Hi my name is Ben, couple weeks ago I encountered a 7b BSOD causing boot failure, but later I managed to resolve the problem by windows recovery chdsk/r and /p. Once I successfully booted Windows, I did a quick virus scan as well as SpybotS&D, the result showed several infections namely (Babylon Toolbar, Fraud.Sysguard, Click.GiftLoad). Spybot succesfully fixed and removed all them except of Click.GiftLoad.

I would truly appreciate some help and assistance with the Click.Giftload infection. I Have tried to clean it with Antivirus, Spybot and Malwarebytes but unfortunately the problem still remains.

Thanks



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Benjamin at 15:52:07.15 on Mon 05/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3325.2389 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Benjamin\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Xtreme N Dual Band DWA-160] c:\program files\d-link\dwa-160 reva\AirNCFG.exe
mRun: [HDSPTray1] hdsp32.exe
mRun: [HDSPTray2] hdspmix.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\benjamin\applic~1\mozilla\firefox\profiles\zbozdjj1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dc7fef7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\benjamin\application data\move networks\plugins\npqmp071700000016.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2003-9-22 23936]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-9-19 147456]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [2010-8-22 457728]
R3 hdsp;RME Hammerfall Audio Device;c:\windows\system32\drivers\hdsp.sys [2005-9-15 66048]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2009-9-24 23288]
S2 gupdate1ca4bfae5e4f4d8;Google Update Service (gupdate1ca4bfae5e4f4d8);c:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 USB44LDR;M-Audio USB MidiSport 4x4 Loader;c:\windows\system32\drivers\usb44ldr.sys [2009-10-23 16416]
S3 USBMN4X4;M-Audio USB MidiSport 4x4;c:\windows\system32\drivers\usbmn4x4.sys [2009-10-23 22304]
.
=============== Created Last 30 ================
.
2011-05-16 18:49:51 -------- d-sh--w- c:\documents and settings\benjamin\IECompatCache
2011-05-12 01:20:07 -------- d-sha-r- C:\cmdcons
2011-05-12 01:15:21 98816 ----a-w- c:\windows\sed.exe
2011-05-12 01:15:21 89088 ----a-w- c:\windows\MBR.exe
2011-05-12 01:15:21 256512 ----a-w- c:\windows\PEV.exe
2011-05-12 01:15:21 161792 ----a-w- c:\windows\SWREG.exe
2011-05-12 00:50:44 -------- d-----w- c:\docume~1\benjamin\applic~1\Malwarebytes
2011-05-12 00:50:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-12 00:50:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-12 00:50:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 00:50:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-12 00:40:16 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-12 00:40:06 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-12 00:39:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-12 00:39:32 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-12 00:39:26 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-12 00:39:21 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-05-12 00:39:21 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-05-12 00:37:58 -------- d-----w- c:\program files\CCleaner
2011-05-12 00:37:26 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-12 00:35:17 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-05-12 00:33:45 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-05-12 00:33:44 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-12 00:33:44 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-12 00:33:44 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-05-12 00:33:44 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-05-12 00:33:37 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-12 00:33:35 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-05-12 00:10:14 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-05-12 00:09:25 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-05-12 00:09:25 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-05-12 00:09:24 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-05-12 00:09:24 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-05-12 00:09:24 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-05-12 00:09:24 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-05-12 00:09:24 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-05-12 00:08:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-05-12 00:07:49 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-05-11 21:41:27 -------- d-----w- c:\docume~1\benjamin\locals~1\applic~1\ESET
2011-05-11 21:41:27 -------- d-----w- c:\docume~1\benjamin\applic~1\ESET
2011-05-11 21:40:23 -------- d-----w- c:\program files\ESET
2011-05-10 06:57:59 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-10 06:41:16 -------- d-----w- c:\windows\system32\scripting
2011-05-10 06:41:16 -------- d-----w- c:\windows\l2schemas
2011-05-10 06:41:15 -------- d-----w- c:\windows\system32\en
2011-05-10 06:41:15 -------- d-----w- c:\windows\system32\bits
2011-05-10 06:28:23 -------- d-----w- c:\windows\EHome
2011-05-10 06:19:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-05-10 06:19:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-10 06:17:47 -------- d-----w- c:\docume~1\benjamin\applic~1\GetRightToGo
2011-05-10 04:18:15 -------- d-----w- c:\program files\AMD APP
2011-05-10 04:14:06 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-10 04:14:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-10 04:14:06 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-10 04:14:06 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-10 04:14:06 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-10 04:14:06 118784 ----a-w- c:\windows\system32\atibtmon.exe
2011-05-10 04:14:06 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-05-10 04:13:30 -------- d-----w- c:\program files\ATI
2011-05-10 04:12:52 -------- d-----w- C:\ATI
2011-05-10 02:53:59 -------- d-----w- c:\docume~1\benjamin\locals~1\applic~1\AVG Security Toolbar
2011-04-20 02:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 02:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-20 02:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
.
==================== Find3M ====================
.
2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-10 07:41:07 36868 ----a-w- c:\program files\uninst-Particular.exe
2008-09-29 21:09:46 80486400 ----a-w- c:\program files\Omnisphere.dll
2007-07-17 18:13:45 61440 ----a-w- c:\program files\RGSGrowBounds.aex
.
============= FINISH: 15:52:46.62 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.





REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-




Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg


Reboot your system, scan again with Spybot and see if its gone


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Hi, Thanks for help,

As instructed I have applied applied the registry fix and reboot.

No signs of infection in Spybot.

1 File infection with Malwrebytes, here is the log:


------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6628

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/20/2011 3:13:33 PM
mbam-log-2011-05-20 (15-13-33).txt

Scan type: Quick scan
Objects scanned: 173933
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Benjamin\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.

Great


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP279\A0060628.exe Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP279\A0060629.exe Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP279\A0060631.exe a variant of Win32/Kryptik.IFT trojan
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP279\A0060633.exe Win32/Adware.SpywareProtect2009 application
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP279\A0060634.exe a variant of Win32/Cimag.GN trojan
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP280\A0061539.exe a variant of Win32/Kryptik.NLX trojan
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP280\A0061540.exe a variant of Win32/Kryptik.NMX trojan
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP280\A0062216.exe a variant of Win32/Kryptik.NLX trojan
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP284\A0070046.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP284\A0070049.exe a variant of Win32/SweetIM.B application
C:\System Volume Information\_restore{13E88EF5-821C-45D9-91E9-F86098017D4D}\RP284\A0070050.exe a variant of Win32/Packed.Themida application

Good Morning,

All that ESET found where in System Restore and cant hurt you unless you use System Restore to revert your system to an earlier date, but let flush that all out to be on the safeside.

Are things running ok, any browser redirects or unwanted pop up windows ?


System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.


Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

No browser re-direct or pop ups so far, the system seems more stable,

Thanks for the help, greatly appreciated.

Nice :)


Run this quick scan and let me take a final peek


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

OTL logfile created on: 5/21/2011 8:58:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Benjamin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 51.52 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 69.86 Gb Free Space | 23.43% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 82.87 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 53.94 Gb Free Space | 23.16% Space Free | Partition Type: NTFS
Drive H: | 372.61 Gb Total Space | 337.54 Gb Free Space | 90.59% Space Free | Partition Type: NTFS

Computer Name: BWB-FF0C1368D51 | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Benjamin\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\WINDOWS\system32\hdsp32.exe (RME)
PRC - C:\WINDOWS\system32\hdspmix.exe ()
PRC - c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe (D-Link Corp.)
PRC - C:\WINDOWS\system32\ANIWConnService.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Benjamin\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (STacSV) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe (IDT, Inc.)
SRV - (ANIWConnService) -- C:\WINDOWS\system32\ANIWConnService.exe ()
SRV - (ANIWZCSdService) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)


========== Driver Services (SafeList) ==========

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\tpkd.sys (PACE Anti-Piracy, Inc.)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (USBMN4X4) -- C:\WINDOWS\system32\drivers\usbmn4x4.sys (Doug Fetter Software Wizardry)
DRV - (USB44LDR) -- C:\WINDOWS\system32\drivers\usb44ldr.sys (MIDIMAN)
DRV - (hdsp) -- C:\WINDOWS\system32\drivers\hdsp.sys (RME)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys ()
DRV - (arusb(Atheros)) -- C:\WINDOWS\system32\drivers\dwarusb.sys (Atheros Communications, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (mapledxp) -- C:\WINDOWS\System32\drivers\mapledxp.SYS (Jeff Hurchalla and Marble Sound)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-507921405-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1275210071-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {03DA0148-F712-49A9-BF88-CD5AD2787E54}:1.9.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4dc7fef7&v=6.103.018.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/10 00:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/10 00:49:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/07 13:04:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/15 16:17:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/05/11 17:40:24 | 000,000,000 | ---D | M]

[2009/09/24 00:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin\Application Data\Mozilla\Extensions
[2011/05/10 05:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\zbozdjj1.default\extensions
[2010/08/23 14:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\zbozdjj1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/03 18:37:44 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\zbozdjj1.default\searchplugins\aim-search.xml
[2011/04/14 16:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/23 12:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/02 17:23:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\BENJAMIN\APPLICATION DATA\MOVE NETWORKS
[2010/08/23 12:52:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/07 13:04:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/08/23 12:52:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2011/02/10 00:27:39 | 000,002,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011/05/07 13:04:12 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/11 21:26:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1275210071-507921405-839522115-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1275210071-507921405-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HDSPTray1] C:\WINDOWS\System32\hdsp32.exe (RME)
O4 - HKLM..\Run: [HDSPTray2] C:\WINDOWS\System32\hdspmix.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1275210071-507921405-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-507921405-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Benjamin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/22 21:05:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 18:00:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Benjamin\Start Menu\Programs\Administrative Tools
[2011/05/20 14:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Desktop\na
[2011/05/20 14:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Desktop\dld files
[2011/05/20 14:11:29 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/19 18:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/16 15:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Desktop\tdsskiller
[2011/05/16 15:42:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/16 14:49:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Benjamin\IECompatCache
[2011/05/11 21:20:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/11 21:15:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/11 21:15:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/11 21:15:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/11 21:15:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/11 21:15:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/11 20:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\Malwarebytes
[2011/05/11 20:50:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 20:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/11 20:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/11 20:50:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/11 20:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/11 20:40:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/11 20:40:06 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/11 20:39:59 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/05/11 20:39:32 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/05/11 20:39:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/11 20:39:21 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/05/11 20:39:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/05/11 20:39:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Benjamin\Recent
[2011/05/11 20:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/11 20:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/11 20:37:26 | 000,455,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/05/11 20:35:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/05/11 20:34:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/11 20:33:44 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/05/11 20:33:44 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/05/11 20:33:44 | 002,069,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/05/11 20:33:44 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/05/11 20:33:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/11 20:33:35 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/05/11 20:10:14 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/05/11 20:08:32 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/05/11 20:07:49 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/05/11 19:45:02 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Benjamin\Desktop\aswMBR.exe
[2011/05/11 17:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Local Settings\Application Data\ESET
[2011/05/11 17:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\ESET
[2011/05/11 17:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/05/11 17:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/05/11 17:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/11 17:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/05/10 15:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/10 15:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/10 02:55:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/10 02:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/10 02:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/10 02:41:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/10 02:41:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/10 02:28:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/10 02:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/05/10 02:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/10 02:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/10 02:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/10 02:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\GetRightToGo
[2011/05/10 00:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Desktop\Misc
[2011/05/10 00:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2011/05/10 00:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/05/10 00:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2011/05/10 00:14:06 | 005,459,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2011/05/10 00:14:06 | 001,115,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvamv.dll
[2011/05/10 00:14:06 | 000,151,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2011/05/10 00:14:06 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2011/05/10 00:14:06 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2011/05/10 00:14:06 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2011/05/10 00:14:06 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2011/05/10 00:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/05/10 00:12:52 | 000,000,000 | ---D | C] -- C:\ATI
[2011/05/09 23:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/09 23:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/09 22:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Local Settings\Application Data\AVG Security Toolbar
[2011/05/02 17:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin\Application Data\Move Networks
[2010/08/30 16:08:35 | 080,486,400 | ---- | C] (Spectrasonics) -- C:\Program Files\Omnisphere.dll
[2003/09/22 17:09:14 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\mapleapi.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/21 20:52:52 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/21 20:52:52 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/21 20:49:03 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{ECA420B8-0DBB-49DA-824B-084D876FFC3F}
[2011/05/21 20:48:51 | 000,000,009 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{ECA420B8-0DBB-49DA-824B-084D876FFC3F}
[2011/05/21 20:48:42 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/05/21 20:48:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/21 20:48:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/21 15:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/20 14:38:48 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\Regfix.reg
[2011/05/20 14:11:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/19 18:02:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 17:56:50 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/05/16 16:05:20 | 000,010,367 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\Attach.zip
[2011/05/16 15:47:49 | 000,333,583 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\medical note ben 001(1).jpg
[2011/05/16 15:42:02 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\tdsskiller.zip
[2011/05/16 15:40:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\MBR.dat
[2011/05/16 14:01:00 | 000,511,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/11 21:52:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/11 21:26:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 21:20:14 | 000,000,385 | RHS- | M] () -- C:\boot.ini
[2011/05/11 21:18:57 | 004,346,086 | R--- | M] () -- C:\Documents and Settings\Benjamin\Desktop\ComboFix.exe
[2011/05/11 20:50:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 20:37:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/11 19:45:36 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Benjamin\Desktop\ce7bnum9.exe
[2011/05/11 19:44:59 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Benjamin\Desktop\aswMBR.exe
[2011/05/11 15:16:38 | 000,652,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/05/10 04:31:16 | 000,006,574 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/10 02:31:46 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/10 02:19:54 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/10 00:08:18 | 000,000,270 | ---- | M] () -- C:\Boot.bak
[2011/05/07 16:19:59 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gxutatebi.dat
[2011/05/03 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-BWB-FF0C1368D51-Benjamin.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 14:38:48 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\Regfix.reg
[2011/05/16 16:05:20 | 000,010,367 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\Attach.zip
[2011/05/16 15:47:49 | 000,333,583 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\medical note ben 001(1).jpg
[2011/05/11 21:30:19 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/11 21:20:14 | 000,000,270 | ---- | C] () -- C:\Boot.bak
[2011/05/11 21:20:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/11 21:18:55 | 004,346,086 | R--- | C] () -- C:\Documents and Settings\Benjamin\Desktop\ComboFix.exe
[2011/05/11 21:15:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/11 21:15:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/11 21:15:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/11 21:15:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/11 21:15:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/11 20:50:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 20:37:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/11 20:35:39 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\tdsskiller.zip
[2011/05/11 20:14:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\MBR.dat
[2011/05/11 19:45:37 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Benjamin\Desktop\ce7bnum9.exe
[2011/05/10 04:30:41 | 000,006,574 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/10 02:19:54 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/10 00:14:06 | 000,165,296 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/25 17:27:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gxutatebi.dat
[2011/03/25 17:27:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lceyageyabeguyo.bin
[2011/02/10 03:41:07 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-Particular.exe
[2010/12/22 23:25:04 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\libencdec.dll
[2010/11/03 19:40:58 | 000,021,112 | ---- | C] () -- C:\WINDOWS\System32\iLokDrvr.sys
[2010/11/03 19:40:58 | 000,021,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\iLokDrvr.sys
[2010/09/19 14:56:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2010/09/19 14:56:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010/09/19 14:56:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2010/09/19 14:56:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/09/19 14:56:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2010/09/19 14:56:05 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2010/09/19 14:55:49 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2010/09/19 14:55:49 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2010/09/19 14:55:39 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010/09/19 14:55:39 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2010/09/19 14:55:36 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2010/09/19 03:28:02 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Benjamin\Application Data\ANICONFIG_{0D95D232-C924-4CB5-96F5-1F1B57C4C622}.ini
[2010/08/28 14:12:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\moosh11drv.dll
[2010/06/20 13:17:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\sysid100.dat
[2010/02/10 17:20:36 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2009/11/26 12:44:54 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/20 19:02:10 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/11/20 19:02:10 | 000,080,384 | ---- | C] () -- C:\WINDOWS\smgrinst.exe
[2009/11/20 19:02:07 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2009/11/20 18:37:12 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sss2ml3.dll
[2009/10/27 12:17:50 | 000,000,452 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2009/10/03 02:38:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/01 09:22:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2009/10/01 09:22:20 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2009/10/01 09:22:20 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2009/10/01 09:22:20 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2009/10/01 09:22:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2009/09/30 01:49:22 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Benjamin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 23:24:24 | 002,568,192 | ---- | C] () -- C:\WINDOWS\System32\vsldaemon.exe
[2009/09/25 10:00:10 | 000,007,326 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/09/25 09:56:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Alternation Tool.INI
[2009/09/25 09:55:48 | 000,000,121 | ---- | C] () -- C:\WINDOWS\PerformanceTool.INI
[2009/09/25 08:56:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/25 01:31:25 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2009/09/25 01:31:25 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/09/24 00:20:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/22 21:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/09/22 21:21:07 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/22 21:06:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/22 21:03:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/01 16:11:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/12/01 16:11:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/12/01 16:11:20 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/10/30 10:45:42 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/07/12 12:51:25 | 000,061,440 | ---- | C] () -- C:\Program Files\RGSGrowBounds.aex
[2007/06/27 18:13:51 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,435,590 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,068,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/04 20:19:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/04 20:18:34 | 000,511,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/03 02:30:14 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/01/03 02:30:14 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/01/03 02:30:14 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/01/03 02:30:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2005/11/24 15:24:04 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hdspmix.exe
[2004/03/01 17:03:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\midirvsl.dll
[2002/10/27 12:50:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[1995/08/24 00:55:56 | 000,015,360 | -H-- | C] () -- C:\WINDOWS\System32\SVPTE.DRV
[1995/08/24 00:55:56 | 000,015,360 | -H-- | C] () -- C:\WINDOWS\d5w.exe

========== LOP Check ==========

[2011/05/10 04:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2010/04/03 18:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/22 22:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Ease
[2011/05/11 20:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/01/01 02:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/14 15:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\East West
[2011/05/11 17:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/09/26 03:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2011/05/11 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/01/03 02:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2011/01/14 15:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/03/05 04:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/09/24 00:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2009/09/24 00:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/05/11 21:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/22 22:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VitalData
[2009/09/27 23:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSL
[2009/09/24 00:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2009/12/20 16:20:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{235C56CA-353F-4166-9F03-DC83C5C57131}
[2010/11/12 13:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/04 18:39:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{68043317-5F8A-4DA9-B49D-1A6337515B90}
[2009/09/23 00:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/20 16:20:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8E4DC1D0-364F-4942-85CD-BCD7298D633E}
[2010/08/09 20:10:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF329843-149E-4A5A-82A1-0250286442D0}
[2010/08/27 16:07:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D4A35D06-4ABB-4672-8A3A-DA19E6EB8CD6}
[2010/08/09 19:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
[2010/04/03 18:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\acccore
[2010/12/22 23:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Audio Ease
[2006/01/01 02:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\AVG10
[2011/02/24 09:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Blender Foundation
[2011/05/11 17:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\ESET
[2011/05/10 02:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\GetRightToGo
[2011/02/25 02:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\MAXON
[2009/09/28 04:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\MSNInstaller
[2011/01/14 15:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\PACE Anti-Piracy
[2010/11/09 15:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\PTGui
[2009/09/24 03:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\Steinberg
[2009/09/27 23:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin\Application Data\VSL

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 1187 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8Mion1Xb6Of3d68UG6arhd7j
@Alternate Data Stream - 1163 bytes -> C:\Documents and Settings\Benjamin\Cookies:qaLezJ14AAI6qJatxgRFV2zlRzZ
@Alternate Data Stream - 1095 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:3zjfSNuX8uBXKdsO3Qp9

< End of report >

OTL Extras logfile created on: 5/21/2011 8:58:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Benjamin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 51.52 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 69.86 Gb Free Space | 23.43% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 82.87 Gb Free Space | 22.24% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 53.94 Gb Free Space | 23.16% Space Free | Partition Type: NTFS
Drive H: | 372.61 Gb Total Space | 337.54 Gb Free Space | 90.59% Space Free | Partition Type: NTFS

Computer Name: BWB-FF0C1368D51 | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1275210071-507921405-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX4x28\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x28\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX4x28\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX4x28\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe" = C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\WebLog Expert\WLExpert.exe" = C:\Program Files\WebLog Expert\WLExpert.exe:*:Enabled:Web server access log analyzer -- (Alentum Software Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}" = D-Link Xtreme N Dual Band DWA-160
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3112D60C-12C2-436A-AB3E-ACD26A17569B}" = QL Spaces
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75AF966A-CBB9-4801-963B-9A4378941799}" = D-Link Xtreme N Dual Band DWA-160
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup
"{a085b9f2-e343-4e48-8d4b-e766a66340bc}" = Audio Bro LA Scoring Strings
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B7DAD844-34CD-456B-83CC-88065323DD69}" = WordBuilder
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91033}" = Nero 7 Essentials
"{C206015D-DAC5-407C-A54B-6D7776A0881C}" = SetIP
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF584D4A-2619-41BE-9515-AAB18439D393}" = Steinberg Sequel 2 Trial Content
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FED7C046-6E28-4492-87F6-EF1BA20E1EC5}" = Steinberg Cubase 4
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter
"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Audio Bro LA Scoring Strings" = Audio Bro LA Scoring Strings
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.10
"AudioEase Speakersphone VST RTAS_is1" = AudioEase Speakersphone VST RTAS
"Best Service Orient World" = Best Service Orient World
"Big Fish Audio First Call Horns" = Big Fish Audio First Call Horns
"Blender" = Blender (remove only)
"Cabinet" = Cabinet
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"East West Boesendorfer 290" = East West Boesendorfer 290
"East West EWQLSO PRO XP Gold" = East West EWQLSO PRO XP Gold
"East West Ra" = East West Ra
"East West Symphonic Choirs" = East West Symphonic Choirs
"ESET Online Scanner" = ESET Online Scanner v3
"GoldWave v5.52" = GoldWave v5.52
"Google Chrome" = Google Chrome
"HDSP" = RME Hammerfall DSP (WDM)
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LaaTiDo" = LaaTiDo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple Virtual Midi Cable_is1" = Marblesound Maple VMidi Cable v3.52
"MAXON8C02D5E0" = CINEMA 4D 12.016
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MidiSport4x4" = Midisport 4x4 1.0.1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Native Instruments Kontakt 2" = Native Instruments Kontakt 2
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"ProjectSAM Symphobia" = ProjectSAM Symphobia
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PTGui" = PTGui Pro 8.3.3
"Recuva" = Recuva
"Samsung SCX-4x28 Series" = Samsung SCX-4x28 Series
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SSL LMC-1" = SSL LMC-1 v1.0
"Syncrosoft License Control" = Syncrosoft License Control
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Form" = Trapcode Form
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Vienna Instruments Software_is1" = Vienna Instruments Software 1.10
"VLC media player" = VLC media player 1.1.7
"VSL Midi Router_is1" = VSL Midi Router 1.0 RC2
"VSL Performance Tool (Version 2.0f)" = VSL Performance Tool (Version 2.0f) (remove only)
"WebLog Expert_is1" = WebLog Expert 7.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"Zero-G Afrolatin Slam" = Zero-G Afrolatin Slam

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 1:53:31 AM | Computer Name = BWB-FF0C1368D51 | Source = Application Hang | ID = 1002
Description = Hanging application BoostSpeed.exe, version 10.0.0.24, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/10/2011 3:25:54 PM | Computer Name = BWB-FF0C1368D51 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 5/10/2011 3:25:54 PM | Computer Name = BWB-FF0C1368D51 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

Error - 5/10/2011 4:55:08 PM | Computer Name = BWB-FF0C1368D51 | Source = ESENT | ID = 490
Description = wuauclt (1384) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/10/2011 5:05:19 PM | Computer Name = BWB-FF0C1368D51 | Source = ESENT | ID = 490
Description = wuauclt (1100) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/10/2011 5:05:30 PM | Computer Name = BWB-FF0C1368D51 | Source = ESENT | ID = 490
Description = wuauclt (3932) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/11/2011 5:39:10 PM | Computer Name = BWB-FF0C1368D51 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/11/2011 8:14:36 PM | Computer Name = BWB-FF0C1368D51 | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

[ System Events ]
Error - 5/20/2011 3:17:31 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 5/20/2011 3:17:31 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 5/21/2011 1:42:10 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 5/21/2011 1:42:10 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 5/21/2011 1:43:03 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 5/21/2011 1:43:03 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 5/21/2011 8:49:12 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 5/21/2011 8:49:12 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 5/21/2011 8:50:12 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 5/21/2011 8:50:12 PM | Computer Name = BWB-FF0C1368D51 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >

Looking good :bigthumb:


Lets update your Java to make your system more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 23, if not proceed with the instructions.

Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.

Java SE Runtime Environment (JRE)JRE 6 Update 23 <--The wording is confusing but this is what you need


Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)




Malwarebytes is the free version and will not be removed , its yours to keep.


Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Java updated

OTL clean up done.

The computer seems more stable, no more freezing, browser re-direct or pop ups.


Just made a donation. Thanks again for your help and your patience, greatly appreciated.

Glad things are running well again :bigthumb:


Thank you for the donation, they all go towards research and help keep us online

Take Care,

Ken :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.