Author Topic: [Resolved K]dds  (Read 8601 times)

0 Members and 1 Guest are viewing this topic.

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #30 on: March 30, 2012, 03:08:50 pm »
Thank you for your effort and time. I will donate something, I am getting by on a disabilty pension so I don't have much money to work with.
Gary Ryan

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #31 on: March 30, 2012, 04:21:04 pm »
Hiya Gary,

You do not have to donate if money is tight, we are here to help. I had not heard from you for awhile and thought your thread had gone stale. If you still have issues let me know and we`ll continue....

I`ll re-mark your thread in progress...

Kevin  :t
« Last Edit: April 01, 2012, 02:28:34 am by kevinf80 »

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #32 on: April 01, 2012, 09:41:56 pm »
I had money in Paypal so I donated $20. I wish it could have been more.
The problem is in both Chrome and IE 8. Some web pages seem to load slowly and the cursor doesn't work until the process is finished. I did disable some startups and services in configsys when I got the virus. On startup, I was getting a virus removal service that wanted me to do scans because harddrive was about to fail. I disabled the things that I thougt were responsible and it removed the problem. I wonder if I disabled something important in the process?
Thank You,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #33 on: April 02, 2012, 02:06:46 am »
Hiya Gary,

Thanks for the very kind and generous donation, i`m sure the admins will be very appreciative.

OK lets have another look at what is running on your system and take it from there, do the following:

Step 1

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

Download OTL to your desktop.
Alternative Link 1
Alternative Link 2
Alternative Link3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).

•   Please check the box next to "LOP check" and “Purtiy check”
•   Click Run Scan and let the program run uninterrupted.
•   When the scan is complete, two text files will be created on your Desktop.
•   OTL.Txt <- this one will be opened
•   Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

OTL logs can be long and may exceed forum character limits, if that happens either split the logs and use multiple replies, or, Zip the files up and attach them...

Thanks,

Kevin...

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #34 on: April 03, 2012, 12:06:37 pm »


This is the copy of the Checkup file.
Thank you, Gary

 Results of screen317's Security Check version 0.99.32 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:

 Windows Firewall Enabled! 
 AVG 2012     
 AVG Security Toolbar   
 AVG 2012     
 ESET Online Scanner v3   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 Out of date Spybot installed!
 Ad-Aware
 Spybot - Search & Destroy 1.5.2.20
 Spybot - Search & Destroy
 Java(TM) 6 Update 24 
 Java(TM) SE Runtime Environment 6
 Java version out of date!
  Adobe Flash Player    10.0.32.18 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of date!
 Mozilla Firefox (for..)
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
``````````End of Log````````````

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #35 on: April 03, 2012, 12:19:02 pm »
OTL Extras logfile created on: 4/3/2012 1:27:09 AM - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Gary\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.23 Gb Available Physical Memory | 11.29% Memory free
4.23 Gb Paging File | 2.09 Gb Available in Paging File | 49.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 190.13 Gb Free Space | 66.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.22 Gb Free Space | 62.23% Space Free | Partition Type: NTFS
 
Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D63758-3D11-42E5-8485-9202B5ECAE20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{07EA6F3A-2E5F-413D-A708-B72D97560FF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D453828-F5B0-4564-A922-0D5C85FC90F6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21036BC5-8C85-4E5D-A349-D4F28FD6E60E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B5CE647-86DF-4EE2-9D7B-A7A78862A246}" = rport=445 | protocol=6 | dir=out | app=system |
"{372A21CD-6215-4996-B2FB-DA192BB6678D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CE1C44D-268D-472F-A345-B9FCCD9C0E41}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3F567C31-6193-4796-8FC0-392C20768C0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F8AE833-CF4C-4170-9F57-0A50A1A6144F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43CB3849-1D6D-4479-B8A5-D6555650A943}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{47F2B543-7F3C-4356-A49E-2B82887EBA92}" = lport=445 | protocol=6 | dir=in | app=system |
"{695C01C4-442B-4161-B71D-79CA638B0A31}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6C7ED51D-F5D8-4731-A6C5-BF1273AF149D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C9D50D5-E6C9-44C9-BD7D-5DE32506FA3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{829C8672-F000-4BB6-B2ED-41BAD5159DF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D83A3B-D407-4554-B90C-A2F956AF3F18}" = rport=139 | protocol=6 | dir=out | app=system |
"{B1215513-49F8-430F-AF1C-C3210D4423F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C46155E4-DC13-4729-B463-4050C3EA3299}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C95E1A3C-68DE-427E-ACE0-640BDB628F24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE639C6B-E9CB-4154-B97A-2A50F0A00AEE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9634F0D-D57D-4A18-9280-C530226CA679}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA428378-9587-4279-B9A5-92094CEC3112}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA52D35A-3EAE-4336-B26C-E906F54961D4}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1B7AB5-C0D8-4E17-8DDF-083CD5A0D4B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CE0341F-9352-4EED-9809-80AF26C90009}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0CFCFB50-D2D1-462D-B9AD-F9A36FAB2D8B}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"{0F547DF6-7ACA-4482-B494-4937AAADED9B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{179E773E-946E-45D6-986E-D9ADB2743572}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{25B09C83-7C05-48B0-AF6C-057E6078280B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{2B156F5F-82A5-4360-B24A-A7DB1EB270E9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2BFC60CC-FF80-4D9A-A938-6390ECA9D3D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2BFE6964-4052-4D7C-A9AB-FEC57ED5898E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{37612C9B-4E70-458E-84B6-29956FC34CEC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385436E5-7313-480D-97B2-8BA2AF6BA9DD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C1E93E2-45E2-4B01-A956-940AB054AB03}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3EAF53DF-2388-45F7-8B80-4DA6A058E17A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3F888BD6-BCA5-40CA-9288-73C4FED9AF24}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{430B2868-7AD5-4DDE-A82B-C11A1448AFCC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{459B703F-E0DD-4CBC-9C3D-A7805EBC8897}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4903F85D-7590-439F-A838-99CFE472B712}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4B3FED8F-ABD6-445F-A538-70A3F0525A2A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4DC05CD8-30B9-4B17-976B-13C73DA0D149}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgamesd.exe |
"{536FB3DB-C990-4977-AB41-53C1F8B32C6F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5733A4BA-D6C1-489A-8820-3A8B999ABA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A100D2-64A4-4C69-AED3-A7247167844F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{5B818319-1545-456C-AC02-52D7D18DECDD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{699930D1-CCD0-4CDD-96A5-7BB65DEA1781}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CEF75CC-9D31-4919-96D0-9BAC5B13FC6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{6D86B373-8B0F-41F6-81A6-4CC9A423B2EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{73DFCA51-F199-41D9-948E-E7D14F534704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{78770343-BBEC-401E-90FE-D42DBE1FBC46}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{78B99368-D471-4D34-89EF-0791DC93D908}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7D91ADC3-6223-43FC-9E2F-FA49D758BEFE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{849DB3A3-393F-4C5A-8E7E-D793C3405FAB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{87E5AD3C-475A-453D-98A5-488C2ACF88FF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{88984F63-88AB-477E-89D0-18122242D3F5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{889D60CF-BA6B-4F07-B4F3-3EB20D836D46}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8C5F6FD2-EECF-41A0-BE6E-ACD7D84BEC38}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9E78DF09-1BC7-4198-9CAC-B1337BA20221}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F223C1A-5017-49B1-865A-50E1366BACB6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{A2689449-77E1-473A-9889-740EF37C2A32}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgamesd.exe |
"{A626634B-F155-4D2C-988C-0EFC3D4E9EE4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B1236102-51B9-4C7F-813E-05AA24592850}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\update\update.exe |
"{B181A806-3606-4131-8B98-9A316546AA51}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B2BC2CCE-CF30-4F56-B495-7668D7F96AD7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B738879B-6CE3-4A23-BA78-549E20DD827E}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"{C8876DAE-4B43-4294-85E2-A95786425B90}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C9DE18B3-BA62-4439-BD7A-62859923AB8A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CD5C372D-15BC-4D5F-8580-C2F70DB3833B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D71D4327-8D65-4E9F-83E8-36509EB011C5}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10c\faxrx.exe |
"{D948774A-4671-40CA-9877-BEE5ED6F752E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D94C5660-A850-49FF-AE0C-B07054809A30}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{DB99276C-8D54-40AE-A061-AAC6CCA77EB8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10c\faxrx.exe |
"{E640D6A3-35CC-4B4C-BE81-CB7C0640B4A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{EB571CFD-9F9A-435A-98FB-221BE1A12742}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F0567588-8B07-4082-A4DB-F9EC553329FF}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F80E4C98-D964-41F9-B143-26CE15DE911A}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FAAEE581-CCB1-4B6C-942E-1655D6EB5018}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\update\update.exe |
"{FE9626C8-35C6-491B-AA1A-A0B98E8E8D5A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{118CA222-492B-44D1-BFF4-24EF0A80B8EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{15FC5A37-6DE0-4D77-89AD-7478EA13AEF5}C:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe" = protocol=6 | dir=in | app=c:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe |
"TCP Query User{18817744-A19E-4BF4-B548-5793B7588C9A}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{2657AD16-2988-4BFD-B793-371B3290FCD8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{450AE827-0273-49DF-971E-AD2AA5916417}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{4775AE8D-7A84-416B-87F4-31B7F8EEADFF}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"TCP Query User{5088D84D-90DF-4C89-8A2D-7F81829F9F89}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6C304D2B-12EB-474B-88F9-73BF21D3E597}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"TCP Query User{9EF09CC3-C80D-41C9-ADDE-894A62C5BFB1}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{9F9C5FF7-8F44-42A7-9F0F-952515AD055D}C:\program files\tencent\qq games\qqgames.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"TCP Query User{A5AD5EEE-B965-4BCC-85F3-7BF8CE186BFB}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"TCP Query User{A75124F0-7C47-4CE2-80E8-80E5A8D4F146}C:\program files\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe |
"TCP Query User{AC1B3F48-A508-441B-A1F6-3843970216EC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AF94B1AD-BDFA-4E27-8D88-06CE503FF237}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CAA6AB6B-6C45-492F-AC10-B2099C232222}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D8022825-6B44-4122-A1FE-9EB375388617}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F2B0C1FC-D342-4F2C-845B-320D55958F36}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"TCP Query User{F481C2E5-CD05-4D6A-814A-41E348594794}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"UDP Query User{0CB20921-29DA-4A04-974B-200C07C26B75}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1DA47D16-55DE-4A25-AED2-FCAC7BE92D5B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{25FE46A7-351B-4F33-8D07-8B83CFAB5486}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"UDP Query User{37259A8D-37D8-4051-8EA4-FDAAA9C551F2}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"UDP Query User{49C64DBC-6AEC-4AF3-86AB-CAC10D89F5BA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{69B2C496-C843-421C-B2FE-1104EF16E217}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{6AEEA466-3DC2-490E-8C17-4ACACDD6C162}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"UDP Query User{838469EF-8636-4F5A-B07E-0A198E2ADF1E}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{83EC7EFF-E530-47B0-9AC9-651907290BF1}C:\program files\tencent\qq games\qqgames.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"UDP Query User{90A6900B-1E2F-474A-AD77-C5FD238B8804}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"UDP Query User{92F6116D-7D0E-4400-A5C3-CC9B87031BF0}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{972D334E-2CA9-4482-B40D-D5A9F675CAB3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{97E9B6ED-4B8E-4BB3-97C7-13873CF884FB}C:\program files\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe |
"UDP Query User{D1CA005E-6148-4F50-A39C-E9F7638D14A2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DA796158-A939-4A30-8DF6-292454EE45C4}C:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe" = protocol=17 | dir=in | app=c:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe |
"UDP Query User{E04C429F-3B42-42DA-BF59-0DE54D24AED4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E17C5FEA-2040-4EEA-9DFF-380EF6322F80}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{F523FEEB-BA9B-4BB1-B53A-9C7C6AABA1F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{044100C0-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Reference Library 2004
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB2C255-EC9C-4595-904B-791CD81ED641}" = Before You Know It 3.6
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.3
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D0BD79C-F8DA-4803-9C23-55480D769704}" = datasafeupdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AAD0AD0-99DB-4C13-9796-D4205949B447}" = Scrabble 2
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3AE0EAFD-19A8-49F1-86E0-7B35AC086BAB}" = Languages of the World
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2F517-3EAC-4155-A832-EA969628FEC1}" = Iron Storm
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40FCE82A-184B-4317-A6AD-3E2E4C29021E}" = Languages of the World
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E0EF17B-B9F2-4847-9E9D-DAB9E4F24E66}" = Classic PhoneTools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88739060-F683-11D3-B761-00105AD153C3}" = Compaq A3000
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9ADABEC9-B641-488A-00AE-50FC9D99CA4F}" = F1 2001
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52415E5-CA1E-44DE-9EDC-D412F31D271C}" = Google Photos Screensaver
"{A5C16084-032F-4A6D-B19A-2E700421F9FB}" = Microsoft WorldWide Telescope
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A8B87CE9-600A-11D5-888A-005004D128A9}" = Pearl Harbor Attack Attack!
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF582B4-8C23-494B-ABC3-F6F00329F5E0}" = Diskeeper 2008 Home
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{C2822F00-B27F-11D5-850E-0001022E985C}" = Alcatraz - Prison Escape
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}" = ArcSoft MediaImpression
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5534332-3AA5-4521-A08A-6EE1EDCF10E6}" = Webster's World Encyclopedia 2004
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1E1FE0-2ECC-40B0-B759-57D7A2BF31FD}" = Typing Made Easy!
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D Cad Studio" = 3D Cad Studio
"Ad-Aware" = Ad-Aware
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AIMTunes" = AIMTunes
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"BattleshipDeinstKey" = Battleship
"Belarc Advisor" = Belarc Advisor 8.2
"Berlitz" = Berlitz
"BFGC" = Big Fish Games Client
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Captain Keyboard" = Captain Keyboard
"Cataclysm" = Cataclysm
"Chessmaster 9000" = Chessmaster 9000
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CToolbar_UNINSTALL" = Crawler Toolbar
"Dell Support Center" = Dell Support Center
"ESET Online Scanner" = ESET Online Scanner v3
"EverQuest" = EverQuest
"F15" = F15
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GrammarPro" = GrammarPro
"Hammond Atlas of the World" = Hammond Atlas of the World
"Hurricane 1.0_is1" = Hurricane 1.0
"Hurricanes" = Hurricanes Screen Saver
"Hurricanes_is1" = Hurricanes
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InterActual Player" = InterActual Player
"Jetcast" = Jetcast 3.2.4
"JetFighter IV" = JetFighter IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MissionMan" = MissionMan
"Modern Age Books." = Modern Age Books
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Network Play System (Patching)" = Network Play System (Patching)
"nexusbar" = NexusBar
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 12.0" = RealPlayer
"Red Baron II" = Red Baron II
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"SdustWC1_is1" = Stardust Wallpaper Control 2003 (1.0.0.4)
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpanishNow!" = SpanishNow!
"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"The Sims" = The Sims
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/1/2012 11:33:38 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:38.984]: [00002480]: ##### Fatal ERROR!!
 Create STI-device failed! ##### 
 
Error - 4/1/2012 11:33:38 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:38.984]: [00002480]: Initialize TwdsMain
 Class failed! 
 
Error - 4/1/2012 11:33:49 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:49.566]: [00002480]: ##### Fatal ERROR!!
 Create STI-device failed! ##### 
 
Error - 4/1/2012 11:33:49 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:49.566]: [00002480]: Initialize TwdsMain
 Class failed! 
 
Error - 4/2/2012 7:20:21 PM | Computer Name = Gary-PC | Source = Perflib | ID = 1008
Description =
 
Error - 4/2/2012 7:20:21 PM | Computer Name = Gary-PC | Source = Perflib | ID = 1010
Description =
 
Error - 4/2/2012 7:22:13 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:13.763]: [00001456]: ##### Fatal ERROR!!
 Create STI-device failed! ##### 
 
Error - 4/2/2012 7:22:13 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:13.763]: [00001456]: Initialize TwdsMain
 Class failed! 
 
Error - 4/2/2012 7:22:39 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:39.699]: [00001456]: ##### Fatal ERROR!!
 Create STI-device failed! ##### 
 
Error - 4/2/2012 7:22:39 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:39.699]: [00001456]: Initialize TwdsMain
 Class failed! 
 
[ Media Center Events ]
Error - 12/21/2007 9:50:21 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 4/18/2008 5:37:15 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 5/24/2008 10:24:12 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 5/27/2008 5:40:21 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 6/2/2008 7:36:47 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 6/7/2008 5:50:05 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 9/12/2008 7:42:07 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 9/30/2008 7:36:36 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/27/2008 7:49:16 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 8/15/2009 5:27:23 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
This is the extras file,
Thank you,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #36 on: April 03, 2012, 02:16:08 pm »
Have you ot the main log from OTL, OTL.txt

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #37 on: April 03, 2012, 08:14:17 pm »
I think that I have zipped the file correctly. It was too long for the Reply.
Thank You,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #38 on: April 04, 2012, 01:52:08 am »
Re-Run   by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

Code: [Select]
:OTL
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
IE - HKLM\..\URLSearchHook: {a7347e8c-1ca6-469b-951e-4a23c4437935} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60186
IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm016YYus&ptnrS=XNxdm016YYus&ptb=67E1AB6E-AB04-438F-98F7-9DDF0D8E9C55&psa=&ind=2012021017&st=sb&n=77ed0119&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=XsmJsDOBCE46egsu-ysdz9FuF3w?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3026AD72-1177-4F08-AD08-16022016A4D4}&mid=900107179a79854d5ef76208ce9b02cf-4ebf563dee40240f55336aa775d6696c70bbafd1&lang=en&ds=AVG&pr=fr&d=2011-09-27 21:01:08&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80117&lng=en
IE - HKCU\..\SearchScopes\Live Search: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=en-US&FORM=MIMWA1
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2012/02/19 01:08:04 | 000,000,000 | ---D | M]
[2012/02/14 18:11:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/14 18:11:31 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com
File not found (No name found) -- C:\PROGRAM FILES\WEATHERBLINK\BAR\1.BIN
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 781 bytes -> C:\Users\Gary\Desktop\Windowa Live Messenger.eml:OECustomProperty
@Alternate Data Stream - 757 bytes -> C:\Users\Gary\Documents\consent form.jnt:OECustomProperty
@Alternate Data Stream - 757 bytes -> C:\Users\Gary\Documents\consent form.eml:OECustomProperty
@Alternate Data Stream - 741 bytes -> C:\Users\Gary\Desktop\house pics.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\Gary\Documents\puppet.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\Gary\Desktop\Message 1.eml:OECustomProperty
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:6F1F66C0
:Files
ipconfig /flushdns /c
C:\ProgramData\~zPMKqiO19RA7Kur
C:\ProgramData\~zPMKqiO19RA7Ku
:commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
What i`d like in your reply:

  • Log from OTL fix
  • Log from OTL quick scan

Kevin

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #39 on: April 05, 2012, 05:51:37 pm »
This is the OTL moved files.
Thank You,
Gary

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a7347e8c-1ca6-469b-951e-4a23c4437935} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7347e8c-1ca6-469b-951e-4a23c4437935}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
C:\Program Files\Inbox Toolbar\Inbox.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ not found.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com\META-INF folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com\components folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com\chrome folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
C:\Program Files\Crawler\Toolbar\ctbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2E5E800E-6AC0-411E-940A-369530A35E43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
C:\Windows\System32\TwcToolbarIe7.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Users\Gary\Desktop\Windowa Live Messenger.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Documents\consent form.jnt:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Documents\consent form.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Desktop\house pics.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Documents\puppet.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Desktop\Message 1.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:6F1F66C0 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gary\Desktop\cmd.bat deleted successfully.
C:\Users\Gary\Desktop\cmd.txt deleted successfully.
C:\ProgramData\~zPMKqiO19RA7Kur moved successfully.
C:\ProgramData\~zPMKqiO19RA7Ku moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gary
->Temp folder emptied: 16121756 bytes
->Temporary Internet Files folder emptied: 113426134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 359981886 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 512 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: RYANPC-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 282615 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 871054 bytes
 
Total Files Cleaned = 468.00 mb
 

 
OTL by OldTimer - Version 3.2.39.1 log created on 04042012_140140

Files\Folders moved on Reboot...
C:\Users\Gary\AppData\Local\Temp\Low\~DFA9C.tmp moved successfully.
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8672.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8677.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF868C.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8691.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF869F.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86A4.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86B2.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86D5.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86F8.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8731.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF874B.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8758.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF876F.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8778.tmp not found!
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #40 on: April 05, 2012, 06:04:54 pm »
This is the zip fille.
Thank you,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #41 on: April 06, 2012, 01:27:02 am »
How is your system responding, any improvement?

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #42 on: April 06, 2012, 01:12:40 pm »
It seems that when I am on the internet with either Chrome or Explorer, It slows down. When I get a reply from a website or on E-mail, the cursor stops until whatever is loading is finished. It runs really slow. If I use my regular applications outside of the internet, everything is fine. On the internet, my hardrive is constantly running. I wonder if this is a bot machine sending out spam.
Thank you,
Gary

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7363
Re: [Resolved K]dds
« Reply #43 on: April 06, 2012, 01:30:33 pm »
Ok lets have a more indepth look at your system,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur

Altenative mirror

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
Temporarily disable Security
 
Do not use your computer for anything else during the scan.
  • Double click GMER.exe.

  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO
    Then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)


      Click the image to enlarge it

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" 
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please copy and paste the report into your Post.

Kevin

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #44 on: April 07, 2012, 08:57:17 pm »
This is the Gmer scan. Sometimes when I leave the computer for a while, it is at the login screen. When I log in, there is an error message that there was a windows shutdown.
Thank you,
Gary


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 22:42:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.ADG
Running: gmer.exe; Driver: C:\Users\Gary\AppData\Local\Temp\pxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xA02D6F3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xA02D6FE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xA02D7080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xA02D711C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                               83AC6B74 4 Bytes  [3C, 6F, 2D, A0]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                               83AC6DA4 8 Bytes  [E4, 6F, 2D, A0, 80, 70, 2D, ...]
.text           ntkrnlpa.exe!KeSetEvent + 681                                                                                               83AC6E04 4 Bytes  [1C, 71, 2D, A0]
.text           ataport.SYS!AtaPortGetScatterGatherList + A3C                                                                               807A7A2C 1 Byte  [CC] {INT 3 }

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[580] kernel32.dll!CreateThread                                              761ACB2E 5 Bytes  JMP 6CB17303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogParamW                                          769172A2 5 Bytes  JMP 6CCA66A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!GetAsyncKeyState                                            7691863C 5 Bytes  JMP 6CAFDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SetWindowsHookExW                                           769187AD 5 Bytes  JMP 6CB52194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CallNextHookEx                                              76918E3B 5 Bytes  JMP 6CB77BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!UnhookWindowsHookEx                                         769198DB 5 Bytes  JMP 6CB9EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!EnableWindow                                                7691CD8B 5 Bytes  JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DefWindowProcA                                              7691DB88 7 Bytes  JMP 6CB1952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateWindowExA                                             7691DC2A 5 Bytes  JMP 6CB23363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateWindowExW                                             76921305 5 Bytes  JMP 6CB7FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!GetKeyState                                                 76928CB1 5 Bytes  JMP 6CAFDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DefWindowProcW                                              769303B4 7 Bytes  JMP 6CB77C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!IsDialogMessageW                                            76930745 5 Bytes  JMP 6CCA6E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogParamA                                          769317AA 5 Bytes  JMP 6CCA6668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!IsDialogMessage                                             76931847 2 Bytes  JMP 6CCA6DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!IsDialogMessage + 3                                         7693184A 2 Bytes  [37, F6]
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogIndirectParamA                                  769326F1 5 Bytes  JMP 6CCA66D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogIndirectParamW                                  76939A62 5 Bytes  JMP 6CCA6710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SetKeyboardState                                            76940987 5 Bytes  JMP 6CCA76D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxParamW                                             769410B0 5 Bytes  JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxIndirectParamW                                     76942EF5 5 Bytes  JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SendInput                                                   76942F75 5 Bytes  JMP 6CCA7679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!EndDialog                                                   7694326E 5 Bytes  JMP 6CCA70B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SetCursorPos                                                76956FB2 5 Bytes  JMP 6CCA7752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxParamA                                             76958152 5 Bytes  JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxIndirectParamA                                     7695847D 5 Bytes  JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxIndirectA                                         7696D4D9 5 Bytes  JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxIndirectW                                         7696D5D3 5 Bytes  JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxExA                                               7696D639 5 Bytes  JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxExW                                               7696D65D 5 Bytes  JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!keybd_event                                                 7696D972 5 Bytes  JMP 6CCA7636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] SHELL32.dll!SHRestricted + D95                                         756C89A8 4 Bytes  [CF, 01, 7E, 6B] {IRET ; ADD [ESI+0x6b], EDI}
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] SHELL32.dll!SHRestricted + D9D                                         756C89B0 8 Bytes  [E0, 61, 7D, 6B, 79, F7, 7D, ...] {LOOPNZ 0x63; JGE 0x6f; JNS 0xfffffffffffffffd; JGE 0x73}
.text           C:\Program Files\Internet Explorer\iexplore.exe[580] ole32.dll!OleLoadFromStream                                            767E1E80 5 Bytes  JMP 6CCA6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!EnableWindow                                               7691CD8B 5 Bytes  JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxParamW                                            769410B0 5 Bytes  JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxIndirectParamW                                    76942EF5 5 Bytes  JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxParamA                                            76958152 5 Bytes  JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxIndirectParamA                                    7695847D 5 Bytes  JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxIndirectA                                        7696D4D9 5 Bytes  JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxIndirectW                                        7696D5D3 5 Bytes  JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxExA                                              7696D639 5 Bytes  JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxExW                                              7696D65D 5 Bytes  JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Real\realplayer\Update\realsched.exe[2796] kernel32.dll!SetUnhandledExceptionFilter                        7618A8C5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] kernel32.dll!CreateThread                                             761ACB2E 5 Bytes  JMP 6CB17303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogParamW                                         769172A2 5 Bytes  JMP 6CCA66A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!GetAsyncKeyState                                           7691863C 5 Bytes  JMP 6CAFDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SetWindowsHookExW                                          769187AD 5 Bytes  JMP 6CB52194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CallNextHookEx                                             76918E3B 5 Bytes  JMP 6CB77BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!UnhookWindowsHookEx                                        769198DB 5 Bytes  JMP 6CB9EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!EnableWindow                                               7691CD8B 5 Bytes  JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DefWindowProcA                                             7691DB88 7 Bytes  JMP 6CB1952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateWindowExA                                            7691DC2A 5 Bytes  JMP 6CB23363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateWindowExW                                            76921305 5 Bytes  JMP 6CB7FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!GetKeyState                                                76928CB1 5 Bytes  JMP 6CAFDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DefWindowProcW                                             769303B4 7 Bytes  JMP 6CB77C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!IsDialogMessageW                                           76930745 5 Bytes  JMP 6CCA6E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogParamA                                         769317AA 5 Bytes  JMP 6CCA6668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!IsDialogMessage                                            76931847 2 Bytes  JMP 6CCA6DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!IsDialogMessage + 3                                        7693184A 2 Bytes  [37, F6]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogIndirectParamA                                 769326F1 5 Bytes  JMP 6CCA66D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogIndirectParamW                                 76939A62 5 Bytes  JMP 6CCA6710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SetKeyboardState                                           76940987 5 Bytes  JMP 6CCA76D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxParamW                                            769410B0 5 Bytes  JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxIndirectParamW                                    76942EF5 5 Bytes  JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SendInput                                                  76942F75 5 Bytes  JMP 6CCA7679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!EndDialog                                                  7694326E 5 Bytes  JMP 6CCA70B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SetCursorPos                                               76956FB2 5 Bytes  JMP 6CCA7752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxParamA                                            76958152 5 Bytes  JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxIndirectParamA                                    7695847D 5 Bytes  JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxIndirectA                                        7696D4D9 5 Bytes  JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxIndirectW                                        7696D5D3 5 Bytes  JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxExA                                              7696D639 5 Bytes  JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxExW                                              7696D65D 5 Bytes  JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!keybd_event                                                7696D972 5 Bytes  JMP 6CCA7636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] SHELL32.dll!SHRestricted + D95                                        756C89A8 4 Bytes  [CF, 01, 7E, 6B] {IRET ; ADD [ESI+0x6b], EDI}
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] SHELL32.dll!SHRestricted + D9D                                        756C89B0 8 Bytes  [E0, 61, 7D, 6B, 79, F7, 7D, ...] {LOOPNZ 0x63; JGE 0x6f; JNS 0xfffffffffffffffd; JGE 0x73}
.text           C:\Program Files\Internet Explorer\iexplore.exe[5604] ole32.dll!OleLoadFromStream                                           767E1E80 5 Bytes  JMP 6CCA6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device          \Driver\BTHUSB \Device\0000008e                                                                                             bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\BTHUSB \Device\0000008c                                                                                             bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread          System [4:432]                                                                                                              8795539F
Thread          System [4:472]                                                                                                              882BA0F4

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd21a85                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd21a85@000761a880e4                                    0x6E 0xE2 0xEC 0xB3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd21a85@000761a2fdfb                                    0x5D 0xDA 0xE4 0xA9 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd21a85 (not active ControlSet)                             
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd21a85@000761a880e4                                        0xB1 0xBC 0x98 0x2D ...

---- EOF - GMER 1.0.15 ----