09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2012/11/09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2012/11/09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2012/11/09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2012/11/02 01:46:50 | 000,252,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
    DRV - [2012/11/02 01:46:50 | 000,081,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
    DRV - [2012/10/19 09:51:44 | 000,065,856 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
    DRV - [2012/08/25 05:25:10 | 000,022,984 | ---- | M] (Giant Matrix Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\aflfile.sys -- (aflfile)
    DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
    DRV - [2009/12/12 16:55:09 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
    DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/02 02:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 8B CB 52 6C F3 CD 01 [binary data]
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\SearchScopes\{1B936173-C109-41AC-87E3-CF99010A7496}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\SearchScopes\{4C1AABD3-18E4-47B9-9C07-44E0F7174F30}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\SearchScopes\{5C477A04-AC8E-426F-9179-F9A21E4278AA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.5.7.9
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JJ\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JJ\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/19 21:03:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/01/30 19:47:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/22 20:36:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/22 20:35:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape 7.1\Components [2011/09/15 22:01:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape 7.1\Plugins [2013/01/13 21:36:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.1\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2012/11/27 14:11:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.1\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2013/01/13 21:36:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/01/04 17:31:54 | 000,000,000 | ---D | M]

    [2013/01/22 20:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JJ\AppData\Roaming\Mozilla\Extensions
    [2013/01/24 04:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JJ\AppData\Roaming\Mozilla\Firefox\Profiles\87bwjs27.default\extensions
    [2013/01/22 20:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/13 04:30:43 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMDATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.5.7.9
    [2013/01/22 20:36:05 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/01/04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: about:blank
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: about:blank
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll

    O1 HOSTS File: ([2013/02/25 04:33:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\PeoplePC Accelerated\prpl_IePopupBlocker.dll (Propel Software Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
    O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001..\Run: [CapTrue] C:\Program Files\CapTrue\captrue.exe ()
    O4 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
    O4 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001..\Run: [MoonSpace] C:\0Extra\Space\Space.exe (MoonTown)
    O4 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001..\Run: [TweakRAM] C:\Program Files\TweakRAM2\TweakRAM.exe (Elcor Software)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\GH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
    O4 - Startup: C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (Webshots.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O7 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
    O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Download web site with Free Download Manager - C:\Program Files\Free Download Manager\dlpage.htm ()
    O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
    O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDD0648D-93A5-41FB-8EAF-925A24718BF0}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop BackupWallPaper: C:\Users\JJ\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/27 12:25:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JJ\Desktop\OTL.exe
    [2013/02/25 18:20:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/02/25 03:49:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/02/25 03:49:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/02/25 03:49:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/02/25 03:48:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/25 03:47:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/25 03:28:27 | 005,034,894 | R--- | C] (Swearware) -- C:\Users\JJ\Desktop\ComboFix.exe
    [2013/02/23 14:06:38 | 000,000,000 | ---D | C] -- C:\Users\JJ\Desktop\Fix
    [2013/02/21 17:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2013/02/21 13:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\HungryFrog
    [2013/02/21 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\JJ\Documents\HungryFrog
    [2013/02/21 13:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\HungryFrog.com LLC
    [2013/02/21 13:28:34 | 000,000,000 | ---D | C] -- C:\0Language_Mixed
    [2013/02/21 13:28:17 | 000,000,000 | ---D | C] -- C:\0Language_Others
    [2013/02/21 13:26:47 | 000,000,000 | ---D | C] -- C:\0Language_German
    [2013/02/18 19:45:39 | 000,000,000 | ---D | C] -- C:\0Language_Russian
    [2013/02/18 16:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Double Trump
    [2013/02/15 16:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9
    [2013/02/15 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\JJ\AppData\Roaming\GameHouse
    [2013/02/15 00:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\MunSoft
    [2013/02/11 23:54:21 | 000,000,000 | ---D | C] -- C:\Users\JJ\AppData\Local\Screentime
    [2013/02/11 14:11:14 | 000,000,000 | ---D | C] -- C:\Users\JJ\AppData\Roaming\Aim
    [2013/02/10 15:56:34 | 000,000,000 | ---D | C] -- C:\0Downloads_Giveaway(Game)_Skipped
    [2013/02/10 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\JJ\AppData\Roaming\Astro Gemini Software
    [2013/02/10 13:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Video to Picture
    [2013/02/07 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\JJ\Documents\Updater
    [2013/02/07 20:57:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
    [2013/02/07 19:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
    [2013/02/05 05:10:20 | 000,000,000 | ---D | C] -- C:\0GamesNotInstalled
    [2013/02/04 04:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sketch Drawer
    [2013/02/04 03:36:41 | 000,081,720 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\AntiLog32.sys
    [2013/02/04 03:36:40 | 000,000,000 | ---D | C] -- C:\Users\JJ\AppData\Local\Zemana
    [2013/02/04 03:36:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A62AB9D5-FDCF-49B1-9F0A-F80A3E614529}
    [2013/02/04 03:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\AntiLogger
    [2013/02/03 03:49:16 | 000,000,000 | ---D | C] -- C:\Users\JJ\AppData\Roaming\Sky Bros
    [2013/02/03 02:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Cash Manager
    [2013/02/01 15:30:15 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
    [2013/02/01 15:30:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70enu.dll
    [2013/02/01 15:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/28 12:40:55 | 000,069,689 | ---- | M] () -- C:\Users\JJ\Desktop\OLT_2013_02_28_12_40_54.PNG
    [2013/02/28 12:13:47 | 000,001,181 | ---- | M] () -- C:\Collections.html
    [2013/02/28 12:08:46 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/28 12:08:46 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/28 12:08:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/28 06:05:15 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/28 06:05:15 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/28 05:50:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/27 15:50:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/02/27 15:50:39 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/02/27 12:25:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JJ\Desktop\OTL.exe
    [2013/02/26 23:24:04 | 000,000,828 | ---- | M] () -- C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    [2013/02/26 05:09:54 | 000,000,006 | ---- | M] () -- C:\Users\JJ\AppData\Roaming\SmartDiarySuite.dic-sds
    [2013/02/25 15:33:16 | 000,122,880 | ---- | M] () -- C:\Users\JJ\Documents\My Diary.sd4
    [2013/02/25 04:33:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/02/25 03:28:37 | 005,034,894 | R--- | M] (Swearware) -- C:\Users\JJ\Desktop\ComboFix.exe
    [2013/02/24 20:39:21 | 000,000,024 | ---- | M] () -- C:\Windows\SOL.INI
    [2013/02/24 04:19:08 | 000,590,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/23 20:49:39 | 000,000,784 | ---- | M] () -- C:\Windows\entpack.ini
    [2013/02/21 20:56:18 | 000,009,111 | ---- | M] () -- C:\Users\JJ\Documents\0_STATICba929_59e8eabb_XXS[1].jpg
    [2013/02/21 20:56:18 | 000,008,384 | ---- | M] () -- C:\Users\JJ\Documents\0_STATIC9998f_6de1e2f2_XXS[1].jpg
    [2013/02/21 20:56:18 | 000,006,066 | ---- | M] () -- C:\Users\JJ\Documents\0_9ef88_df3da007_XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,005,592 | ---- | M] () -- C:\Users\JJ\Documents\0_7f96f_5968bc27_-1-XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,005,256 | ---- | M] () -- C:\Users\JJ\Documents\0_858a0_89f6a122_XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,003,424 | ---- | M] () -- C:\Users\JJ\Documents\0_STATIC9241d_c76af054_XXS[1].jpg
    [2013/02/21 20:56:18 | 000,003,302 | ---- | M] () -- C:\Users\JJ\Documents\0_STATIC88573_bb9eccb6_XXS[1].jpg
    [2013/02/21 20:56:18 | 000,003,003 | ---- | M] () -- C:\Users\JJ\Documents\0_STATIC80df5_71dee57b_XXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,951 | ---- | M] () -- C:\Users\JJ\Documents\0_9de5b_a62f395d_XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,796 | ---- | M] () -- C:\Users\JJ\Documents\0_STATIC8c6e6_c830a31c_XXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,660 | ---- | M] () -- C:\Users\JJ\Documents\0_3ec12_9bdb45ae_XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,372 | ---- | M] () -- C:\Users\JJ\Documents\0_83a91_13a27737_XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,296 | ---- | M] () -- C:\Users\JJ\Documents\0_ad610_c1e24de4_-1-XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,140 | ---- | M] () -- C:\Users\JJ\Documents\0_960fd_32c24e81_XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,002,106 | ---- | M] () -- C:\Users\JJ\Documents\0_1d815_16a470ec_-2-XXXS[1].jpg
    [2013/02/21 20:56:18 | 000,001,983 | ---- | M] () -- C:\Users\JJ\Documents\0_a045f_40e51112_XXXS[1].jpg
    [2013/02/21 20:56:17 | 000,003,572 | ---- | M] () -- C:\Users\JJ\Documents\0_STATIC88e65_ee7e4bf6_XXS[1].jpg
    [2013/02/21 03:06:48 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\4981f71c23880f31343a2f7095f06e07[1].htm
    [2013/02/20 18:13:41 | 000,008,192 | ---- | M] () -- C:\Users\JJ\Documents\install_flashplayer11x32axau_gtbd_chrd_dn_aih[2].exe
    [2013/02/20 15:36:04 | 000,000,184 | ---- | M] () -- C:\Users\JJ\Documents\3026_preview[1].htm
    [2013/02/20 15:36:04 | 000,000,184 | ---- | M] () -- C:\Users\JJ\Documents\3025_preview[1].htm
    [2013/02/20 15:36:04 | 000,000,184 | ---- | M] () -- C:\Users\JJ\Documents\3024_preview[1].htm
    [2013/02/20 15:36:04 | 000,000,184 | ---- | M] () -- C:\Users\JJ\Documents\3023_preview[1].htm
    [2013/02/20 15:36:04 | 000,000,184 | ---- | M] () -- C:\Users\JJ\Documents\2551_preview[1].htm
    [2013/02/20 15:36:04 | 000,000,184 | ---- | M] () -- C:\Users\JJ\Documents\2421_preview[1].htm
    [2013/02/20 12:33:31 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\Subscribe3_ru[1].swf
    [2013/02/19 15:02:36 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\revplat.wp-config[1].js
    [2013/02/19 15:02:36 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\moneta.min[1].js
    [2013/02/19 15:02:36 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\init.track-header-1.0.0[1].js
    [2013/02/18 15:38:31 | 000,000,028 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2013/02/18 14:12:03 | 000,000,828 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    [2013/02/18 04:45:30 | 000,008,192 | ---- | M] () -- C:\Users\JJ\Documents\setup(pdf-editor)[1].exe
    [2013/02/18 02:47:33 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\redirect[1].hotshot
    [2013/02/17 05:20:15 | 000,014,917 | ---- | M] () -- C:\Users\JJ\Documents\wP5vpMmh3KHvD_ufPVG5p6ky_HukfNhG5HDIOakWWQU[2].js
    [2013/02/15 14:34:47 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\rotate[1].swf
    [2013/02/15 14:34:47 | 000,000,000 | ---- | M] () -- C:\Users\JJ\Documents\mini_banner_ru[1].swf
    [2013/02/11 16:49:37 | 000,028,160 | ---- | M] () -- C:\Users\JJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/02/09 05:37:30 | 000,000,751 | ---- | M] () -- C:\Users\JJ\AppData\Roaming\AtomicAlarmClock.ini
    [2013/02/04 03:36:41 | 000,081,720 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\AntiLog32.sys
    [2013/02/03 02:34:04 | 000,000,027 | ---- | M] () -- C:\Windows\2pic.ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/28 12:40:54 | 000,069,689 | ---- | C] () -- C:\Users\JJ\Desktop\OLT_2013_02_28_12_40_54.PNG
    [2013/02/26 23:24:04 | 000,000,828 | ---- | C] () -- C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    [2013/02/25 03:49:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/02/25 03:49:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/02/25 03:49:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/02/25 03:49:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/02/25 03:49:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/02/24 20:39:21 | 000,000,024 | ---- | C] () -- C:\Windows\SOL.INI
    [2013/02/22 04:09:35 | 000,009,111 | ---- | C] () -- C:\Users\JJ\Documents\0_STATICba929_59e8eabb_XXS[1].jpg
    [2013/02/22 04:09:35 | 000,008,384 | ---- | C] () -- C:\Users\JJ\Documents\0_STATIC9998f_6de1e2f2_XXS[1].jpg
    [2013/02/22 04:09:35 | 000,003,572 | ---- | C] () -- C:\Users\JJ\Documents\0_STATIC88e65_ee7e4bf6_XXS[1].jpg
    [2013/02/22 04:09:35 | 000,003,424 | ---- | C] () -- C:\Users\JJ\Documents\0_STATIC9241d_c76af054_XXS[1].jpg
    [2013/02/22 04:09:35 | 000,003,302 | ---- | C] () -- C:\Users\JJ\Documents\0_STATIC88573_bb9eccb6_XXS[1].jpg
    [2013/02/22 04:09:35 | 000,000,184 | ---- | C] () -- C:\Users\JJ\Documents\3026_preview[1].htm
    [2013/02/22 04:09:35 | 000,000,184 | ---- | C] () -- C:\Users\JJ\Documents\3025_preview[1].htm
    [2013/02/22 04:09:35 | 000,000,184 | ---- | C] () -- C:\Users\JJ\Documents\3024_preview[1].htm
    [2013/02/22 04:09:35 | 000,000,184 | ---- | C] () -- C:\Users\JJ\Documents\3023_preview[1].htm
    [2013/02/22 04:09:35 | 000,000,184 | ---- | C] () -- C:\Users\JJ\Documents\2551_preview[1].htm
    [2013/02/22 04:09:35 | 000,000,184 | ---- | C] () -- C:\Users\JJ\Documents\2421_preview[1].htm
    [2013/02/22 04:09:35 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\4981f71c23880f31343a2f7095f06e07[1].htm
    [2013/02/22 04:09:34 | 000,014,917 | ---- | C] () -- C:\Users\JJ\Documents\wP5vpMmh3KHvD_ufPVG5p6ky_HukfNhG5HDIOakWWQU[2].js
    [2013/02/22 04:09:34 | 000,006,066 | ---- | C] () -- C:\Users\JJ\Documents\0_9ef88_df3da007_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,005,592 | ---- | C] () -- C:\Users\JJ\Documents\0_7f96f_5968bc27_-1-XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,005,256 | ---- | C] () -- C:\Users\JJ\Documents\0_858a0_89f6a122_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,003,003 | ---- | C] () -- C:\Users\JJ\Documents\0_STATIC80df5_71dee57b_XXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,951 | ---- | C] () -- C:\Users\JJ\Documents\0_9de5b_a62f395d_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,796 | ---- | C] () -- C:\Users\JJ\Documents\0_STATIC8c6e6_c830a31c_XXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,660 | ---- | C] () -- C:\Users\JJ\Documents\0_3ec12_9bdb45ae_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,372 | ---- | C] () -- C:\Users\JJ\Documents\0_83a91_13a27737_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,296 | ---- | C] () -- C:\Users\JJ\Documents\0_ad610_c1e24de4_-1-XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,140 | ---- | C] () -- C:\Users\JJ\Documents\0_960fd_32c24e81_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,002,106 | ---- | C] () -- C:\Users\JJ\Documents\0_1d815_16a470ec_-2-XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,001,983 | ---- | C] () -- C:\Users\JJ\Documents\0_a045f_40e51112_XXXS[1].jpg
    [2013/02/22 04:09:34 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\Subscribe3_ru[1].swf
    [2013/02/22 04:09:33 | 000,008,192 | ---- | C] () -- C:\Users\JJ\Documents\setup(pdf-editor)[1].exe
    [2013/02/22 04:09:33 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\rotate[1].swf
    [2013/02/22 04:09:33 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\revplat.wp-config[1].js
    [2013/02/22 04:09:33 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\redirect[1].hotshot
    [2013/02/22 04:09:33 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\moneta.min[1].js
    [2013/02/22 04:09:33 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\mini_banner_ru[1].swf
    [2013/02/22 04:09:32 | 000,008,192 | ---- | C] () -- C:\Users\JJ\Documents\install_flashplayer11x32axau_gtbd_chrd_dn_aih[2].exe
    [2013/02/22 04:09:32 | 000,000,000 | ---- | C] () -- C:\Users\JJ\Documents\init.track-header-1.0.0[1].js
    [2013/02/18 15:35:45 | 000,000,028 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2013/02/09 05:35:02 | 000,000,751 | ---- | C] () -- C:\Users\JJ\AppData\Roaming\AtomicAlarmClock.ini
    [2013/01/17 21:17:28 | 000,000,015 | ---- | C] () -- C:\Users\JJ\config.tcf
    [2013/01/16 05:53:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2013/01/08 04:56:41 | 000,000,006 | ---- | C] () -- C:\Users\JJ\AppData\Roaming\SmartDiarySuite.dic-sds
    [2012/12/02 02:00:14 | 000,000,050 | ---- | C] () -- C:\Windows\SplotchesData.ini
    [2012/11/13 23:27:12 | 000,000,014 | ---- | C] () -- C:\Windows\System32\SprHelp.dat
    [2012/11/07 02:08:54 | 000,000,132 | ---- | C] () -- C:\Users\JJ\AppData\Roaming\SecretLayer.ini
    [2012/11/03 23:01:48 | 000,000,001 | ---- | C] () -- C:\Users\JJ\AppData\Local\RawCopy.sourcedisk.index
    [2012/11/03 23:01:32 | 000,000,001 | ---- | C] () -- C:\Users\JJ\AppData\Local\RawCopy.1.02.agreement
    [2012/10/31 00:57:12 | 000,000,084 | ---- | C] () -- C:\Windows\netdet.ini
    [2012/10/29 16:44:56 | 000,315,392 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
    [2012/10/14 04:02:14 | 000,157,696 | ---- | C] () -- C:\Windows\System32\OggEnc.exe
    [2012/10/14 04:02:14 | 000,076,800 | ---- | C] () -- C:\Windows\System32\Faac.exe
    [2012/10/14 04:02:13 | 000,145,408 | ---- | C] () -- C:\Windows\System32\Lame.exe
    [2012/10/14 04:02:09 | 000,131,072 | ---- | C] () -- C:\Windows\System32\azcontextmenu.dll
    [2012/09/05 13:30:45 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
    [2012/09/05 13:30:15 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
    [2012/09/01 15:28:10 | 000,000,445 | ---- | C] () -- C:\Windows\EntPack.dat
    [2012/09/01 15:18:40 | 000,000,784 | ---- | C] () -- C:\Windows\entpack.ini
    [2012/08/06 15:33:11 | 000,015,620 | ---- | C] () -- C:\Windows\System32\SystemRs120.f.SYS
    [2012/07/31 00:59:29 | 000,000,007 | ---- | C] () -- C:\Windows\sysres12.dat
    [2012/03/31 15:11:05 | 000,000,410 | ---- | C] () -- C:\Windows\COOK'N5.INI
    [2011/12/13 20:45:48 | 000,000,102 | -HS- | C] () -- C:\Users\JJ\AppData\Local\00000021
    [2011/11/28 06:19:14 | 000,015,620 | ---- | C] () -- C:\Windows\System32\SystemRs11.sm.SYS
    [2011/11/14 14:44:38 | 000,000,125 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/11/02 18:28:19 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
    [2011/11/02 18:28:19 | 000,000,046 | ---- | C] () -- C:\Users\JJ\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
    [2011/11/01 15:21:08 | 000,000,102 | -HS- | C] () -- C:\Users\JJ\AppData\Local\00000127
    [2011/10/24 22:29:33 | 000,000,027 | ---- | C] () -- C:\Windows\2pic.ini
    [2011/10/15 12:42:45 | 000,000,552 | ---- | C] () -- C:\Users\JJ\AppData\Local\d3d8caps.dat
    [2011/04/26 12:02:16 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2011/03/05 17:28:46 | 000,000,000 | ---- | C] () -- C:\Users\JJ\.gtk-bookmarks
    [2011/03/05 17:26:42 | 000,731,155 | ---- | C] () -- C:\Users\JJ\.fonts.cache-1
    [2010/12/17 17:15:02 | 000,016,690 | ---- | C] () -- C:\Users\JJ\AppData\Roaming\wklnhst.dat
    [2010/10/31 04:09:49 | 000,001,940 | ---- | C] () -- C:\Users\JJ\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/12/05 03:32:59 | 000,028,160 | ---- | C] () -- C:\Users\JJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2002/07/01 09:13:30 | 000,000,243 | -HS- | C] () -- C:\Users\JJ\AppData\Roaming\system16driver.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/07/16 01:21:37 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Auslogics
    [2012/11/12 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Free Download Manager
    [2009/12/10 01:27:38 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Free Upload Manager
    [2011/04/09 12:41:56 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Image Zone Express
    [2010/12/21 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Islands
    [2010/05/05 00:39:42 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\LockHunter
    [2007/10/29 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Netscape
    [2008/09/16 01:36:45 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\pdf995
    [2010/01/19 03:11:30 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Playrix Entertainment
    [2009/12/11 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Printer Info Cache
    [2009/03/18 13:06:20 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\TaxCut
    [2012/11/12 22:56:17 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\TERMINAL Studio
    [2008/05/30 18:07:38 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\Webshots
    [2010/08/17 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\WinPatrol
    [2010/06/08 01:19:14 | 000,000,000 | ---D | M] -- C:\Users\GH\AppData\Roaming\YoudaGames
    [2012/08/20 22:30:01 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\1-abc
    [2010/04/25 13:06:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\acccore
    [2011/06/17 12:54:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Age of Japan
    [2011/06/24 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Age of Japan II
    [2013/02/11 14:11:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Aim
    [2013/01/20 04:05:47 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Alawar
    [2012/10/14 03:32:26 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\AlawarSouthpoint
    [2012/12/12 06:01:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\ArcticLine
    [2011/10/26 13:29:11 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Ashampoo
    [2011/09/30 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Ashtons Family Resort
    [2013/02/10 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Astro Gemini Software
    [2012/09/28 01:47:57 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Auslogics
    [2013/02/10 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Awem
    [2012/09/08 14:28:52 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\BackupSF
    [2012/12/25 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\BeachPartyCraze
    [2012/07/10 13:01:08 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Beyond Share
    [2012/01/31 14:50:47 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\BlitzCards
    [2012/09/05 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Boolat Games
    [2011/05/14 03:36:11 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Catalina Marketing Corp
    [2012/08/17 16:49:29 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\CheckPoint
    [2012/03/15 23:03:59 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\ChemTable Software
    [2012/12/22 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Chronoclasm Chronicles
    [2012/05/07 12:45:19 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Chrysanth
    [2012/08/14 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\com.limitlessprojects.sessionplannerprogotd
    [2011/11/02 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\DonationCoder
    [2012/01/23 13:05:51 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Dropbox
    [2011/05/09 16:17:06 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\ElementalsTheMagicKey
    [2011/01/12 16:22:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\elvesinc
    [2012/09/30 11:27:09 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\EnchantedCavern
    [2012/12/11 06:00:01 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Engelmann Media
    [2013/02/27 15:10:01 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Free Download Manager
    [2012/12/24 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Free Upload Manager
    [2013/02/17 16:17:00 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\GameHouse
    [2012/11/06 00:18:31 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\GirlsWithSecretsAdventure
    [2013/01/08 05:05:43 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Glarysoft Giveaway
    [2012/07/15 23:00:17 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\gsn
    [2012/11/07 19:34:05 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Hornil
    [2013/02/26 16:30:46 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Image Zone Express
    [2012/10/02 11:36:34 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\IObit
    [2011/02/23 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Islands
    [2011/11/15 02:49:27 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Islands3
    [2012/11/03 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\island_tribe_4_realore_demo_en
    [2011/09/16 16:07:26 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Janes_Realty
    [2012/10/20 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Jarte
    [2011/03/04 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Jasc
    [2012/07/29 15:23:10 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\JetPaste
    [2011/11/03 03:26:16 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\JQ
    [2012/11/27 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\KC Softwares
    [2012/08/14 02:35:51 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Kingsoft
    [2011/12/25 19:55:48 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\LifeSniffer
    [2012/12/03 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Light Developer
    [2010/04/08 02:44:35 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\LockHunter
    [2012/10/06 12:22:26 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\M8 Software
    [2012/11/08 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Magic Collage
    [2012/09/04 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\MagicMatch
    [2013/01/20 04:57:55 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\MAGIX
    [2013/01/15 05:43:44 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\MahJong Suite
    [2012/11/08 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\mojosoft
    [2012/04/15 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Mystery of Mortlake Mansion
    [2011/09/07 16:39:24 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Nithin Philips
    [2012/06/08 18:05:46 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\northerntale
    [2011/12/26 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Opera
    [2012/12/24 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\PearlMountain
    [2012/05/17 13:22:05 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\PhoXo
    [2012/10/26 16:43:37 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\PhraseExpander
    [2011/06/03 18:43:47 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Pirate Stories Kit Ellis
    [2013/01/27 03:57:15 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\PlayFirst
    [2010/01/15 16:15:49 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Playrix Entertainment
    [2009/12/21 02:48:12 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Printer Info Cache
    [2012/01/05 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\ProcessLasso
    [2011/08/12 22:42:18 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Productivity Scientific GTD Timer
    [2011/03/26 22:11:31 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\RunningPillow
    [2012/10/10 04:45:14 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Sahmon Games
    [2012/12/10 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Serif
    [2013/02/03 03:49:16 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Sky Bros
    [2011/12/26 00:48:46 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Software Informer
    [2013/02/28 05:39:22 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\SpringPublisher
    [2012/09/04 19:40:06 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\StoneLoops
    [2012/11/05 23:47:49 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Tape_Worm
    [2012/03/31 14:49:58 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\TaxCut
    [2010/12/17 17:17:18 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Template
    [2012/10/27 04:54:40 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\TERMINAL Studio
    [2011/10/14 14:22:13 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Turtle Odyssey II
    [2012/12/25 06:29:56 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\URSE Games
    [2012/11/08 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\VOS
    [2009/12/09 17:53:23 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Webshots
    [2012/12/15 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\WildTangent
    [2010/05/24 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\WinPatrol
    [2012/07/30 13:14:26 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\www.shadowexplorer.com
    [2011/12/26 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\X-Setup Pro
    [2011/08/19 16:37:39 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\Xmas Blox
    [2012/04/21 03:18:28 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\XUSSoft
    [2013/01/17 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\XYplorer
    [2010/06/07 17:48:00 | 000,000,000 | ---D | M] -- C:\Users\JJ\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 971 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BFNVJLG4H5L64RGPT0RGN05P6GTGFSVF7JBCVP4GF
    @Alternate Data Stream - 971 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_SBXNV9VVGV1BF1WJKF1EV0KY6VS6YKVNKT0K46FFSVF7JBCVPJGF
    @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFNVJLG4H5L64RGPT0RGN05P6GTGFSVF7JBCVP4GF
    @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1WJKF1EV0KY6VS6YKVNKT0K46FFSVF7JBCVPJGF
    @Alternate Data Stream - 268 bytes -> C:\Users\JJ\Application Data:iSpring Converter 6
    @Alternate Data Stream - 268 bytes -> C:\ProgramData\Application Data:iSpring Converter 6
    @Alternate Data Stream - 268 bytes -> C:\ProgramData:iSpring Converter 6
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:62E11BF2
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:B1CD2545
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F8B88761
    @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:D26B6B0A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89CC7FD8
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:26205E86
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C434694E
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:289A69FA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:023F0743
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2DB43EC8
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E34D8C45
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A7BB14FC
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0D5573C6
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1961B293
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EB485B25

    < End of report >
    OTL Extras logfile created on: 2/28/2013 12:18:58 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JJ\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1014.64 Mb Total Physical Memory | 118.84 Mb Available Physical Memory | 11.71% Memory free
    2.42 Gb Paging File | 1.52 Gb Available in Paging File | 62.51% Paging File free
    Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 141.96 Gb Total Space | 3.29 Gb Free Space | 2.32% Space Free | Partition Type: NTFS
    Drive D: | 7.09 Gb Total Space | 0.88 Gb Free Space | 12.36% Space Free | Partition Type: NTFS

    Computer Name: JJ-PC | User Name: JJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\program files\opera\Opera.exe (Opera Software)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\program files\opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [vxsearchpro] -- C:\Program Files\VX Search Pro\bin\sppshex.exe vxsearchpro search "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{69B56D9B-98CC-4B88-B2CA-27AC352CF1A7}" = lport=80 | protocol=6 | dir=in | name=http |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{028191B2-92F9-4632-837C-D9FA0E5A933F}" = protocol=17 | dir=in | app=c:\users\jj\appdata\local\temp\7zsd43f.tmp\symnrt.exe |
    "{06E840A2-C1F7-4ED0-B552-F701B66ECC72}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
    "{0E62568E-0C52-4D6F-8BAE-A96809F2A023}" = protocol=17 | dir=in | app=c:\program files\pogo games2\pogodgc.exe |
    "{11058AEE-055C-4128-8607-92B0882EE62F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{1DB75B89-65D7-4B55-B521-10D62F5F232A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{219FB47A-2447-4F7C-9980-5F850F596BC2}" = protocol=6 | dir=in | app=c:\users\jj\appdata\local\temp\7zs952.tmp\symnrt.exe |
    "{2C0AB7D0-B166-40C8-8A51-52F3C7C51C0E}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
    "{4347C001-77E4-42A9-9E12-487CAE967136}" = protocol=6 | dir=in | app=c:\users\jj\appdata\local\temp\7zsd43f.tmp\symnrt.exe |
    "{45A174BC-E44B-4492-8187-1A577A14FB70}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{45E9DE34-0322-4CA0-9130-6C27DBCA6832}" = dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections |
    "{4E7B12B0-507D-4894-90A3-63F3D1FCD51B}" = protocol=17 | dir=in | app=c:\users\jj\appdata\local\temp\7zs3939.tmp\symnrt.exe |
    "{4F41E6F5-0222-4279-9503-6F748054E3F6}" = protocol=6 | dir=in | app=c:\program files\pogo games2\pogodgc.exe |
    "{542654E3-6EA8-4977-AC7A-0DF96ACEF212}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
    "{659BBD96-EE0D-4A48-86E0-7C0E9976C412}" = protocol=17 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
    "{6B83F0A2-4BA0-4822-B48C-C8D5417BB439}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6C432E66-151C-4FCF-8917-4D9800A853A4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{6D942389-C9F6-400B-AC44-6AAC40BCEF91}" = protocol=6 | dir=in | app=c:\users\jj\appdata\local\temp\7zs5e35.tmp\symnrt.exe |
    "{6DA2E971-3E30-4BA0-B571-555E6348DCC5}" = protocol=6 | dir=in | app=c:\program files\pogo games2\webupdater.exe |
    "{715E8F75-F977-4FA4-8802-F8451D3EB795}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{73AE18E3-332F-470E-882B-68967AD5E4A0}" = protocol=17 | dir=in | app=c:\users\jj\appdata\local\temp\7zs5e35.tmp\symnrt.exe |
    "{7728A916-0379-4171-94EE-4E3262F856C1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{78F05EEC-0043-4B24-90FF-6E55FD0F5DEC}" = dir=in | app=c:\program files\kooraroo media\kooraroomediaserver.exe |
    "{7C89F383-1A2F-49DC-988E-99C42316B54D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{853C8D1A-0A3A-4189-BB00-2B484700E93C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{86C6061D-9716-4723-8FB8-57CB74EA6CAD}" = dir=in | app=c:\program files\kooraroo media\kooraroomedia.exe |
    "{8A0860EC-E5C0-4EC0-B1A7-05019F4D3552}" = protocol=6 | dir=in | app=c:\users\jj\appdata\local\temp\7zs3939.tmp\symnrt.exe |
    "{8CB5755E-85D3-429B-8159-75ADD0E3FEB2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{929E58CA-2EEA-4FC9-9DEB-6F292734440C}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |
    "{94FCCCE9-3EA7-492F-98FD-0C3A8B9D856F}" = protocol=17 | dir=in | app=c:\program files\pogo games2\webupdater.exe |
    "{95F6A82D-DC73-4C3F-9ADB-B6CE8B99FAF4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A6811A04-0F2B-48A9-BA02-8254E5F61ABA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{B9BD7852-27EE-40DD-871A-FAA151BD67F3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{C0E9B8B4-4F1C-433C-96C5-779C8174E2AB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{C47BE193-D343-4655-BB24-4C30EC396559}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C9F0E258-2A37-42A4-9ABD-32E14C940F93}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{E0ACFD0B-88B9-49D1-A5F9-6E3071EBA458}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{E59D4C24-D2FE-4DA9-8FC2-97B778464ED3}" = protocol=17 | dir=in | app=c:\users\jj\appdata\local\temp\7zs952.tmp\symnrt.exe |
    "{ED887C25-94D6-4DCD-82D2-A1B7DD57D696}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{F69BAB91-AC17-454C-A321-C77643233868}" = protocol=6 | dir=in | app=c:\program files\compaq connections\3572475\program\compaq connections.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
    "{02AE1EE4-5205-47BF-8FF7-F26D3D332B61}" = Microsoft Greetings 2001
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1" = BusinessCards MX
    "{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
    "{1C78055D-F54D-46F4-9A51-19E3CF6BB20E}" = Xara Xtreme 5
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{33311EA4-0ECA-4E7F-83E5-8A92CD760152}" = Serif DrawPlus Starter Edition
    "{369e5055-e485-4b9d-adbc-de53a8f8ed81}.sdb" = Premium Booster (Vista)
    "{37C88389-8B5F-4F45-8963-9E091D2EF3D3}" = GTD Timer
    "{39AD1D17-7D06-499E-BC78-F54D4DB93D22}" = SpringPublisher
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
    "{3DE28B26-A895-4936-ACD0-A91D4CF31A6C}_is1" = Doronix Math ToolBox version 1.0.3
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{4513F5ED-302D-437D-9E62-975424834CCF}" = Hungry_Frog_Software
    "{456B239A-C1E0-4178-810E-8E8F09B06877}_is1" = Aidfile recovery software professional version 3.5.0.0
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DB9864C-7646-4D4D-94E4-7AE6A1253EA0}" = AT&T Digital Directories - Winston-Salem, NC
    "{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4.7.4.0
    "{4E84R4BC-F3G3-4H97-A0DF-C38DR5D0N93D}_is1" = DesignBox version 1.06.02
    "{5264E937-B015-11D2-8C0E-00C04FBBCFF9}" = Microsoft Greetings 2000
    "{543B24A5-A285-4FE0-AD7B-2F0E49247AF9}" = Greeting Card Factory Express Workshop
    "{54E6E975-E089-4575-BD33-64DC10022D46}" = Magic Collage
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5BDCCFA2-43E0-45CD-ABE4-B05FA9FF9F2B}" = PC Tutor™ Learn Windows Vista™
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}" = Microsoft_VC100_CRT_x86
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73C038E2-A4E9-4142-9716-48045D1E9255}_is1" = DayMate
    "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
    "{764af927-60a3-4e31-90cb-3b1facff4d87}.sdb" = Premium Booster's Scheduler
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{8CA0441B-5858-477E-A731-DB56BAF84B66}" = SlimPublisher
    "{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Hex Editor Neo 5.13
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91F8441B-E7A7-4513-9D7C-080B643D2FD6}_is1" = PresentationTube Recorder 1.0
    "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
    "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A0765939-76F5-48D8-82B1-8D0BBFAD0702}" = Serif PhotoPlus Starter Edition
    "{A61AE368-B88C-414C-9118-503EECFC3AC8}_is1" = Photo Toolbox for Windows version 1.7.4.5
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
    "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1" = Auslogics Disk Defrag Professional
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
    "{BB7DECBC-52E2-4890-A727-3CCABF986BD1}" = Folder Size & Analyze Professional
    "{BC45995A-7451-430C-9779-5FF455E710D9}_is1" = RoboTask
    "{C3208FCF-EAF5-43EE-972B-812DEA54FC72}_is1" = 1AVCenter version 2.3.1.21
    "{C34BCD5E-5898-4572-93B7-C143F5A9F527}_is1" = Maple Professional
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X3
    "{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
    "{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}" = HP Total Care Advisor
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
    "{D9C57555-4F3C-416A-9BF7-6AD11621E318}" = Namosofts Data Recovery 2
    "{DD2FEA6F-5AC2-46B2-0001-C2A0C077FD2C}" = Simply Good Pictures 2
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE
    "{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
    "{E97A8C79-C035-4964-9DF5-B7B6D243A18C}_is1" = Sothink Logo Maker Special
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5593F5B-B3A9-40CB-BB69-8190675F8DD9}_is1" = AntiPhotoSpy 2012
    "{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
    "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
    "1-abc.net Duplicate Finder" = 1-abc.net Duplicate Finder (Remove only)
    "2 Pic" = 2 Pic
    "25 Clips" = 25 Clips
    "5b385c84-0856-491f-a993-4151bf256af6" = Bull Run Fever
    "A+FolderLocker_is1" = A+ Folder Locker 1.0.1
    "ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
    "AC970D9B-E5C8-44D8-910B-D763DDF6D32A_is1" = Chrysanth Diary [Starter]
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Advanced Diary_is1" = Advanced Diary v1.3
    "AIM Toolbar" = AIM Toolbar
    "AIM_6" = AIM 6
    "Alchemy and Bejeweled Pack" = Alchemy and Bejeweled Pack
    "All My Gods_is1" = All My Gods
    "AllMySongs Database2.2" = AllMySongs Database
    "Amazon Kindle" = Amazon Kindle
    "Aml Pages" = Aml Pages 9.35
    "AntiLogger" = AntiLogger
    "AnVir Task Manager" = AnVir Task Manager
    "Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.21
    "Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.12
    "Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.5.0
    "Ashampoo Undeleter_is1" = Ashampoo Undeleter v.1.1.0
    "Ashtons Family Resort_is1" = Ashtons Family Resort
    "Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
    "Beyond Share_is1" = Beyond Share 2.1.8.68
    "Blitz FlashCards (GOTD Version)" = Blitz FlashCards (GOTD Version) (remove only)
    "Brickshooter Egypt_is1" = Brickshooter Egypt 1.0
    "Call of Atlantis_is1" = Call of Atlantis
    "CapTrue" = CapTrue
    "Christmas Eve 3D Screensaver_is1" = Christmas Eve 3D Screensaver 1.0
    "CleverPrint_is1" = CleverPrint
    "Clickie" = Clickie
    "Cloud System Booster" = Cloud System Booster
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cook'n Recipe Organizer" = Cook'n Recipe Organizer
    "Copy Move To Extensions" = Copy/Move To Extensions
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
    "Dark Calendar_is1" = Dark Calendar version 1.9
    "Desktop Icon Toy_is1" = Desktop Icon Toy 4.6
    "Digital Diary_is1" = Digital Diary 4.6
    "DiskBoss Pro" = DiskBoss Pro 2.0.16
    "dpeg_Cicada" = dpeg Cicada
    "Easy Drive Data Recovery" = Easy Drive Data Recovery
    "Elves Inc_is1" = Elves Inc
    "Enigma Virtual Box_is1" = Enigma Virtual Box v5.40 Build 20121018
    "Eraser" = Eraser
    "FBM PDF Converter_is1" = FBM PDF Converter
    "FileStream Turbo Browser" = FileStream Turbo Browser
    "FileStream Web Boomerang" = FileStream Web Boomerang
    "Flash Card Master" = Flash Card Master
    "Flash Movie Player" = Flash Movie Player 1.5
    "FLVPlayer" = FLV Player 1.3.3
    "Focus Photoeditor_is1" = Focus Photoeditor 6.3.9.8 SE
    "Free Download Manager_is1" = Free Download Manager 3.9.2
    "Golden Autumn 3D Screensaver_is1" = Golden Autumn 3D Screensaver 1.0
    "Google Chrome" = Google Chrome
    "GridinSoft Notepad" = GridinSoft Notepad
    "Halotea" = Halotea v1.061
    "Halotea Lite" = Halotea Lite v1.105
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
    "HPOOVClient-3572475 Uninstaller" = Compaq Connections (remove only)
    "HTMLKit_is1" = HTML-Kit
    "iCare Card Recovery Pro_is1" = iCare Card Recovery Pro 2.0
    "iDailyDiary_is1" = iDailyDiary 3.41
    "Insaniquarium Deluxe 1.1" = Insaniquarium Deluxe 1.1
    "iPixSoft Flash Slideshow Creator_is1" = iPixSoft Flash Slideshow Creator (4.0.0.1)
    "iPixSoft SWF to Video Converter_is1" = iPixSoft SWF to Video Converter (1.6.2.0)
    "IrfanView" = IrfanView (remove only)
    "Island Tribe 4_is1" = Island Tribe 4
    "Island_Tribe_is1" = Island_Tribe
    "Islands_is1" = Islands
    "Jet Screenshot_is1" = Jet Screenshot v 3.0.1
    "Jewel Quest Mysteries 2 Trail of the Midnight Heart" = Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
    "KC Softwares AVIToolbox_is1" = KC Softwares AVIToolbox
    "Kingsoft Presentation" = Kingsoft Presentation (8.1.0.3019)
    "Kit and Ellis_is1" = Kit and Ellis
    "LaunchMate" = LaunchMate
    "Light Developer_is1" = Light Developer v7.1, build 12452
    "LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
    "LS-815EE836-7F81-47A9-8C3F-123C58F89CAE_is1" = Lazesoft Data Recovery version 3.2 Professional Edition
    "MAGIX_{1C78055D-F54D-46F4-9A51-19E3CF6BB20E}" = Xara Xtreme 5
    "MahJong Suite_is1" = MahJong Suite 2012 v9.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP3 Tag Express 6.8.5" = MP3 Tag Express 6.8.5
    "MSC" = McAfee Total Protection
    "Netscape (7.1)" = Netscape (7.1)
    "Netscape Navigator (9.0.0.1)" = Netscape Navigator (9.0.0.1)
    "Opera 12.14.1738" = Opera 12.14
    "OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
    "Ozzy Bubbles_is1" = Ozzy Bubbles
    "PaintSupreme 1.1" = PaintSupreme
    "PC Fresh_is1" = PC Fresh
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PDF Protector Splitter and Merger v1.0" = PDF Protector Splitter and Merger v1.0
    "Pdf995" = Pdf995 (installed by TaxCut)
    "PdfEdit995" = PdfEdit995 (installed by TaxCut)
    "PeoplePC Online" = PeoplePC Online
    "Photo Cutter_is1" = Photo Cutter 1.0
    "PhoXo" = PhoXo
    "Premium Booster" = Premium Booster
    "ProcessLasso" = Process Lasso
    "Rapture's King Sol" = Rapture's King Sol
    "RealPlayer 12.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "ShadowExplorer_is1" = ShadowExplorer 0.8
    "Shockwave" = Shockwave
    "Sketch Drawer_is1" = Sketch Drawer 1.1
    "SmartSleep_is1" = SmartSleep 3.62
    "Softdiv PDF to Image Converter_is1" = Softdiv PDF to Image Converter 1.1
    "Software Informer_is1" = Software Informer 1.1
    "SokobanPP" = Sokoban++ (remove only)
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
    "ST6UNST #1" = Double Solitaire
    "SysResources Manager11.2" = SysResources Manager
    "SysResources Manager12.0" = SysResources Manager
    "ThunderSoft Flash Slideshow Factory_is1" = ThunderSoft Flash Slideshow Factory (2.8.2.0)
    "TinyCars2_is1" = TinyCars2
    "Treasure Of Persia_is1" = Treasure Of Persia
    "Turtle Odyssey 2_is1" = Turtle Odyssey 2
    "Turtle Odyssey_is1" = Turtle Odyssey
    "TweakRAM" = TweakRAM
    "TwistedBrush" = TwistedBrush
    "Unlocker" = Unlocker 1.8.5
    "VX Search Pro" = VX Search Pro 3.4.38
    "Webshots Desktop_is1" = Webshots Desktop
    "WildTangent hpdesktop Master Uninstall" = My HP Games
    "WinPatrol" = WinPatrol 2008
    "WinRAR archiver" = WinRAR archiver
    "WinSysClean X3" = WinSysClean X3
    "Winter 3D Screensaver_is1" = Winter 3D Screensaver 1.0
    "WinZip" = WinZip
    "WMV9_VCM" = Microsoft Windows Media Video 9 VCM
    "Wondershare DVD Creator_is1" = Wondershare DVD Creator(Build 2.6.5)
    "World Mosaics 3: Fairy Tales" = World Mosaics 3: Fairy Tales (remove only)
    "X mas Blox_is1" = X mas Blox
    "xqdcXSP_is1" = XQDC X-Setup Pro 9.2.100
    "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "Youda Fairy_is1" = Youda Fairy
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1336639222-2632254384-3752122086-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GUnzip" = GUnzip
    "SugarSync" = SugarSync Manager
    "TwistedBrush Pro Studio" = TwistedBrush Pro Studio

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/2/2013 8:37:42 PM | Computer Name = JJ-PC | Source = Application Error | ID = 1000
    Description = Faulting application SDS4.exe, version 4.7.4.0, time stamp 0x50b580e9,
    faulting module SDS4.exe, version 4.7.4.0, time stamp 0x50b580e9, exception code
    0xc0000005, fault offset 0x00044c09, process id 0x131c, application start time 0x01ce019a9325278f.

    Error - 2/3/2013 9:55:16 PM | Computer Name = JJ-PC | Source = Application Error | ID = 1000
    Description = Faulting application SDS4.exe, version 4.7.4.0, time stamp 0x50b580e9,
    faulting module SDS4.exe, version 4.7.4.0, time stamp 0x50b580e9, exception code
    0xc0000005, fault offset 0x00044c09, process id 0xdf8, application start time 0x01ce024f6b98aad5.

    Error - 2/7/2013 6:54:18 AM | Computer Name = JJ-PC | Source = Application Error | ID = 1000
    Description = Faulting application webshots.scr, version 3.0.0.7231, time stamp
    0x4725ed6c, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x00000000, process id 0x5a4, application start time
    0x01ce052128e34910.

    Error - 2/11/2013 5:52:02 PM | Computer Name = JJ-PC | Source = MsiInstaller | ID = 11706
    Description =

    Error - 2/15/2013 7:15:39 AM | Computer Name = JJ-PC | Source = AVLogEvent | ID = 5003
    Description = McShield encountered error while stopping. Error Code:a7f40610

    Error - 2/19/2013 7:06:01 AM | Computer Name = JJ-PC | Source = Application Error | ID = 1000
    Description = Faulting application f0016000.exe, version 0.0.0.0, time stamp 0x47e7392c,
    faulting module f0016000.exe, version 0.0.0.0, time stamp 0x47e7392c, exception
    code 0xc0000005, fault offset 0x00030d27, process id 0x108b8, application start
    time 0x01ce0e911a06ef80.

    Error - 2/20/2013 12:59:01 PM | Computer Name = JJ-PC | Source = Application Error | ID = 1000
    Description = Faulting application rhapsody.exe, version 4.0.0.893, time stamp 0x45835190,
    faulting module pdge3260.dll, version 6.0.12.4354, time stamp 0x45636468, exception
    code 0xc0000005, fault offset 0x0013f90c, process id 0x7bd4, application start time
    0x01ce0f8b7f9929d0.

    Error - 2/22/2013 6:40:26 AM | Computer Name = JJ-PC | Source = Perflib | ID = 1010
    Description =

    Error - 2/23/2013 2:48:04 PM | Computer Name = JJ-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\0Downloads_All\CCleaner3.14\3.15\CCleaner64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/23/2013 7:35:04 PM | Computer Name = JJ-PC | Source = Application Error | ID = 1000
    Description = Faulting application webshots.scr, version 3.0.0.7231, time stamp
    0x4725ed6c, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x00000000, process id 0xf90, application start time
    0x01ce121dfb09a834.

    Error - 2/24/2013 9:14:03 PM | Computer Name = JJ-PC | Source = MsiInstaller | ID = 11706
    Description =

    [ System Events ]
    Error - 2/28/2013 1:04:44 AM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2/28/2013 1:04:44 AM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2/28/2013 1:04:44 AM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/28/2013 1:06:04 AM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/28/2013 1:08:20 AM | Computer Name = JJ-PC | Source = DCOM | ID = 10010
    Description =

    Error - 2/28/2013 1:09:48 PM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2/28/2013 1:09:48 PM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7001
    Description =

    Error - 2/28/2013 1:09:48 PM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 2/28/2013 1:11:03 PM | Computer Name = JJ-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/28/2013 1:50:48 PM | Computer Name = JJ-PC | Source = BROWSER | ID = 8032
    Description =


    < End of report >
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    Do you know what the following entry from OTL relates to, do you recognize it?

    PRC - [2005/01/20 14:20:30 | 000,553,476 | ---- | M] (MoonTown) -- C:\0Extra\Space\Space.exe

    If you do not know what it is upload to VirusTotal for analysis....

    Go to http://www.virustotal.com/
    • Click the Browse... button
    • Navigate to the file C:\0Extra\Space\Space.exe or just copy/paste it in.
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.
     
  13. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    Yes! It's a tiny little program that I've used for years to show the amount of disk space available on your computer. I love it, because it only does the one thing I wanted such a program to do and it's never been a problem so I doubt it is now? It doesn't seem to be available anymore - the site seems to be gone. I see it's still listed in Wayback Machine. It doesn't seem dangerous.

    http://web.archive.org/web/20050827193307/http://www.moontown.net/products/space.php.

    Do I need to check it since I know what it is? I use it every day, it's always up on the screen, and I always used it on an older computer too (98)
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,371
    First Name:
    Kevin
    No need to check if you know what it is, I just didn`t recognize it and could not find any info about it... Back shortly, just looking through the logs...
     
  15. SilveryMoon

    SilveryMoon Thread Starter

    Joined:
    Jul 13, 2009
    Messages:
    25
    I've checked it anyway. It looks fine:
    SHA256: 737f77c8a855589072928ab6d6bfaa8def9fb600800c875b12b23745244de590
    SHA1: 7ecf5ac42551ce4dc6d9db189204dc51c18982bf
    MD5: 18fa66b1a2da387757b50a6afda84ab9
    File size: 540.5 KB ( 553476 bytes )
    File name: Space.exe
    File type: Win32 EXE
    Detection ratio: 0 / 46
    Analysis date: 2013-02-28 21:01:24 UTC ( 0 minutes ago )



    Antivirus Result Update
    Agnitum - 20130228
    AhnLab-V3 - 20130228
    AntiVir - 20130228
    Antiy-AVL - 20130228
    Avast - 20130228
    AVG - 20130228
    BitDefender - 20130228
    ByteHero - 20130227
    CAT-QuickHeal - 20130228
    ClamAV - 20130228
    Commtouch - 20130228
    Comodo - 20130228
    DrWeb - 20130228
    Emsisoft - 20130228
    eSafe - 20130211
    ESET-NOD32 - 20130228
    F-Prot - 20130228
    F-Secure - 20130228
    Fortinet - 20130228
    GData - 20130228
    Ikarus - 20130226
    Jiangmin - 20130228
    K7AntiVirus - 20130228
    Kaspersky - 20130228
    Kingsoft - 20130225
    Malwarebytes - 20130228
    McAfee - 20130228
    McAfee-GW-Edition - 20130228
    Microsoft - 20130228
    MicroWorld-eScan - 20130228
    NANO-Antivirus - 20130228
    Norman - 20130228
    nProtect - 20130228
    Panda - 20130228
    PCTools - 20130225
    Rising - 20130228
    Sophos - 20130228
    SUPERAntiSpyware - 20130228
    Symantec - 20130228
    TheHacker - 20130228
    TotalDefense - 20130228
    TrendMicro - 20130228
    TrendMicro-HouseCall - 20130228
    VBA32 - 20130228
    VIPRE - 20130228
    ViRobot - 20130228

    SHA256: 737f77c8a855589072928ab6d6bfaa8def9fb600800c875b12b23745244de590
    SHA1: 7ecf5ac42551ce4dc6d9db189204dc51c18982bf
    MD5: 18fa66b1a2da387757b50a6afda84ab9
    File size: 540.5 KB ( 553476 bytes )
    File name: Space.exe
    File type: Win32 EXE
    Detection ratio: 0 / 46
    Analysis date: 2013-02-28 21:01:24 UTC ( 0 minutes ago )
    0 0
    Less details
    Analysis
    Additional information
    Comments
    Votes
    ssdeep
    12288:sNu7ztGE4tMEZL5VA3V32n1S+hhoE0lO7p:sNSzF42ML5VACM0u49
    TrID
    Win32 Executable Borland Delphi 7 (47.1%)
    Win32 Executable Borland Delphi 5 (31.7%)
    Win32 Executable Borland Delphi 6 (18.4%)
    Win32 Executable Delphi generic (1.0%)
    Win32 Executable Generic (0.6%)
    ExifTool
    CodeSize.................: 465920
    SubsystemVersion.........: 4.0
    Comments.................: Space is freeware
    InitializedDataSize......: 86528
    ImageVersion.............: 0.0
    ProductName..............: Space 1.9
    FileVersionNumber........: 1.9.8.189
    UninitializedDataSize....: 0
    Website..................: www.moontown.net
    LanguageCode.............: Danish
    FileFlagsMask............: 0x003f
    CharacterSet.............: Windows, Latin1
    LinkerVersion............: 2.25
    OriginalFilename.........:
    MIMEType.................: application/octet-stream
    Subsystem................: Windows GUI
    FileVersion..............: 1.9.8.189
    TimeStamp................: 1992:06:19 23:22:17+01:00
    FileType.................: Win32 EXE
    PEType...................: PE32
    InternalName.............:
    ProductVersion...........: 1.9
    FileDescription..........: Single exe proggy showing free disc
    OSVersion................: 4.0
    FileOS...................: Win32
    LegalCopyright...........: Copyright MoonTown 2000 - 2001
    MachineType..............: Intel 386 or later, and compatibles
    CompanyName..............: MoonTown
    LegalTrademarks..........: Space
    FileSubtype..............: 0
    ProductVersionNumber.....: 1.9.8.189
    EntryPoint...............: 0x72a28
    ObjectFileType...........: Executable application
    Sigcheck
    publisher................: MoonTown
    product..................: Space 1.9
    description..............: Single exe proggy showing free disc
    file version.............: 1.9.8.189
    comments.................: Space is freeware
    copyright................: Copyright MoonTown 2000 - 2001
    Portable Executable structural information
    Compilation timedatestamp.....: 1992-06-19 22:22:17
    Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
    Entry point address...........: 0x00072A28

    PE Sections...................:

    Name Virtual Address Virtual Size Raw Size Entropy MD5
    CODE 4096 465680 465920 6.52 8f34eb49fdce586b96ff59b3c14fa96a
    DATA 471040 4808 5120 3.76 46ae2375b2a9fc1ca4bfe537ea9c3d62
    BSS 479232 3641 0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .idata 483328 9118 9216 4.90 54449fe629f745b78cbf5e5922b02db8
    .tls 495616 16 0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rdata 499712 24 512 0.20 d1eb3a73ec46267dade338b5c47f2a18
    .reloc 503808 33224 33280 6.66 df48547f38086a49bbac263037f24da3
    .rsrc 540672 38400 38400 4.85 e2884e85879971df8a599f0590abf047

    PE Imports....................:

    [[comdlg32.dll]]
    ChooseColorA

    [[version.dll]]
    GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

    [[gdi32.dll]]
    GetBrushOrgEx, GetDIBColorTable, DeleteEnhMetaFile, GetWindowOrgEx, PatBlt, GetClipBox, GetCurrentPositionEx, SaveDC, CreateFontIndirectA, GetTextMetricsA, MaskBlt, CreateBrushIndirect, SetStretchBltMode, GetEnhMetaFilePaletteEntries, GetPixel, Rectangle, BitBlt, GetObjectA, ExcludeClipRect, PlayEnhMetaFile, LineTo, DeleteDC, RestoreDC, SetBkMode, GetSystemPaletteEntries, SetPixel, CreateSolidBrush, IntersectClipRect, CreateHalftonePalette, CreateDIBSection, CopyEnhMetaFileA, RealizePalette, SetTextColor, GetDeviceCaps, MoveToEx, SetEnhMetaFileBits, CreateBitmap, RectVisible, CreatePalette, GetStockObject, CreateDIBitmap, SetViewportOrgEx, SelectPalette, ExtTextOutA, UnrealizeObject, GetDIBits, GetEnhMetaFileBits, SetBrushOrgEx, GetDCOrgEx, RoundRect, StretchBlt, GetBitmapBits, CreateCompatibleDC, SetROP2, SelectObject, GetTextExtentPoint32A, GetWinMetaFileBits, SetDIBColorTable, CreateCompatibleBitmap, GetEnhMetaFileHeader, GetPaletteEntries, SetWindowOrgEx, Polyline, SetBkColor, SetWinMetaFileBits, DeleteObject, Ellipse, CreatePenIndirect

    [[advapi32.dll]]
    RegFlushKey, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegDeleteValueA, RegCreateKeyExA, RegOpenKeyExA

    [[kernel32.dll]]
    SetThreadLocale, GetStdHandle, FileTimeToDosDateTime, WaitForSingleObject, GetDriveTypeA, DeleteCriticalSection, GetLocaleInfoA, LocalAlloc, SetErrorMode, GetCPInfo, WriteFile, GetDiskFreeSpaceA, SetEvent, LocalFree, InitializeCriticalSection, LoadResource, GlobalHandle, FindClose, TlsGetValue, FormatMessageA, GetStringTypeExA, GlobalFindAtomA, ExitProcess, GetModuleFileNameA, EnumCalendarInfoA, LoadLibraryExA, UnhandledExceptionFilter, InterlockedDecrement, MultiByteToWideChar, GetModuleHandleA, CreateThread, GlobalAddAtomA, MulDiv, GlobalAlloc, SetEndOfFile, GetVersion, InterlockedIncrement, SetCurrentDirectoryA, EnterCriticalSection, FreeLibrary, GetTickCount, GetVersionExA, LoadLibraryA, RtlUnwind, GetStartupInfoA, GetFileSize, GetProcAddress, GlobalReAlloc, lstrcmpA, FindFirstFileA, lstrcpyA, CompareStringA, FindNextFileA, GlobalLock, CreateEventA, GetFileType, TlsSetValue, CreateFileA, LeaveCriticalSection, GetLastError, GlobalDeleteAtom, GetSystemInfo, lstrlenA, GlobalFree, GetThreadLocale, GlobalUnlock, VirtualQuery, FileTimeToLocalFileTime, SizeofResource, GetCurrentProcessId, LockResource, WideCharToMultiByte, GetCommandLineA, RaiseException, SetFilePointer, ReadFile, CloseHandle, lstrcpynA, GetACP, GetCurrentThreadId, FreeResource, VirtualFree, Sleep, FindResourceA, VirtualAlloc, ResetEvent

    [[oleaut32.dll]]
    VariantCopy, SafeArrayGetLBound, SafeArrayGetElement, SafeArrayPtrOfIndex, SysAllocStringLen, VariantCopyInd, VariantClear, SafeArrayCreate, SysReAllocStringLen, SafeArrayGetUBound, SafeArrayRedim, SysFreeString, SafeArrayPutElement, VariantInit, VariantChangeTypeEx

    [[shell32.dll]]
    DragAcceptFiles, DragQueryFileA, DragFinish, ShellExecuteA, Shell_NotifyIconA

    [[user32.dll]]
    RedrawWindow, GetMessagePos, EnableScrollBar, DestroyMenu, PostQuitMessage, GetForegroundWindow, LoadBitmapA, SetWindowPos, IsWindow, DispatchMessageA, EndPaint, SetMenuItemInfoA, WindowFromPoint, DrawIcon, SetActiveWindow, GetMenuItemID, GetCursorPos, ReleaseDC, GetClassInfoA, GetMenu, UnregisterClassA, SendMessageA, GetClientRect, CharLowerBuffA, SetScrollPos, CallNextHookEx, GetKeyboardState, ClientToScreen, GetTopWindow, ShowCursor, EnumClipboardFormats, ScrollWindow, GetWindowTextA, GetKeyState, PtInRect, DrawEdge, GetParent, UpdateWindow, SetPropA, EqualRect, EnumWindows, DefMDIChildProcA, ShowWindow, SetClassLongA, GetPropA, GetDesktopWindow, TranslateMDISysAccel, EnableWindow, SetWindowPlacement, PeekMessageA, ChildWindowFromPoint, GetClipboardData, TranslateMessage, IsWindowEnabled, GetWindow, ActivateKeyboardLayout, InsertMenuItemA, CreatePopupMenu, GetIconInfo, LoadStringA, SetClipboardData, CharLowerA, IsZoomed, GetWindowPlacement, GetKeyboardLayoutList, DrawMenuBar, IsIconic, RegisterClassA, GetMenuItemCount, GetWindowLongA, SetTimer, OemToCharA, GetActiveWindow, ShowOwnedPopups, FillRect, EnumThreadWindows, CharNextA, CreateMenu, DestroyWindow, IsChild, IsDialogMessageA, SetFocus, CreateWindowExA, MapVirtualKeyA, SetCapture, BeginPaint, OffsetRect, GetScrollPos, KillTimer, RegisterWindowMessageA, DefWindowProcA, DrawFocusRect, MapWindowPoints, GetSystemMetrics, EnableMenuItem, SetScrollRange, GetWindowRect, InflateRect, PostMessageA, ReleaseCapture, GetScrollRange, SetWindowLongA, RemovePropA, SetWindowTextA, CheckMenuItem, GetSubMenu, GetLastActivePopup, DrawIconEx, GetDCEx, ScreenToClient, InsertMenuA, LoadCursorA, LoadIconA, TrackPopupMenu, SetWindowsHookExA, GetMenuStringA, GetMenuState, GetKeyboardLayout, GetSystemMenu, GetDC, SetForegroundWindow, OpenClipboard, EmptyClipboard, DrawTextA, IntersectRect, GetScrollInfo, GetCapture, WaitMessage, FindWindowA, RemoveMenu, GetWindowThreadProcessId, ShowScrollBar, DrawFrameControl, UnhookWindowsHookEx, RegisterClipboardFormatA, CallWindowProcA, MessageBoxA, GetClassNameA, GetWindowDC, DestroyCursor, AdjustWindowRectEx, LoadKeyboardLayoutA, GetSysColor, SetScrollInfo, GetMenuItemInfoA, SystemParametersInfoA, DestroyIcon, GetKeyNameTextA, IsWindowVisible, WinHelpA, FrameRect, SetRect, DeleteMenu, InvalidateRect, DefFrameProcA, CreateIcon, IsRectEmpty, GetCursor, GetFocus, CloseClipboard, GetKeyboardType, SetMenu, SetCursor

    [[comctl32.dll]]
    ImageList_BeginDrag, ImageList_SetBkColor, InitCommonControls, ImageList_SetDragCursorImage, ImageList_Read, ImageList_GetDragImage, ImageList_Create, ImageList_DragMove, ImageList_DrawEx, ImageList_SetIconSize, ImageList_Write, ImageList_GetImageCount, ImageList_Destroy, ImageList_Draw, ImageList_GetIconSize, ImageList_DragLeave, ImageList_GetBkColor, ImageList_ReplaceIcon, ImageList_DragEnter, ImageList_Add, ImageList_DragShowNolock, ImageList_Remove, ImageList_EndDrag

    PE Resources..................:

    Resource type Number of resources
    RT_BITMAP 17
    RT_STRING 13
    RT_GROUP_CURSOR 7
    RT_CURSOR 7
    RT_RCDATA 5
    RT_ICON 3
    RT_GROUP_ICON 3
    RT_DIALOG 1
    RT_VERSION 1

    Resource language Number of resources
    NEUTRAL 49
    DANISH DEFAULT 8
    Symantec Reputation
    Suspicious.Insight
    First seen by VirusTotal
    2010-11-29 12:49:42 UTC ( 2 years, 3 months ago )
    Last seen by VirusTotal
    2013-02-28 21:01:24 UTC ( 3 minutes ago )
    File names (max. 25)
    Space.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090678

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice