Author Topic: [Resolved K]dds (Read 4205 times)

rich1428 · « **Reply #30 on:** March 30, 2012, 03:08:50 PM »

Thank you for your effort and time. I will donate something, I am getting by on a disabilty pension so I don't have much money to work with.
Gary Ryan

kevinf80 · « **Reply #31 on:** March 30, 2012, 04:21:04 PM »

Hiya Gary,

You do not have to donate if money is tight, we are here to help. I had not heard from you for awhile and thought your thread had gone stale. If you still have issues let me know and we`ll continue....

I`ll re-mark your thread in progress...

Kevin

rich1428 · « **Reply #32 on:** April 01, 2012, 09:41:56 PM »

I had money in Paypal so I donated $20. I wish it could have been more.
The problem is in both Chrome and IE 8. Some web pages seem to load slowly and the cursor doesn't work until the process is finished. I did disable some startups and services in configsys when I got the virus. On startup, I was getting a virus removal service that wanted me to do scans because harddrive was about to fail. I disabled the things that I thougt were responsible and it removed the problem. I wonder if I disabled something important in the process?
Thank You,
Gary

kevinf80 · « **Reply #33 on:** April 02, 2012, 02:06:46 AM »

Hiya Gary,

Thanks for the very kind and generous donation, i`m sure the admins will be very appreciative.

OK lets have another look at what is running on your system and take it from there, do the following:

Step 1

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

Download OTL to your desktop.
Alternative Link 1
Alternative Link 2
Alternative Link3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).

•   Please check the box next to "LOP check" and “Purtiy check”
•   Click Run Scan and let the program run uninterrupted.
•   When the scan is complete, two text files will be created on your Desktop.
•   OTL.Txt <- this one will be opened
•   Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

OTL logs can be long and may exceed forum character limits, if that happens either split the logs and use multiple replies, or, Zip the files up and attach them...

Thanks,

Kevin...

rich1428 · « **Reply #34 on:** April 03, 2012, 12:06:37 PM »

This is the copy of the Checkup file.
Thank you, Gary

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
AVG Security Toolbar
AVG 2012
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Java version out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (for..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

rich1428 · « **Reply #35 on:** April 03, 2012, 12:19:02 PM »

OTL Extras logfile created on: 4/3/2012 1:27:09 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Gary\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.23 Gb Available Physical Memory | 11.29% Memory free
4.23 Gb Paging File | 2.09 Gb Available in Paging File | 49.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 190.13 Gb Free Space | 66.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.22 Gb Free Space | 62.23% Space Free | Partition Type: NTFS

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D63758-3D11-42E5-8485-9202B5ECAE20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{07EA6F3A-2E5F-413D-A708-B72D97560FF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D453828-F5B0-4564-A922-0D5C85FC90F6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21036BC5-8C85-4E5D-A349-D4F28FD6E60E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B5CE647-86DF-4EE2-9D7B-A7A78862A246}" = rport=445 | protocol=6 | dir=out | app=system |
"{372A21CD-6215-4996-B2FB-DA192BB6678D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CE1C44D-268D-472F-A345-B9FCCD9C0E41}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3F567C31-6193-4796-8FC0-392C20768C0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F8AE833-CF4C-4170-9F57-0A50A1A6144F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43CB3849-1D6D-4479-B8A5-D6555650A943}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{47F2B543-7F3C-4356-A49E-2B82887EBA92}" = lport=445 | protocol=6 | dir=in | app=system |
"{695C01C4-442B-4161-B71D-79CA638B0A31}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6C7ED51D-F5D8-4731-A6C5-BF1273AF149D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C9D50D5-E6C9-44C9-BD7D-5DE32506FA3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{829C8672-F000-4BB6-B2ED-41BAD5159DF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D83A3B-D407-4554-B90C-A2F956AF3F18}" = rport=139 | protocol=6 | dir=out | app=system |
"{B1215513-49F8-430F-AF1C-C3210D4423F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C46155E4-DC13-4729-B463-4050C3EA3299}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C95E1A3C-68DE-427E-ACE0-640BDB628F24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE639C6B-E9CB-4154-B97A-2A50F0A00AEE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9634F0D-D57D-4A18-9280-C530226CA679}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA428378-9587-4279-B9A5-92094CEC3112}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA52D35A-3EAE-4336-B26C-E906F54961D4}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1B7AB5-C0D8-4E17-8DDF-083CD5A0D4B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CE0341F-9352-4EED-9809-80AF26C90009}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0CFCFB50-D2D1-462D-B9AD-F9A36FAB2D8B}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"{0F547DF6-7ACA-4482-B494-4937AAADED9B}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{179E773E-946E-45D6-986E-D9ADB2743572}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{25B09C83-7C05-48B0-AF6C-057E6078280B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{2B156F5F-82A5-4360-B24A-A7DB1EB270E9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2BFC60CC-FF80-4D9A-A938-6390ECA9D3D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2BFE6964-4052-4D7C-A9AB-FEC57ED5898E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{37612C9B-4E70-458E-84B6-29956FC34CEC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{385436E5-7313-480D-97B2-8BA2AF6BA9DD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3C1E93E2-45E2-4B01-A956-940AB054AB03}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3EAF53DF-2388-45F7-8B80-4DA6A058E17A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3F888BD6-BCA5-40CA-9288-73C4FED9AF24}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{430B2868-7AD5-4DDE-A82B-C11A1448AFCC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{459B703F-E0DD-4CBC-9C3D-A7805EBC8897}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4903F85D-7590-439F-A838-99CFE472B712}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4B3FED8F-ABD6-445F-A538-70A3F0525A2A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4DC05CD8-30B9-4B17-976B-13C73DA0D149}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgamesd.exe |
"{536FB3DB-C990-4977-AB41-53C1F8B32C6F}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{5733A4BA-D6C1-489A-8820-3A8B999ABA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57A100D2-64A4-4C69-AED3-A7247167844F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{5B818319-1545-456C-AC02-52D7D18DECDD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{699930D1-CCD0-4CDD-96A5-7BB65DEA1781}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CEF75CC-9D31-4919-96D0-9BAC5B13FC6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{6D86B373-8B0F-41F6-81A6-4CC9A423B2EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{73DFCA51-F199-41D9-948E-E7D14F534704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{78770343-BBEC-401E-90FE-D42DBE1FBC46}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{78B99368-D471-4D34-89EF-0791DC93D908}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7D91ADC3-6223-43FC-9E2F-FA49D758BEFE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{849DB3A3-393F-4C5A-8E7E-D793C3405FAB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{87E5AD3C-475A-453D-98A5-488C2ACF88FF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{88984F63-88AB-477E-89D0-18122242D3F5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{889D60CF-BA6B-4F07-B4F3-3EB20D836D46}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{8C5F6FD2-EECF-41A0-BE6E-ACD7D84BEC38}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9E78DF09-1BC7-4198-9CAC-B1337BA20221}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F223C1A-5017-49B1-865A-50E1366BACB6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{A2689449-77E1-473A-9889-740EF37C2A32}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgamesd.exe |
"{A626634B-F155-4D2C-988C-0EFC3D4E9EE4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B1236102-51B9-4C7F-813E-05AA24592850}" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\update\update.exe |
"{B181A806-3606-4131-8B98-9A316546AA51}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B2BC2CCE-CF30-4F56-B495-7668D7F96AD7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B738879B-6CE3-4A23-BA78-549E20DD827E}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"{C8876DAE-4B43-4294-85E2-A95786425B90}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C9DE18B3-BA62-4439-BD7A-62859923AB8A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CD5C372D-15BC-4D5F-8580-C2F70DB3833B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D71D4327-8D65-4E9F-83E8-36509EB011C5}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10c\faxrx.exe |
"{D948774A-4671-40CA-9877-BEE5ED6F752E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D94C5660-A850-49FF-AE0C-B07054809A30}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{DB99276C-8D54-40AE-A061-AAC6CCA77EB8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10c\faxrx.exe |
"{E640D6A3-35CC-4B4C-BE81-CB7C0640B4A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{EB571CFD-9F9A-435A-98FB-221BE1A12742}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F0567588-8B07-4082-A4DB-F9EC553329FF}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{F80E4C98-D964-41F9-B143-26CE15DE911A}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FAAEE581-CCB1-4B6C-942E-1655D6EB5018}" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\update\update.exe |
"{FE9626C8-35C6-491B-AA1A-A0B98E8E8D5A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{118CA222-492B-44D1-BFF4-24EF0A80B8EB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{15FC5A37-6DE0-4D77-89AD-7478EA13AEF5}C:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe" = protocol=6 | dir=in | app=c:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe |
"TCP Query User{18817744-A19E-4BF4-B548-5793B7588C9A}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{2657AD16-2988-4BFD-B793-371B3290FCD8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{450AE827-0273-49DF-971E-AD2AA5916417}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{4775AE8D-7A84-416B-87F4-31B7F8EEADFF}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"TCP Query User{5088D84D-90DF-4C89-8A2D-7F81829F9F89}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6C304D2B-12EB-474B-88F9-73BF21D3E597}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"TCP Query User{9EF09CC3-C80D-41C9-ADDE-894A62C5BFB1}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{9F9C5FF7-8F44-42A7-9F0F-952515AD055D}C:\program files\tencent\qq games\qqgames.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"TCP Query User{A5AD5EEE-B965-4BCC-85F3-7BF8CE186BFB}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"TCP Query User{A75124F0-7C47-4CE2-80E8-80E5A8D4F146}C:\program files\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe |
"TCP Query User{AC1B3F48-A508-441B-A1F6-3843970216EC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AF94B1AD-BDFA-4E27-8D88-06CE503FF237}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CAA6AB6B-6C45-492F-AC10-B2099C232222}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D8022825-6B44-4122-A1FE-9EB375388617}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F2B0C1FC-D342-4F2C-845B-320D55958F36}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"TCP Query User{F481C2E5-CD05-4D6A-814A-41E348594794}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"UDP Query User{0CB20921-29DA-4A04-974B-200C07C26B75}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1DA47D16-55DE-4A25-AED2-FCAC7BE92D5B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{25FE46A7-351B-4F33-8D07-8B83CFAB5486}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe |
"UDP Query User{37259A8D-37D8-4051-8EA4-FDAAA9C551F2}C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe |
"UDP Query User{49C64DBC-6AEC-4AF3-86AB-CAC10D89F5BA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{69B2C496-C843-421C-B2FE-1104EF16E217}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{6AEEA466-3DC2-490E-8C17-4ACACDD6C162}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"UDP Query User{838469EF-8636-4F5A-B07E-0A198E2ADF1E}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{83EC7EFF-E530-47B0-9AC9-651907290BF1}C:\program files\tencent\qq games\qqgames.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq games\qqgames.exe |
"UDP Query User{90A6900B-1E2F-474A-AD77-C5FD238B8804}C:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\ctpdpsrv.exe |
"UDP Query User{92F6116D-7D0E-4400-A5C3-CC9B87031BF0}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{972D334E-2CA9-4482-B40D-D5A9F675CAB3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{97E9B6ED-4B8E-4BB3-97C7-13873CF884FB}C:\program files\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files\xfire\ua_lsp_inst.exe |
"UDP Query User{D1CA005E-6148-4F50-A39C-E9F7638D14A2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DA796158-A939-4A30-8DF6-292454EE45C4}C:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe" = protocol=17 | dir=in | app=c:\program files\infogrames interactive\scrabble 2\scrabble v2.0.exe |
"UDP Query User{E04C429F-3B42-42DA-BF59-0DE54D24AED4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E17C5FEA-2040-4EEA-9DFF-380EF6322F80}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{F523FEEB-BA9B-4BB1-B53A-9C7C6AABA1F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{044100C0-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Reference Library 2004
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB2C255-EC9C-4595-904B-791CD81ED641}" = Before You Know It 3.6
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.3
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D0BD79C-F8DA-4803-9C23-55480D769704}" = datasafeupdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AAD0AD0-99DB-4C13-9796-D4205949B447}" = Scrabble 2
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3AE0EAFD-19A8-49F1-86E0-7B35AC086BAB}" = Languages of the World
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE2F517-3EAC-4155-A832-EA969628FEC1}" = Iron Storm
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40FCE82A-184B-4317-A6AD-3E2E4C29021E}" = Languages of the World
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{570C2A84-A145-4DF0-AE9D-012584DF09DC}" = SPCA1528 PC Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E0EF17B-B9F2-4847-9E9D-DAB9E4F24E66}" = Classic PhoneTools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88739060-F683-11D3-B761-00105AD153C3}" = Compaq A3000
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9ADABEC9-B641-488A-00AE-50FC9D99CA4F}" = F1 2001
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52415E5-CA1E-44DE-9EDC-D412F31D271C}" = Google Photos Screensaver
"{A5C16084-032F-4A6D-B19A-2E700421F9FB}" = Microsoft WorldWide Telescope
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A8B87CE9-600A-11D5-888A-005004D128A9}" = Pearl Harbor Attack Attack!
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF582B4-8C23-494B-ABC3-F6F00329F5E0}" = Diskeeper 2008 Home
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{C2822F00-B27F-11D5-850E-0001022E985C}" = Alcatraz - Prison Escape
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}" = ArcSoft MediaImpression
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5534332-3AA5-4521-A08A-6EE1EDCF10E6}" = Webster's World Encyclopedia 2004
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1E1FE0-2ECC-40B0-B759-57D7A2BF31FD}" = Typing Made Easy!
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D Cad Studio" = 3D Cad Studio
"Ad-Aware" = Ad-Aware
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AIMTunes" = AIMTunes
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"BattleshipDeinstKey" = Battleship
"Belarc Advisor" = Belarc Advisor 8.2
"Berlitz" = Berlitz
"BFGC" = Big Fish Games Client
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Captain Keyboard" = Captain Keyboard
"Cataclysm" = Cataclysm
"Chessmaster 9000" = Chessmaster 9000
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CToolbar_UNINSTALL" = Crawler Toolbar
"Dell Support Center" = Dell Support Center
"ESET Online Scanner" = ESET Online Scanner v3
"EverQuest" = EverQuest
"F15" = F15
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GrammarPro" = GrammarPro
"Hammond Atlas of the World" = Hammond Atlas of the World
"Hurricane 1.0_is1" = Hurricane 1.0
"Hurricanes" = Hurricanes Screen Saver
"Hurricanes_is1" = Hurricanes
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InterActual Player" = InterActual Player
"Jetcast" = Jetcast 3.2.4
"JetFighter IV" = JetFighter IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MissionMan" = MissionMan
"Modern Age Books." = Modern Age Books
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Network Play System (Patching)" = Network Play System (Patching)
"nexusbar" = NexusBar
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 12.0" = RealPlayer
"Red Baron II" = Red Baron II
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"SdustWC1_is1" = Stardust Wallpaper Control 2003 (1.0.0.4)
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpanishNow!" = SpanishNow!
"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"The Sims" = The Sims
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2012 11:33:38 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:38.984]: [00002480]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 4/1/2012 11:33:38 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:38.984]: [00002480]: Initialize TwdsMain
Class failed!

Error - 4/1/2012 11:33:49 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:49.566]: [00002480]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 4/1/2012 11:33:49 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/01 23:33:49.566]: [00002480]: Initialize TwdsMain
Class failed!

Error - 4/2/2012 7:20:21 PM | Computer Name = Gary-PC | Source = Perflib | ID = 1008
Description =

Error - 4/2/2012 7:20:21 PM | Computer Name = Gary-PC | Source = Perflib | ID = 1010
Description =

Error - 4/2/2012 7:22:13 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:13.763]: [00001456]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 4/2/2012 7:22:13 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:13.763]: [00001456]: Initialize TwdsMain
Class failed!

Error - 4/2/2012 7:22:39 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:39.699]: [00001456]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 4/2/2012 7:22:39 PM | Computer Name = Gary-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/04/02 19:22:39.699]: [00001456]: Initialize TwdsMain
Class failed!

[ Media Center Events ]
Error - 12/21/2007 9:50:21 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/18/2008 5:37:15 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 10:24:12 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 5:40:21 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 7:36:47 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 5:50:05 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 9/12/2008 7:42:07 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/30/2008 7:36:36 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/27/2008 7:49:16 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/15/2009 5:27:23 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
This is the extras file,
Thank you,
Gary

kevinf80 · « **Reply #36 on:** April 03, 2012, 02:16:08 PM »

Have you ot the main log from OTL, OTL.txt

rich1428 · « **Reply #37 on:** April 03, 2012, 08:14:17 PM »

I think that I have zipped the file correctly. It was too long for the Reply.
Thank You,
Gary

kevinf80 · « **Reply #38 on:** April 04, 2012, 01:52:08 AM »

Re-Run

by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the box at the bottom, paste in the following

Code: [Select]

:OTL
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
IE - HKLM\..\URLSearchHook: {a7347e8c-1ca6-469b-951e-4a23c4437935} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60186
IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm016YYus&ptnrS=XNxdm016YYus&ptb=67E1AB6E-AB04-438F-98F7-9DDF0D8E9C55&psa=&ind=2012021017&st=sb&n=77ed0119&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLA_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=XsmJsDOBCE46egsu-ysdz9FuF3w?q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3026AD72-1177-4F08-AD08-16022016A4D4}&mid=900107179a79854d5ef76208ce9b02cf-4ebf563dee40240f55336aa775d6696c70bbafd1&lang=en&ds=AVG&pr=fr&d=2011-09-27 21:01:08&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80117&lng=en
IE - HKCU\..\SearchScopes\Live Search: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=en-US&FORM=MIMWA1
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2012/02/19 01:08:04 | 000,000,000 | ---D | M]
[2012/02/14 18:11:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/14 18:11:31 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com
File not found (No name found) -- C:\PROGRAM FILES\WEATHERBLINK\BAR\1.BIN
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 781 bytes -> C:\Users\Gary\Desktop\Windowa Live Messenger.eml:OECustomProperty
@Alternate Data Stream - 757 bytes -> C:\Users\Gary\Documents\consent form.jnt:OECustomProperty
@Alternate Data Stream - 757 bytes -> C:\Users\Gary\Documents\consent form.eml:OECustomProperty
@Alternate Data Stream - 741 bytes -> C:\Users\Gary\Desktop\house pics.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\Gary\Documents\puppet.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\Gary\Desktop\Message 1.eml:OECustomProperty
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:6F1F66C0
:Files
ipconfig /flushdns /c
C:\ProgramData\~zPMKqiO19RA7Kur
C:\ProgramData\~zPMKqiO19RA7Ku
:commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

What i`d like in your reply:

Log from OTL fix
Log from OTL quick scan

Kevin

rich1428 · « **Reply #39 on:** April 05, 2012, 05:51:37 PM »

This is the OTL moved files.
Thank You,
Gary

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a7347e8c-1ca6-469b-951e-4a23c4437935} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7347e8c-1ca6-469b-951e-4a23c4437935}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
C:\Program Files\Inbox Toolbar\Inbox.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ not found.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com\META-INF folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com\components folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com\chrome folder moved successfully.
C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\extensions\inboxcomtoolbar@inbox.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
C:\Program Files\Crawler\Toolbar\ctbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2E5E800E-6AC0-411E-940A-369530A35E43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
C:\Windows\System32\TwcToolbarIe7.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\Toolbar\ctbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Users\Gary\Desktop\Windowa Live Messenger.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Documents\consent form.jnt:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Documents\consent form.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Desktop\house pics.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Documents\puppet.eml:OECustomProperty deleted successfully.
ADS C:\Users\Gary\Desktop\Message 1.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:6F1F66C0 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gary\Desktop\cmd.bat deleted successfully.
C:\Users\Gary\Desktop\cmd.txt deleted successfully.
C:\ProgramData\~zPMKqiO19RA7Kur moved successfully.
C:\ProgramData\~zPMKqiO19RA7Ku moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gary
->Temp folder emptied: 16121756 bytes
->Temporary Internet Files folder emptied: 113426134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 359981886 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 512 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RYANPC-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 282615 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 871054 bytes

Total Files Cleaned = 468.00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 04042012_140140

Files\Folders moved on Reboot...
C:\Users\Gary\AppData\Local\Temp\Low\~DFA9C.tmp moved successfully.
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8672.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8677.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF868C.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8691.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF869F.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86A4.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86B2.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86D5.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF86F8.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8731.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF874B.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8758.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF876F.tmp not found!
File\Folder C:\Users\Gary\AppData\Local\Temp\~DF8778.tmp not found!
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Gary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

rich1428 · « **Reply #40 on:** April 05, 2012, 06:04:54 PM »

This is the zip fille.
Thank you,
Gary

kevinf80 · « **Reply #41 on:** April 06, 2012, 01:27:02 AM »

How is your system responding, any improvement?

rich1428 · « **Reply #42 on:** April 06, 2012, 01:12:40 PM »

It seems that when I am on the internet with either Chrome or Explorer, It slows down. When I get a reply from a website or on E-mail, the cursor stops until whatever is loading is finished. It runs really slow. If I use my regular applications outside of the internet, everything is fine. On the internet, my hardrive is constantly running. I wonder if this is a bot machine sending out spam.
Thank you,
Gary

kevinf80 · « **Reply #43 on:** April 06, 2012, 01:30:33 PM »

Ok lets have a more indepth look at your system,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur

Altenative mirror

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
Temporarily disable Security

Do not use your computer for anything else during the scan.

Double click GMER.exe.

If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO
Then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

Kevin

rich1428 · « **Reply #44 on:** April 07, 2012, 08:57:17 PM »

This is the Gmer scan. Sometimes when I leave the computer for a while, it is at the login screen. When I log in, there is an error message that there was a windows shutdown.
Thank you,
Gary

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 22:42:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.ADG
Running: gmer.exe; Driver: C:\Users\Gary\AppData\Local\Temp\pxldqpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA02D6F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA02D6FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA02D7080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA02D711C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 83AC6B74 4 Bytes [3C, 6F, 2D, A0]
.text ntkrnlpa.exe!KeSetEvent + 621 83AC6DA4 8 Bytes [E4, 6F, 2D, A0, 80, 70, 2D, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 83AC6E04 4 Bytes [1C, 71, 2D, A0]
.text ataport.SYS!AtaPortGetScatterGatherList + A3C 807A7A2C 1 Byte [CC] {INT 3 }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[580] kernel32.dll!CreateThread 761ACB2E 5 Bytes JMP 6CB17303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogParamW 769172A2 5 Bytes JMP 6CCA66A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!GetAsyncKeyState 7691863C 5 Bytes JMP 6CAFDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SetWindowsHookExW 769187AD 5 Bytes JMP 6CB52194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CallNextHookEx 76918E3B 5 Bytes JMP 6CB77BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!UnhookWindowsHookEx 769198DB 5 Bytes JMP 6CB9EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!EnableWindow 7691CD8B 5 Bytes JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DefWindowProcA 7691DB88 7 Bytes JMP 6CB1952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateWindowExA 7691DC2A 5 Bytes JMP 6CB23363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateWindowExW 76921305 5 Bytes JMP 6CB7FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!GetKeyState 76928CB1 5 Bytes JMP 6CAFDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DefWindowProcW 769303B4 7 Bytes JMP 6CB77C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!IsDialogMessageW 76930745 5 Bytes JMP 6CCA6E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogParamA 769317AA 5 Bytes JMP 6CCA6668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!IsDialogMessage 76931847 2 Bytes JMP 6CCA6DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!IsDialogMessage + 3 7693184A 2 Bytes [37, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogIndirectParamA 769326F1 5 Bytes JMP 6CCA66D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!CreateDialogIndirectParamW 76939A62 5 Bytes JMP 6CCA6710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SetKeyboardState 76940987 5 Bytes JMP 6CCA76D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxParamW 769410B0 5 Bytes JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxIndirectParamW 76942EF5 5 Bytes JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SendInput 76942F75 5 Bytes JMP 6CCA7679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!EndDialog 7694326E 5 Bytes JMP 6CCA70B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!SetCursorPos 76956FB2 5 Bytes JMP 6CCA7752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxParamA 76958152 5 Bytes JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!DialogBoxIndirectParamA 7695847D 5 Bytes JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxIndirectA 7696D4D9 5 Bytes JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxIndirectW 7696D5D3 5 Bytes JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxExA 7696D639 5 Bytes JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!MessageBoxExW 7696D65D 5 Bytes JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] USER32.dll!keybd_event 7696D972 5 Bytes JMP 6CCA7636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[580] SHELL32.dll!SHRestricted + D95 756C89A8 4 Bytes [CF, 01, 7E, 6B] {IRET ; ADD [ESI+0x6b], EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[580] SHELL32.dll!SHRestricted + D9D 756C89B0 8 Bytes [E0, 61, 7D, 6B, 79, F7, 7D, ...] {LOOPNZ 0x63; JGE 0x6f; JNS 0xfffffffffffffffd; JGE 0x73}
.text C:\Program Files\Internet Explorer\iexplore.exe[580] ole32.dll!OleLoadFromStream 767E1E80 5 Bytes JMP 6CCA6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!EnableWindow 7691CD8B 5 Bytes JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxParamW 769410B0 5 Bytes JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxIndirectParamW 76942EF5 5 Bytes JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxParamA 76958152 5 Bytes JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!DialogBoxIndirectParamA 7695847D 5 Bytes JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxIndirectA 7696D4D9 5 Bytes JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxIndirectW 7696D5D3 5 Bytes JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxExA 7696D639 5 Bytes JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2368] USER32.dll!MessageBoxExW 7696D65D 5 Bytes JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Real\realplayer\Update\realsched.exe[2796] kernel32.dll!SetUnhandledExceptionFilter 7618A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] kernel32.dll!CreateThread 761ACB2E 5 Bytes JMP 6CB17303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogParamW 769172A2 5 Bytes JMP 6CCA66A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!GetAsyncKeyState 7691863C 5 Bytes JMP 6CAFDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SetWindowsHookExW 769187AD 5 Bytes JMP 6CB52194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CallNextHookEx 76918E3B 5 Bytes JMP 6CB77BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!UnhookWindowsHookEx 769198DB 5 Bytes JMP 6CB9EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!EnableWindow 7691CD8B 5 Bytes JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DefWindowProcA 7691DB88 7 Bytes JMP 6CB1952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateWindowExA 7691DC2A 5 Bytes JMP 6CB23363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateWindowExW 76921305 5 Bytes JMP 6CB7FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!GetKeyState 76928CB1 5 Bytes JMP 6CAFDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DefWindowProcW 769303B4 7 Bytes JMP 6CB77C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!IsDialogMessageW 76930745 5 Bytes JMP 6CCA6E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogParamA 769317AA 5 Bytes JMP 6CCA6668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!IsDialogMessage 76931847 2 Bytes JMP 6CCA6DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!IsDialogMessage + 3 7693184A 2 Bytes [37, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogIndirectParamA 769326F1 5 Bytes JMP 6CCA66D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!CreateDialogIndirectParamW 76939A62 5 Bytes JMP 6CCA6710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SetKeyboardState 76940987 5 Bytes JMP 6CCA76D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxParamW 769410B0 5 Bytes JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxIndirectParamW 76942EF5 5 Bytes JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SendInput 76942F75 5 Bytes JMP 6CCA7679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!EndDialog 7694326E 5 Bytes JMP 6CCA70B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!SetCursorPos 76956FB2 5 Bytes JMP 6CCA7752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxParamA 76958152 5 Bytes JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!DialogBoxIndirectParamA 7695847D 5 Bytes JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxIndirectA 7696D4D9 5 Bytes JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxIndirectW 7696D5D3 5 Bytes JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxExA 7696D639 5 Bytes JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!MessageBoxExW 7696D65D 5 Bytes JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] USER32.dll!keybd_event 7696D972 5 Bytes JMP 6CCA7636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] SHELL32.dll!SHRestricted + D95 756C89A8 4 Bytes [CF, 01, 7E, 6B] {IRET ; ADD [ESI+0x6b], EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] SHELL32.dll!SHRestricted + D9D 756C89B0 8 Bytes [E0, 61, 7D, 6B, 79, F7, 7D, ...] {LOOPNZ 0x63; JGE 0x6f; JNS 0xfffffffffffffffd; JGE 0x73}
.text C:\Program Files\Internet Explorer\iexplore.exe[5604] ole32.dll!OleLoadFromStream 767E1E80 5 Bytes JMP 6CCA6B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\BTHUSB \Device\0000008e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\BTHUSB \Device\0000008c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:432] 8795539F
Thread System [4:472] 882BA0F4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd21a85
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd21a85@000761a880e4 0x6E 0xE2 0xEC 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd21a85@000761a2fdfb 0x5D 0xDA 0xE4 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd21a85 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd21a85@000761a880e4 0xB1 0xBC 0x98 0x2D ...

---- EOF - GMER 1.0.15 ----

News:

Author Topic: [Resolved K]dds (Read 4205 times)

rich1428

Re: [Resolved K]dds

kevinf80

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

kevinf80

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

kevinf80

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

kevinf80

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

kevinf80

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds

kevinf80

Re: [Resolved K]dds

rich1428

Re: [Resolved K]dds