1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus will not delete

Discussion in 'Virus & Other Malware Removal' started by frodostwin123, Aug 21, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    I have noticed that randomly with out a program running (also with programs running) random adds and crap will start playing over my speakers. It caused me to run my malwarebyte's anti malware, it discovered a couple viruses which i had quarantined and deleted. After which the problem persisted and it [mbam] continued to find new viruses. It makes me think I have trojan virus that it is not finding that keeps installing these other viruses. I followed the instructions on this cite and created a hijack this log, and a dds log. I hope they are alright as i do not know exactly how to stop any script blockers and i think some may have been running. Any help with this would be greatly appreciated! Thank you again u guys are always a great help! (After copying the DDS file i realize it is very long. Not sure if it is supposed to be but just a warning. Thank you again!!)
    Here are the logs:
    Hijack this:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:02:03 AM, on 8/21/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Users\Dunnski\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=108907&mntrId=0ceee7b500000000000000211930e49c
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 7812 bytes

    DDS Log:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005
    Run by Dunnski at 2:02:57 on 2012-08-21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.1855 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\dllhost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Windows\System32\msdtc.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Windows\system32\locator.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\snmptrap.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\svchost.exe -k wcssvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\consent.exe
    \\.\globalroot\systemroot\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108907&mntrId=0ceee7b500000000000000211930e49c
    uDefault_Page_URL = hxxp:\\www.samsungcomputer.com
    mDefault_Page_URL = hxxp:\\www.samsungcomputer.com
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\dunnski\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{74488B41-97C9-4F22-8A94-FA9BA34300DE} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dunnski\appdata\roaming\mozilla\firefox\profiles\7bvn24p7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=108907&mntrId=0ceee7b500000000000000211930e49c&q=
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - 0ceee7b500000000000000211930e49c
    FF - user.js: extensions.BabylonToolbar_i.hardId - 0ceee7b500000000000000211930e49c
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15308
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:09:25
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108907
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2008-9-3 13312]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-8 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-8 22344]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-25 3662848]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-17 66592]
    R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2008-9-3 242048]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-08-21 04:45:35 -------- d-----w- c:\users\dunnski\appdata\local\{40FCFAB8-A046-48A6-9CD2-B597CE407015}
    2012-08-20 16:26:56 -------- d-----w- c:\users\dunnski\appdata\local\{FB20A65A-2A6E-4AEE-BA14-E0DD2CA1A4E3}
    2012-08-19 05:10:44 -------- d-----w- c:\users\dunnski\appdata\local\{646EDB70-2FC9-42F0-AE80-BA795C4C3F49}
    2012-08-18 15:28:09 -------- d-----w- c:\users\dunnski\appdata\local\{32DA416A-E3F0-49A4-97E0-BDA179392AD9}
    2012-08-18 15:28:08 -------- d-----w- c:\users\dunnski\appdata\local\{81ED1E9D-5665-40DC-89CB-DA437B8A37F2}
    2012-08-15 16:41:48 -------- d-----w- c:\users\dunnski\appdata\local\{3A3F52F2-CFF6-4B26-9B55-924A25375272}
    2012-08-15 16:41:47 -------- d-----w- c:\users\dunnski\appdata\local\{13BE341A-8401-4E3F-A452-46803F7DBB53}
    2012-08-14 22:55:57 -------- d-----w- c:\users\dunnski\appdata\local\{DC50BBFA-35C5-4DED-B9F0-B9A7C93FAB79}
    2012-08-14 22:55:56 -------- d-----w- c:\users\dunnski\appdata\local\{30AA3053-2D93-4D90-AB41-EA91D9F9FF32}
    2012-08-14 08:45:12 -------- d-----w- c:\users\dunnski\appdata\local\{6A8FD3B9-DD13-4ED7-9ACE-33970215AE5E}
    2012-08-14 08:44:11 -------- d-----w- c:\users\dunnski\appdata\local\{DE032E47-2690-42C5-869A-849227DB9D5B}
    2012-08-12 19:11:24 -------- d-----w- c:\users\dunnski\appdata\local\{AD034CF6-63B8-4927-B691-F1B59A567606}
    2012-08-12 19:11:23 -------- d-----w- c:\users\dunnski\appdata\local\{165A2ED0-12D1-4C0C-BBD9-81DAD08F829C}
    2012-08-10 15:01:11 -------- d-----w- c:\users\dunnski\appdata\local\{A9691FB2-D0B1-410C-A6BF-FC82681ED2B0}
    2012-08-10 15:01:10 -------- d-----w- c:\users\dunnski\appdata\local\{895034B4-A0BF-4D5E-8152-D90722FA5E29}
    2012-08-08 06:28:00 -------- d-----w- c:\users\dunnski\appdata\local\{C7B4DD25-61B3-4225-B23F-68B3B14B71F3}
    2012-08-08 06:27:57 -------- d-----w- c:\users\dunnski\appdata\local\{BBE90476-8D20-4720-BFDD-2532CCA3A369}
    2012-08-07 18:05:16 -------- d-----w- c:\users\dunnski\appdata\local\{3CD60E1B-2EA5-46FE-B02B-6F0AB5C2BBA3}
    2012-08-07 18:05:15 -------- d-----w- c:\users\dunnski\appdata\local\{BA5C3A86-59D7-4249-8D0E-FE3713DC8E1E}
    2012-08-06 09:45:33 -------- d-----w- c:\users\dunnski\appdata\local\{6FF43D00-0792-44B4-A39A-718FC3BD7C2D}
    2012-08-06 09:45:31 -------- d-----w- c:\users\dunnski\appdata\local\{A23D7D49-82B4-4DB5-9267-7B8F70CF7749}
    2012-08-05 08:05:58 -------- d-----w- c:\users\dunnski\appdata\local\{F16420E1-2BDE-4656-832F-C70FE7870BAB}
    2012-08-05 08:05:55 -------- d-----w- c:\users\dunnski\appdata\local\{3AF11204-725C-42FE-BFD4-170EEA3412D9}
    2012-08-04 05:05:00 -------- d-----w- c:\users\dunnski\appdata\local\{D4518651-F098-47B2-81EC-2A677D797E0F}
    2012-08-04 05:04:59 -------- d-----w- c:\users\dunnski\appdata\local\{85F38C61-1590-4DF8-8741-6869505F3D86}
    2012-08-04 05:04:38 -------- d-----w- c:\users\dunnski\appdata\local\{1BB25D1E-6664-44A7-8197-31E77739B21D}
    2012-08-03 05:29:56 -------- d-----w- c:\program files\3DO
    2012-08-03 05:13:10 -------- d-----w- c:\users\dunnski\appdata\local\{F71D3454-1AA8-44B6-AB68-30694FAE3C0B}
    2012-08-03 05:13:09 -------- d-----w- c:\users\dunnski\appdata\local\{A9EFB1A2-73B9-4F60-BEC9-27BC64A27517}
    2012-08-02 05:29:16 -------- d-----w- c:\users\dunnski\appdata\local\{9B37256D-8A5F-4508-A656-475BED729286}
    2012-08-02 05:29:15 -------- d-----w- c:\users\dunnski\appdata\local\{D50D3D35-BCED-46D8-96CE-9B40C4D5CE23}
    2012-08-01 17:29:00 -------- d-----w- c:\users\dunnski\appdata\local\{1CF9A75E-595E-4CCC-B1B8-4BBE36747497}
    2012-08-01 17:28:59 -------- d-----w- c:\users\dunnski\appdata\local\{1C937EC8-3A88-4426-BC9B-325A46AD7F13}
    2012-08-01 05:28:43 -------- d-----w- c:\users\dunnski\appdata\local\{81249389-D147-43AF-AC46-AC6825D64E48}
    2012-07-31 15:48:03 -------- d-----w- c:\users\dunnski\appdata\local\{32318306-AE4C-4DDA-9345-3396F08EEB83}
    2012-07-31 15:48:01 -------- d-----w- c:\users\dunnski\appdata\local\{3C8C3C6D-E79D-4869-BA60-7D57041DA24F}
    2012-07-31 05:18:50 -------- d-----w- c:\program files\iPod
    2012-07-31 05:18:48 -------- d-----w- c:\program files\iTunes
    2012-07-31 03:31:47 -------- d-----w- c:\users\dunnski\appdata\local\{6D28221A-64D3-450C-B112-8D4F70EE7E9D}
    2012-07-31 03:31:45 -------- d-----w- c:\users\dunnski\appdata\local\{A3C59357-986B-47F1-9BB1-CC74FBA3D8DD}
    2012-07-30 15:31:31 -------- d-----w- c:\users\dunnski\appdata\local\{5FE8627B-A109-4010-B988-B2BF273A4FB2}
    2012-07-30 15:31:23 -------- d-----w- c:\users\dunnski\appdata\local\{FF70BAA5-84C8-4BDB-AB07-C3CD6D24A4AB}
    2012-07-28 05:16:06 -------- d-----w- c:\users\dunnski\appdata\local\{EFB505EA-C419-4633-9BEB-11D329EB0BE5}
    2012-07-28 05:16:00 -------- d-----w- c:\users\dunnski\appdata\local\{2141ED01-A2AE-4A07-8F3A-F05D64AD4AAB}
    2012-07-27 17:11:55 -------- d-----w- c:\users\dunnski\appdata\local\Macromedia
    2012-07-27 14:41:48 -------- d-sh--w- c:\users\dunnski\appdata\roaming\63b8c22
    2012-07-27 14:39:37 -------- d-----w- c:\users\dunnski\appdata\local\visi_coupon
    2012-07-27 14:24:23 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5609ead1-cee4-4740-8953-2f4bf67ddd05}\mpengine.dll
    2012-07-27 14:13:23 -------- d-----w- c:\users\dunnski\appdata\local\{47C20F34-34EA-46F4-8288-E723CA9AFA97}
    2012-07-27 14:13:22 -------- d-----w- c:\users\dunnski\appdata\local\{36EBCDA1-2A62-44AD-9272-BBB49AC680E3}
    2012-07-26 16:36:23 -------- d-----w- c:\users\dunnski\appdata\local\{54C43950-28ED-4875-B4E2-625AF7BB93A1}
    2012-07-26 16:36:22 -------- d-----w- c:\users\dunnski\appdata\local\{B40E8BD7-D80E-4B54-8498-CECCC185485A}
    2012-07-25 18:47:09 -------- d-----w- c:\users\dunnski\appdata\local\{13F531C3-E748-45B8-AE89-C559E5589B25}
    2012-07-25 18:47:07 -------- d-----w- c:\users\dunnski\appdata\local\{64CA3745-D51B-4C13-92BF-ADE1DD4C583B}
    2012-07-25 05:22:16 -------- d-----w- c:\users\dunnski\appdata\local\{A8785CFA-0657-48FB-9DC6-2A799304D932}
    2012-07-25 05:22:14 -------- d-----w- c:\users\dunnski\appdata\local\{3BE45EC5-8793-4E04-963E-B16A09E64478}
    2012-07-24 17:20:47 -------- d-----w- c:\users\dunnski\appdata\local\{7E0C6ED4-70D0-48A7-9564-FB09AFD5FE95}
    2012-07-24 17:20:45 -------- d-----w- c:\users\dunnski\appdata\local\{E42B44EE-EBF1-4EEF-BCB8-83164301E0C0}
    .
    ==================== Find3M ====================
    .
    2012-08-15 17:04:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-15 17:04:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 2:04:39.16 ===============
     
  2. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Hello frodostwin123 and Welcome to Tech Support Guy! :)
    My name is Gizzy and I'll be glad to help you with your malware problems.

    Please note the following while we work:
    • The fixes are specific to your problem and should only be used for this issue on this computer.
    • Perform all actions in the order given.
    • If you don't know or understand something stop and ask! Don't keep going on.
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please DO NOT run any tools or scans unless I ask you to.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
    • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
    • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.
    Backup your data - Vista


    UAC Advice
    • All applications I ask to be used will require to be run in Administrator mode. i.e. Right-click on and select Run as administrator.
    • The Operating System (Windows Vista) in use comes with an inbuilt utility called User Account Control (UAC).
    • When prompted by this with anything I ask you to carry out please select the option Allow.


    Download and run OTL
    1. Download OTL to your desktop.
    2. Right-click on OTL.exe and select Run as administrator to run it. Make sure all other windows are closed and let it run uninterrupted.
    3. Check the box beside Scan All Users
    4. Ensure Use SafeList is selected under Extra Registry
    5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    7. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


    Gmer Rootkit Scanner
    Download GMER Rootkit Scanner from here & save it to your desktop.
    1. Right-click the .exe file and select Run as administrator. If asked to allow gmer.sys driver to load, please consent
    2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
        [​IMG]
        Click the image to enlarge it
    4. Then click the Scan button & wait for it to finish
    5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    6. Save it where you can easily find it, such as your desktop, and post it in your next reply
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Do not run any programs while Gmer is running.


    Please reply with:
    • OTL logs (OTL.txt and Extras.txt)
    • Gmer log
     
  3. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    I was just replying to let you know that I got your post and I am downloading and running the programs tonight! I appreciate your speedy reply!
     
  4. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Thanks for letting me know, Post the logs when ready. :)
     
  5. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    Ok, i have the Logs that u want. First up is the OTL:
    OTL logfile created on: 8/28/2012 12:14:22 AM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dunnski\Desktop\Virus Cleaning
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.39% Memory free
    6.18 Gb Paging File | 5.09 Gb Available in Paging File | 82.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 109.88 Gb Total Space | 14.70 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
    Drive D: | 113.00 Gb Total Space | 111.60 Gb Free Space | 98.76% Space Free | Partition Type: NTFS

    Computer Name: DUNNSKI-PC | User Name: Dunnski | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/27 21:55:24 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dunnski\Desktop\Virus Cleaning\OTL.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2008/08/19 00:17:04 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2008/07/10 06:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2008/07/10 06:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2008/04/17 01:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    PRC - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2008/02/11 23:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2008/02/11 23:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2007/07/04 17:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
    MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
    MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2012/08/15 12:04:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/28 00:29:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/28 04:07:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2008/07/10 06:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2008/07/10 06:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/09/01 01:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/08/21 15:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/02/22 19:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/06/25 16:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
    DRV - [2008/06/05 02:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
    DRV - [2008/03/20 22:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
    DRV - [2007/05/23 03:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
    DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=108907&mntrId=0ceee7b500000000000000211930e49c
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http:\\www.samsungcomputer.com
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=108907&mntrId=0ceee7b500000000000000211930e49c
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PF&o=15176&src=crm&q={searchTerms}&locale=&apn_ptnrs=RW&apn_dtid=YYYYYYYYUS&apn_uid=f27d5380-d8a3-402e-91ab-a6863eb681ad&apn_sauid=60CF0B00-D325-4581-8B9C-A37D8FD63727
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{F7743156-08A6-EFA8-2B22-C14CE44F71D8}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z214&form=ZGAIDF&install_date=20111130&iesrc={referrer:source}
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
    FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=108907&mntrId=0ceee7b500000000000000211930e49c&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 00:29:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 23:40:01 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 00:29:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 23:40:01 | 000,000,000 | ---D | M]

    [2010/04/08 17:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Extensions
    [2012/07/28 00:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions
    [2010/04/28 11:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/21 18:09:51 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
    [2012/05/25 09:37:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/07/17 10:35:12 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions\{a018b213-6b46-4791-9298-519020db5737}
    [2011/11/30 12:19:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions\[email protected]
    [2012/06/21 13:27:12 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\extensions\[email protected]
    [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Dunnski\AppData\Roaming\Mozilla\Firefox\Profiles\7bvn24p7.default\searchplugins\askcom.xml
    [2011/11/30 04:05:21 | 000,001,945 | ---- | M] () -- C:\Users\Dunnski\AppData\Roaming\Mozilla\Firefox\Profiles\7bvn24p7.default\searchplugins\bing-zugo.xml
    [2011/01/14 03:51:35 | 000,001,832 | ---- | M] () -- C:\Users\Dunnski\AppData\Roaming\Mozilla\Firefox\Profiles\7bvn24p7.default\searchplugins\bing.xml
    [2011/01/24 13:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/28 00:29:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/30 12:09:23 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/02/29 13:55:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/05/09 16:48:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
    [2008/12/01 11:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml
    [2012/02/29 13:55:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot File not found
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2038148527-1506750683-213658187-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74488B41-97C9-4F22-8A94-FA9BA34300DE}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{214552ad-9c85-11e1-a9a9-00211930e49c}\Shell - "" = AutoRun
    O33 - MountPoints2\{214552ad-9c85-11e1-a9a9-00211930e49c}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
    O33 - MountPoints2\{a5044f7c-5367-11df-9fdc-00211930e49c}\Shell - "" = AutoRun
    O33 - MountPoints2\{a5044f7c-5367-11df-9fdc-00211930e49c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{c5cd986f-7170-11e0-aa8b-00211930e49c}\Shell - "" = AutoRun
    O33 - MountPoints2\{c5cd986f-7170-11e0-aa8b-00211930e49c}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe
    O33 - MountPoints2\{c5cd9883-7170-11e0-aa8b-00211930e49c}\Shell - "" = AutoRun
    O33 - MountPoints2\{c5cd9883-7170-11e0-aa8b-00211930e49c}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/27 22:11:08 | 000,100,864 | ---- | C] (GMER) -- C:\kfliifog.sys
    [2012/08/27 12:06:13 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{E2A07169-5F65-4F94-828D-383C579629B4}
    [2012/08/24 11:59:06 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{D364EB22-4488-45F6-826D-BDD15065430E}
    [2012/08/23 23:58:16 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{74C92A02-69C6-4197-82A5-4E197D4554B0}
    [2012/08/23 02:43:41 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{C59BA2C1-3796-4E67-B30F-054ACB51C129}
    [2012/08/22 13:07:05 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{09FDA3C0-0BB5-42B6-B136-5584F630DD93}
    [2012/08/22 01:07:04 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{19B9B11F-95DA-4879-8FF8-DBDE984C1ED5}
    [2012/08/21 13:06:50 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{8F2B4D57-9852-43AC-A699-62BCEE9718C7}
    [2012/08/21 02:02:26 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\Desktop\Virus Cleaning
    [2012/08/20 23:45:35 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{40FCFAB8-A046-48A6-9CD2-B597CE407015}
    [2012/08/20 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{FB20A65A-2A6E-4AEE-BA14-E0DD2CA1A4E3}
    [2012/08/19 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{646EDB70-2FC9-42F0-AE80-BA795C4C3F49}
    [2012/08/18 10:28:09 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{32DA416A-E3F0-49A4-97E0-BDA179392AD9}
    [2012/08/18 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{81ED1E9D-5665-40DC-89CB-DA437B8A37F2}
    [2012/08/15 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3A3F52F2-CFF6-4B26-9B55-924A25375272}
    [2012/08/15 11:41:47 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{13BE341A-8401-4E3F-A452-46803F7DBB53}
    [2012/08/14 17:55:57 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{DC50BBFA-35C5-4DED-B9F0-B9A7C93FAB79}
    [2012/08/14 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{30AA3053-2D93-4D90-AB41-EA91D9F9FF32}
    [2012/08/14 03:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{6A8FD3B9-DD13-4ED7-9ACE-33970215AE5E}
    [2012/08/14 03:44:11 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{DE032E47-2690-42C5-869A-849227DB9D5B}
    [2012/08/12 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{AD034CF6-63B8-4927-B691-F1B59A567606}
    [2012/08/12 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{165A2ED0-12D1-4C0C-BBD9-81DAD08F829C}
    [2012/08/10 10:01:11 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A9691FB2-D0B1-410C-A6BF-FC82681ED2B0}
    [2012/08/10 10:01:10 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{895034B4-A0BF-4D5E-8152-D90722FA5E29}
    [2012/08/08 01:28:00 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{C7B4DD25-61B3-4225-B23F-68B3B14B71F3}
    [2012/08/08 01:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{BBE90476-8D20-4720-BFDD-2532CCA3A369}
    [2012/08/07 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3CD60E1B-2EA5-46FE-B02B-6F0AB5C2BBA3}
    [2012/08/07 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{BA5C3A86-59D7-4249-8D0E-FE3713DC8E1E}
    [2012/08/06 04:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{6FF43D00-0792-44B4-A39A-718FC3BD7C2D}
    [2012/08/06 04:45:31 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A23D7D49-82B4-4DB5-9267-7B8F70CF7749}
    [2012/08/05 03:05:58 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{F16420E1-2BDE-4656-832F-C70FE7870BAB}
    [2012/08/05 03:05:55 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3AF11204-725C-42FE-BFD4-170EEA3412D9}
    [2012/08/04 00:05:00 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{D4518651-F098-47B2-81EC-2A677D797E0F}
    [2012/08/04 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{85F38C61-1590-4DF8-8741-6869505F3D86}
    [2012/08/04 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{1BB25D1E-6664-44A7-8197-31E77739B21D}
    [2012/08/03 00:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
    [2012/08/03 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{F71D3454-1AA8-44B6-AB68-30694FAE3C0B}
    [2012/08/03 00:13:09 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A9EFB1A2-73B9-4F60-BEC9-27BC64A27517}
    [2012/08/02 00:29:16 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{9B37256D-8A5F-4508-A656-475BED729286}
    [2012/08/02 00:29:15 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{D50D3D35-BCED-46D8-96CE-9B40C4D5CE23}
    [2012/08/01 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{1CF9A75E-595E-4CCC-B1B8-4BBE36747497}
    [2012/08/01 12:28:59 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{1C937EC8-3A88-4426-BC9B-325A46AD7F13}
    [2012/08/01 00:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{81249389-D147-43AF-AC46-AC6825D64E48}
    [2012/07/31 10:48:03 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{32318306-AE4C-4DDA-9345-3396F08EEB83}
    [2012/07/31 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3C8C3C6D-E79D-4869-BA60-7D57041DA24F}
    [2012/07/31 00:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/07/31 00:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/07/31 00:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/07/31 00:12:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/30 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{6D28221A-64D3-450C-B112-8D4F70EE7E9D}
    [2012/07/30 22:31:45 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A3C59357-986B-47F1-9BB1-CC74FBA3D8DD}
    [2012/07/30 10:31:31 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{5FE8627B-A109-4010-B988-B2BF273A4FB2}
    [2012/07/30 10:31:23 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{FF70BAA5-84C8-4BDB-AB07-C3CD6D24A4AB}

    ========== Files - Modified Within 30 Days ==========

    [2012/08/28 00:18:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/28 00:18:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/28 00:11:51 | 000,214,804 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/08/28 00:11:47 | 000,214,804 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/08/28 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/27 22:25:47 | 000,663,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/27 22:25:47 | 000,126,812 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/27 22:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/27 22:17:34 | 311,440,229 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/27 22:11:08 | 000,100,864 | ---- | M] (GMER) -- C:\kfliifog.sys
    [2012/08/27 12:05:29 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5072CDDE-7C67-438B-BDF8-4A21E345CDF8}.job
    [2012/08/21 01:53:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/08/15 12:04:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/08/15 12:04:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/08/01 03:22:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/31 00:19:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/20 18:46:01 | 311,440,229 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/08/19 00:09:54 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U\800000cb.@
    [2012/08/01 03:22:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/31 00:19:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/07/27 10:35:35 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U\80000000.@
    [2012/07/27 10:35:34 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U\00000001.@
    [2012/01/13 04:07:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\@
    [2012/01/13 04:07:29 | 000,002,048 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\@
    [2011/12/24 12:29:59 | 000,010,384 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\l443c523yh7jf53j1j6643
    [2011/12/24 12:29:59 | 000,010,384 | -HS- | C] () -- C:\ProgramData\l443c523yh7jf53j1j6643
    [2011/12/20 18:54:36 | 000,009,704 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\4a24mk4f80s857
    [2011/12/20 18:54:36 | 000,009,704 | -HS- | C] () -- C:\ProgramData\4a24mk4f80s857
    [2011/09/05 12:13:53 | 000,001,348 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\xn2xdnqc6450ys74t7m03esxpb7xc351j56316t557ud
    [2011/09/05 12:13:53 | 000,001,348 | -HS- | C] () -- C:\ProgramData\xn2xdnqc6450ys74t7m03esxpb7xc351j56316t557ud
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\yfll.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\tnoh.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\ppab.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\iumc.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\gjpb.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\fhjv.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\cihq.exe
    [2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\bgqc.exe
    [2011/06/20 01:51:04 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2011/05/11 11:15:05 | 000,000,537 | ---- | C] () -- C:\Windows\System32\dmlg.dat
    [2011/02/24 22:02:50 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/12/17 01:45:55 | 000,214,804 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/12/17 01:45:41 | 000,214,804 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/12/11 04:30:53 | 000,000,095 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\fusioncache.dat
    [2010/05/12 23:57:44 | 000,020,483 | ---- | C] () -- C:\Users\Dunnski\webadvisor.htm
    [2010/05/12 23:27:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/03 09:02:54 | 000,015,872 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/14 01:01:06 | 000,007,808 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\d3d9caps.dat

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB30046$] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB35489$] -> Error: Cannot create file handle -> Unknown point type

    < End of report >

    Extras:
    OTL Extras logfile created on: 8/28/2012 12:14:22 AM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dunnski\Desktop\Virus Cleaning
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.39% Memory free
    6.18 Gb Paging File | 5.09 Gb Available in Paging File | 82.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 109.88 Gb Total Space | 14.70 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
    Drive D: | 113.00 Gb Total Space | 111.60 Gb Free Space | 98.76% Space Free | Partition Type: NTFS

    Computer Name: DUNNSKI-PC | User Name: Dunnski | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
    "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7345E8B0-36DA-4E3A-970B-5C3DAD816AC6}_is1" = GRE TestPrep PLUS
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi Software
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.9
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Ares" = Ares 2.1.5
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
    "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROHYBRIDR" = 2007 Microsoft Office system
    "ProInst" = Intel PROSet Wireless
    "Steam App 440" = Team Fortress 2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/4/2012 7:06:19 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 68297

    Error - 3/4/2012 7:06:20 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/4/2012 7:06:20 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 69295

    Error - 3/4/2012 7:06:20 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 69295

    Error - 3/4/2012 7:06:21 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/4/2012 7:06:21 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 70294

    Error - 3/4/2012 7:06:21 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 70294

    Error - 3/4/2012 7:06:22 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/4/2012 7:06:22 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 71292

    Error - 3/4/2012 7:06:22 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 71292

    [ OSession Events ]
    Error - 6/6/2011 6:30:04 PM | Computer Name = Dunnski-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 426251
    seconds with 660 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/27/2012 11:18:09 PM | Computer Name = Dunnski-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:15:32 PM on 8/27/2012 was unexpected.

    Error - 8/27/2012 11:18:32 PM | Computer Name = Dunnski-PC | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 8/27/2012 11:20:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 8/27/2012 11:20:22 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >

    GMER:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-28 02:43:37
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0
    Running: zvy0cwxd.exe; Driver: C:\Users\Dunnski\AppData\Local\Temp\kfliifog.sys


    ---- User code sections - GMER 1.0.15 ----

    ? C:\Windows\system32\services.exe[636] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\0000006d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fe0541
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f55513
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00211930e49c
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fe0541 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2f55513 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00211930e49c (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB30046$\317590848 0 bytes
    File C:\Windows\$NtUninstallKB30046$\533960050 0 bytes
    File C:\Windows\$NtUninstallKB30046$\533960050\L 0 bytes
    File C:\Windows\$NtUninstallKB30046$\533960050\U 0 bytes
    File C:\Windows\$NtUninstallKB35489$\1748571032 0 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050 0 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\@ 2048 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\bckfg.tmp 794 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\cfg.ini 197 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\keywords 0 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\L 0 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\L\qnbwvoto 67072 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\lsflt7.ver 5176 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U 0 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U\00000001.@ 1536 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U\80000000.@ 11264 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U\80000004.@ 12800 bytes
    File C:\Windows\$NtUninstallKB35489$\533960050\U\80000032.@ 97792 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JRKXSZ5Z.txt 433 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KCZSQ281.txt 184 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BTAXQVZ6.txt 843 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\BVPRILQN.txt 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y5TEMAFK.txt 880 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6MYK2ZTW.txt 445 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RZD641WC.txt 1558 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\COZ6U9EB.txt 89 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZU0PIFBM.txt 759 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FB5NYDDX.txt 656 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FDYY8O3T.txt 782 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UY3QV5ZH.txt 246 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4E335CBA.txt 786 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VUGD347P.txt 173 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PX3X7Q4E.txt 115 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q4WP9H2O.txt 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0C3U9PWV.txt 179 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\U3J7CB3C.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----

    Ok, followed your instructions to the T. Thanks again! I hope this gives u what u need. I couldn't find my CD's to back up my hard drive though :( so i stored them on the second hard drive on here...i hope thats safe enough. Give me a heads up if u think something is unstable and could possibly delete my files. Untill then i'll try to find and external to use. Hope your doing well!
     
  6. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    Since they're on a separate hard drive that should be fine.


    I'm afraid I have some bad news for you, Your logs show that you have a Zero Access rootkit infection. This infection has remote access capabilities.
    It likely came from using the computer without an antivirus program.

    Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

    What are Remote Access Trojans and why are they dangerous


    You are strongly advised to do the following:

    • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
    • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
    • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
    • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

    Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.


    How do I respond to possible identity theft and how do I prevent it


    Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

    Further reading:
    When should I do a reformat and reinstallation of my OS
    Windows Vista Backup
    Restoring your backups with Windows Vista

    Some versions of this infection are extremely difficult to remove, and if you opt for us to clean your computer there is a possibility that you may lose connection to the internet, in which case you'll need to have access to another computer so you can contact us. We will of course attempt to resolve the connection issues if they happen, but I can give no guarantee that you may not have to reformat after all.


    Please let me know how you would like to proceed.
    Should you have any questions please feel free to ask.
     
  7. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    Ok, thank you for the response. I have been Doing everything else since then on another of computer of mine. Speaking of which is my other computer safe since they are both on the same network? and I have MBAM up on both computers and running although it is not the full version. I have been meaning to completely buy it since it does such a good job but it didn't seemt to catch this virus. If i pay for it and put it on both computers will that be enough? I have a newer version of windows that i'm thinking of putting on my comp and my buddy says that should erase all previous data, does that work? will be doing it later today (in a couple of hours) but i disconnected it from the net. I appreciate all your help and advice. I would like to know if u think this will be sufficient and any other suggestions you have! Thanks a lot!
     
  8. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    oh and if i haven't accessed things like PayPal or Ebay, are those passwords still at risk?
     
  9. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    If you're not experiencing any symptoms on your other computer it may be fine, But I couldn't say for sure without seeing logs from it.
    If you would like me to check, please post logs from that computer using the instructions below.

    Download and run OTL
    1. Download OTL to your desktop.
    2. Double-click on OTL.exe to run it. (Right-click and Run as administrator if Windows Vista or 7) Make sure all other windows are closed and let it run uninterrupted.
    3. Check the box beside Scan All Users
    4. Ensure Use SafeList is selected under Extra Registry
    5. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
      Code:
      %systemroot%\assembly\GAC_32\*.* /S /MD5
      %systemroot%\assembly\GAC_64\*.* /S /MD5
    6. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    7. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    8. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.

    TDSSKiller Scan
    1. Please download TDSSKiller and save it to your Desktop.
    2. Double-click on TDSSKiller.exe (Right-click and select Run as administrator if Windows Vista or 7) to launch it.
    3. Click on Change parameters
      • Check Detect TDLFS file system
      • Click OK
    4. Click on Start Scan, The scan will run.
    5. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    6. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    7. To find the log go to Start > Computer > C:
    8. Post the contents of that log in your next reply please.
      DO NOT TRY TO FIX ANYTHING AT THIS POINT


    Unfortunately no scanner can detect everything, But also MBAM isn't an Anti-Virus, It's meant to be used alongside an Anti-virus.
    So no, MBAM alone wouldn't be enough.
    Here's a great guide I recommend you read to be more secure. http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766

    Yes that will work, If you reformat your hard drive and install windows that should remove any malware on your computer.
    It will also erase any data and files on your computer so make sure you have everything you want to keep backed up.

    If you haven't accessed them from the infected computer they may be fine, But it would be best to change them to be on the safe side.
     
  10. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    Wow! Thanks for the speedy reply! I'll get those downloaded and run them some time tonight! thanks again for checking, but so far no symptoms as I can tell (none like on my laptop) and well i'm doing that I will check out your article. If the reformating doesn't work (aka the disc that i have was not intended for it or isn't working or i just have the wrong disc) I am wondering if u would be able to walk me through cleaning the memory my self? thanks again, hope ur haven a good start to the weekend!
     
  11. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    I would be happy to help attempt to remove the malware, Just remember that the computer can never fully be trusted without reformatting and reinstalling windows.
     
  12. frodostwin123

    frodostwin123 Thread Starter

    Joined:
    Jun 18, 2009
    Messages:
    11
    no worries. I went ahead with something else and reformatted and reinstalled windows, but it seems that it did not delete all the old windows files...it just saved them in a file old windows. I went ahead and started deleting it but it has a few files it says I can't delete...any input on that? (sorry if this thread is trailling on. If i need to start a new one its fine, but since u have been here for the full debacle I figure'ld this would be easier for both of us)
     
  13. Gizzy

    Gizzy Malware Specialist

    Joined:
    Aug 2, 2005
    Messages:
    3,832
    No problem, it's fine. :)

    Let's try this,

    Note: These instructions are for Windows Vista, If you now have a different version installed and these instructions don't work let me know.
    1. Click the Start button, then type Disk Cleanup in the search box, in the list of results, click Disk Cleanup.
      If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you installed windows on, and then click OK.
    2. In the Disk Cleanup window click the Clean up system files. button
      If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    3. Check the box next to Previous Windows installation(s), and then click OK.
    4. In the window that appears, click Delete Files.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1065970