Windows restore virus

ooglefish3 · April 5, 2011

During this last session online, this "Windows Restore" window popped-up, running a scan. I stopped it before it went further BUT, it is tossing up all kinds of error msgs about IDE, Hard drive not found, memory errors you name it. My desktop has given way to a black background, all desktop items are not showing, except a couple of your basic desktop items. Cannot access my Task Manager. I am currently running in Safe Mode w networking.

When I downloaded Malwarebytes, it downloaded but, would not install giving me a Access Denied. Even attempted to change the Malware file name with no success.

This is Windows vista, on a Dell XPS Laptop M1530

any help would be HUGE!!!!

By the way, here in safe mode, none of my desktop items come up, only a Windows Help and Support window and a Microsoft visual C++ Runtime error saying it has asked runtime to terminate in an unusual way.

Thanks

C

ooglefish3 · April 7, 2011

Any help would be appreciated

Elise · April 7, 2011

Hello and :welcome:

OTL

-----

Please download OTL from one of the following mirrors:

- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Please download and run unhide.exe This should restore your files.

ooglefish3 · April 7, 2011

Here goes...thanks

OTL logfile created on: 4/7/2011 5:35:46 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Carrie\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free

6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.31 Gb Total Space | 111.95 Gb Free Space | 50.82% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 3.05 Gb Free Space | 30.48% Space Free | Partition Type: NTFS

Computer Name: CARRIE-LAPTOP | User Name: Carrie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/07 17:35:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie\Downloads\OTL.exe

PRC - [2011/03/23 17:34:42 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2006/11/02 05:45:13 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (SafeList) ==========

MOD - [2011/04/07 17:35:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Carrie\Downloads\OTL.exe

MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 16:25:42 | 000,431,440 | -H-- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (Trend Micro RUBotted Service)

SRV - [2010/10/06 11:31:48 | 000,517,448 | -H-- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/04/03 12:39:59 | 000,297,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/10/20 14:19:48 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009/09/05 17:16:22 | 000,908,056 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/08/24 08:47:07 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2009/06/18 23:05:15 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/11/09 16:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/07/07 10:42:02 | 000,809,296 | -H-- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/01/18 18:36:01 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/18 11:02:41 | 000,072,704 | -H-- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)

SRV - [2007/09/28 01:56:42 | 000,102,400 | -H-- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/09/28 01:56:38 | 000,073,728 | -H-- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/09/11 02:45:04 | 000,124,832 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007/08/27 05:22:30 | 000,566,872 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)

SRV - [2007/08/27 05:22:22 | 000,923,216 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)

SRV - [2007/08/27 05:22:18 | 000,345,432 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)

SRV - [2007/08/27 05:21:36 | 001,471,840 | -H-- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)

SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/03/21 15:00:04 | 000,355,096 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/03/19 14:44:44 | 000,070,656 | -H-- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2007/01/04 17:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/10/23 08:50:35 | 000,046,640 | RH-- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2009/10/20 14:19:44 | 000,050,704 | -H-- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2009/09/05 17:17:13 | 000,335,240 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/09/05 17:17:13 | 000,027,784 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/06/07 21:37:06 | 000,108,552 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2008/08/16 04:00:52 | 000,205,328 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)

DRV - [2008/08/16 04:00:46 | 000,036,368 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)

DRV - [2008/08/16 03:53:50 | 001,195,448 | -H-- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)

DRV - [2008/01/14 06:06:32 | 000,021,632 | -H-- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)

DRV - [2007/09/28 02:24:16 | 007,620,704 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/09/28 01:56:52 | 000,330,240 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/07 05:27:32 | 000,209,408 | -H-- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel®

DRV - [2007/09/07 04:50:54 | 000,155,136 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/07 02:35:46 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/07 02:35:44 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/07 02:35:42 | 000,042,496 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/08/28 01:51:44 | 000,007,424 | -H-- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2007/08/28 01:51:40 | 000,235,520 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2007/08/27 05:23:32 | 000,073,288 | -H-- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2007/08/27 05:23:28 | 000,280,392 | -H-- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TM_CFW.sys -- (tmcfw)

DRV - [2007/08/13 05:44:26 | 002,226,688 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/11/29 18:24:57 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2006/11/02 04:51:15 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)

DRV - [2006/11/02 03:36:43 | 002,028,032 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 03:30:55 | 000,200,704 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/10/05 19:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080118

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - File not found

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-167150308-33276035-3128934323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080118

IE - HKU\S-1-5-21-167150308-33276035-3128934323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

IE - HKU\S-1-5-21-167150308-33276035-3128934323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-167150308-33276035-3128934323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query="

FF - prefs.js..browser.search.selectedEngine: "AOL Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.aol.com"

FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.13.15.1

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc9e198&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/10/28 16:48:24 | 000,000,000 | -H-D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:34:44 | 000,000,000 | -H-D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:34:44 | 000,000,000 | -H-D | M]

[2009/07/02 23:26:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Extensions

[2011/04/06 08:25:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\h3g0m6n6.default\extensions

[2010/04/07 22:32:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\h3g0m6n6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/27 03:05:02 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\h3g0m6n6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/07/10 23:40:35 | 000,000,000 | -H-D | M] (AOL Toolbar) -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\h3g0m6n6.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

[2009/07/10 23:41:07 | 000,001,725 | -H-- | M] () -- C:\Users\Carrie\AppData\Roaming\Mozilla\Firefox\Profiles\h3g0m6n6.default\searchplugins\aol-search.xml

[2010/11/20 23:48:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/28 16:48:24 | 000,000,000 | -H-D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.010.006.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

[2010/12/19 00:43:20 | 000,024,576 | -H-- | M] (My Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll

O1 HOSTS File: ([2010/11/21 20:52:49 | 000,000,734 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (My Search BHO) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (My Search)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (My Search Bar) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (My Search)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-167150308-33276035-3128934323-1000\..\Toolbar\WebBrowser: (My Search Bar) - {014DA6C9-189F-421A-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL (My Search)

O3 - HKU\S-1-5-21-167150308-33276035-3128934323-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found

O3 - HKU\S-1-5-21-167150308-33276035-3128934323-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found

O4 - HKU\S-1-5-21-167150308-33276035-3128934323-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-167150308-33276035-3128934323-1000..\Run: [vVTKvjYbBVaNeSx] C:\ProgramData\vVTKvjYbBVaNeSx.exe (GPA)

O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000001] C:\Windows\is-90E9C.exe ()

O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000002] C:\Windows\is-N7673.exe ()

O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000003] C:\Windows\is-I1U9O.exe ()

O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000004] C:\Windows\is-AQ55I.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-21-167150308-33276035-3128934323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-167150308-33276035-3128934323-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - vrlogon.dll (UPEK Inc.)

O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found

O24 - Desktop WallPaper: C:\Users\Carrie\Desktop\desktop.jpg

O24 - Desktop BackupWallPaper: C:\Users\Carrie\Desktop\desktop.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/05 12:33:28 | 000,000,000 | -HSD | C] -- C:\found.026

[2011/04/05 11:56:48 | 000,000,000 | -H-D | C] -- C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore

[2011/04/05 11:47:35 | 000,548,864 | -H-- | C] (GPA) -- C:\ProgramData\vVTKvjYbBVaNeSx.exe

[2011/04/03 14:57:33 | 000,000,000 | -H-D | C] -- C:\Users\Carrie\AppData\Roaming\Roxio

[2011/03/21 17:21:48 | 000,000,000 | ---D | C] -- C:\My Zip Files

[2011/03/21 17:21:42 | 000,000,000 | -H-D | C] -- C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software

[2011/03/21 17:21:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software

[2011/03/21 17:21:39 | 000,000,000 | -H-D | C] -- C:\Program Files\CoffeeCup Software

[2011/03/18 21:29:31 | 000,000,000 | -H-D | C] -- C:\Users\Carrie\Desktop\EVOKEN STUFF

[2011/03/10 15:56:34 | 000,000,000 | -H-D | C] -- C:\Users\Carrie\Desktop\Sadie

[2011/03/10 15:53:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Whisper Technology

[2011/03/10 15:53:09 | 000,000,000 | -H-D | C] -- C:\Users\Carrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTP Surfer

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/07 17:25:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/05 15:03:44 | 000,709,456 | ---- | M] () -- C:\Windows\is-AQ55I.exe

[2011/04/05 15:03:44 | 000,010,562 | ---- | M] () -- C:\Windows\is-AQ55I.msg

[2011/04/05 15:03:44 | 000,000,330 | ---- | M] () -- C:\Windows\is-AQ55I.lst

[2011/04/05 14:55:43 | 000,709,456 | ---- | M] () -- C:\Windows\is-I1U9O.exe

[2011/04/05 14:55:43 | 000,010,562 | ---- | M] () -- C:\Windows\is-I1U9O.msg

[2011/04/05 14:55:43 | 000,000,335 | ---- | M] () -- C:\Windows\is-I1U9O.lst

[2011/04/05 14:35:13 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/05 14:35:13 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/05 13:25:21 | 000,709,456 | ---- | M] () -- C:\Windows\is-N7673.exe

[2011/04/05 13:25:21 | 000,010,562 | ---- | M] () -- C:\Windows\is-N7673.msg

[2011/04/05 13:25:21 | 000,000,335 | ---- | M] () -- C:\Windows\is-N7673.lst

[2011/04/05 13:21:21 | 000,709,456 | ---- | M] () -- C:\Windows\is-90E9C.exe

[2011/04/05 13:21:21 | 000,010,562 | ---- | M] () -- C:\Windows\is-90E9C.msg

[2011/04/05 13:21:21 | 000,000,332 | ---- | M] () -- C:\Windows\is-90E9C.lst

[2011/04/05 13:06:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/04/05 11:56:58 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~26140448

[2011/04/05 11:56:56 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~26140448r

[2011/04/05 11:56:48 | 000,000,583 | -H-- | M] () -- C:\Users\Carrie\Desktop\Windows Restore.lnk

[2011/04/05 11:56:42 | 000,000,328 | -H-- | M] () -- C:\ProgramData\26140448

[2011/04/05 11:56:40 | 000,479,232 | -H-- | M] () -- C:\ProgramData\26140448.exe

[2011/04/05 11:47:38 | 000,118,272 | -H-- | M] () -- C:\Windows\System32\drivers\160C2DA.sys

[2011/04/05 11:47:33 | 000,548,864 | -H-- | M] (GPA) -- C:\ProgramData\vVTKvjYbBVaNeSx.exe

[2011/04/05 09:53:51 | 074,066,968 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2011/04/01 10:52:18 | 000,286,901 | -H-- | M] () -- C:\Users\Carrie\Documents\more-feature-2.jpg

[2011/04/01 02:12:57 | 000,002,377 | -H-- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/03/29 09:25:32 | 000,013,094 | -H-- | M] () -- C:\Users\Carrie\Desktop\hrtdivw.gif

[2011/03/29 09:25:01 | 000,008,845 | -H-- | M] () -- C:\Users\Carrie\Desktop\Pics0609.gif

[2011/03/29 09:22:41 | 000,066,066 | -H-- | M] () -- C:\Users\Carrie\Desktop\Header0609.jpg

[2011/03/29 00:19:43 | 000,041,762 | -H-- | M] () -- C:\Users\Carrie\Desktop\trevlolz.jpg

[2011/03/22 09:10:02 | 000,052,736 | -H-- | M] () -- C:\Users\Carrie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/21 17:21:56 | 000,000,887 | -H-- | M] () -- C:\Users\Public\Desktop\CoffeeCup Free Zip Wizard.lnk

[2011/03/21 17:19:01 | 000,237,763 | -H-- | M] () -- C:\Users\Carrie\Desktop\WHN8E36.tmp.mht

[2011/03/21 17:18:27 | 087,420,300 | -H-- | M] () -- C:\Users\Carrie\Desktop\312.zip

[2011/03/18 21:29:23 | 000,062,739 | -H-- | M] () -- C:\Users\Carrie\AppData\Roaming\nvModes.001

[2011/03/12 21:28:14 | 000,096,702 | -H-- | M] () -- C:\Users\Carrie\Desktop\shot web.jpg

[2011/03/12 14:33:53 | 000,000,524 | -H-- | M] () -- C:\Users\Carrie\Desktop\Jasc Software - Shortcut.lnk

[2011/03/12 14:33:48 | 000,130,564 | -H-- | M] () -- C:\Users\Carrie\Desktop\desktop.jpg

[2011/03/09 03:18:38 | 000,052,027 | -H-- | M] () -- C:\Users\Carrie\Documents\halloween.jpg

[2011/03/09 01:51:07 | 000,282,188 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002557.jpg

[2011/03/09 01:50:07 | 000,257,277 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002530.jpg

[2011/03/09 01:46:18 | 000,187,552 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002250.jpg

[2011/03/09 01:45:35 | 000,256,952 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002213.jpg

[2011/03/09 01:44:47 | 000,246,945 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002137.jpg

[2011/03/09 01:43:59 | 000,198,015 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002054.jpg

[2011/03/09 01:43:21 | 000,266,441 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_001833.jpg

[2011/03/09 01:38:07 | 000,249,079 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_001808.jpg

[2011/03/09 01:37:23 | 000,298,590 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002839.jpg

[2011/03/09 01:36:14 | 000,196,346 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_113010_004538.jpg

[2011/03/09 01:34:20 | 000,308,973 | -H-- | M] () -- C:\Users\Carrie\Documents\WoWScrnShot_112110_211315.jpg

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/05 15:03:44 | 000,709,456 | ---- | C] () -- C:\Windows\is-AQ55I.exe

[2011/04/05 15:03:44 | 000,010,562 | ---- | C] () -- C:\Windows\is-AQ55I.msg

[2011/04/05 15:03:44 | 000,000,330 | ---- | C] () -- C:\Windows\is-AQ55I.lst

[2011/04/05 14:55:43 | 000,709,456 | ---- | C] () -- C:\Windows\is-I1U9O.exe

[2011/04/05 14:55:43 | 000,010,562 | ---- | C] () -- C:\Windows\is-I1U9O.msg

[2011/04/05 14:55:43 | 000,000,335 | ---- | C] () -- C:\Windows\is-I1U9O.lst

[2011/04/05 13:25:21 | 000,709,456 | ---- | C] () -- C:\Windows\is-N7673.exe

[2011/04/05 13:25:21 | 000,010,562 | ---- | C] () -- C:\Windows\is-N7673.msg

[2011/04/05 13:25:21 | 000,000,335 | ---- | C] () -- C:\Windows\is-N7673.lst

[2011/04/05 13:21:21 | 000,709,456 | ---- | C] () -- C:\Windows\is-90E9C.exe

[2011/04/05 13:21:21 | 000,010,562 | ---- | C] () -- C:\Windows\is-90E9C.msg

[2011/04/05 13:21:21 | 000,000,332 | ---- | C] () -- C:\Windows\is-90E9C.lst

[2011/04/05 11:56:56 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~26140448r

[2011/04/05 11:56:56 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26140448

[2011/04/05 11:56:48 | 000,000,583 | -H-- | C] () -- C:\Users\Carrie\Desktop\Windows Restore.lnk

[2011/04/05 11:56:42 | 000,000,328 | -H-- | C] () -- C:\ProgramData\26140448

[2011/04/05 11:56:40 | 000,479,232 | -H-- | C] () -- C:\ProgramData\26140448.exe

[2011/04/05 11:47:38 | 000,118,272 | -H-- | C] () -- C:\Windows\System32\drivers\160C2DA.sys

[2011/04/01 10:52:11 | 000,286,901 | -H-- | C] () -- C:\Users\Carrie\Documents\more-feature-2.jpg

[2011/03/29 09:25:32 | 000,013,094 | -H-- | C] () -- C:\Users\Carrie\Desktop\hrtdivw.gif

[2011/03/29 09:25:00 | 000,008,845 | -H-- | C] () -- C:\Users\Carrie\Desktop\Pics0609.gif

[2011/03/29 09:22:41 | 000,066,066 | -H-- | C] () -- C:\Users\Carrie\Desktop\Header0609.jpg

[2011/03/29 00:19:42 | 000,041,762 | -H-- | C] () -- C:\Users\Carrie\Desktop\trevlolz.jpg

[2011/03/21 17:21:56 | 000,000,887 | -H-- | C] () -- C:\Users\Public\Desktop\CoffeeCup Free Zip Wizard.lnk

[2011/03/21 17:19:20 | 000,237,763 | -H-- | C] () -- C:\Users\Carrie\Desktop\WHN8E36.tmp.mht

[2011/03/21 16:41:49 | 087,420,300 | -H-- | C] () -- C:\Users\Carrie\Desktop\312.zip

[2011/03/12 21:28:14 | 000,096,702 | -H-- | C] () -- C:\Users\Carrie\Desktop\shot web.jpg

[2011/03/12 14:33:47 | 000,130,564 | -H-- | C] () -- C:\Users\Carrie\Desktop\desktop.jpg

[2011/03/09 03:18:29 | 000,052,027 | -H-- | C] () -- C:\Users\Carrie\Documents\halloween.jpg

[2011/03/09 01:50:48 | 000,282,188 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002557.jpg

[2011/03/09 01:49:52 | 000,257,277 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002530.jpg

[2011/03/09 01:46:02 | 000,187,552 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002250.jpg

[2011/03/09 01:45:17 | 000,256,952 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002213.jpg

[2011/03/09 01:44:29 | 000,246,945 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002137.jpg

[2011/03/09 01:43:42 | 000,198,015 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002054.jpg

[2011/03/09 01:43:04 | 000,266,441 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_001833.jpg

[2011/03/09 01:37:49 | 000,249,079 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_001808.jpg

[2011/03/09 01:37:00 | 000,298,590 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_030911_002839.jpg

[2011/03/09 01:35:58 | 000,196,346 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_113010_004538.jpg

[2011/03/09 01:34:00 | 000,308,973 | -H-- | C] () -- C:\Users\Carrie\Documents\WoWScrnShot_112110_211315.jpg

[2010/12/19 00:43:51 | 000,000,077 | ---- | C] () -- C:\Windows\cdplayer.ini

[2010/11/21 20:39:43 | 000,000,036 | -H-- | C] () -- C:\Users\Carrie\AppData\Local\housecall.guid.cache

[2009/10/20 14:19:30 | 000,053,299 | -H-- | C] () -- C:\Windows\System32\pthreadVC.dll

[2009/07/02 23:26:48 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2008/10/04 14:28:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2008/09/13 21:16:47 | 003,786,760 | -H-- | C] () -- C:\Windows\System32\D3DX9_37.dll

[2008/05/26 00:35:54 | 000,000,680 | -H-- | C] () -- C:\Users\Carrie\AppData\Local\d3d9caps.dat

[2008/02/19 23:11:51 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2008/01/23 19:37:33 | 000,062,739 | -H-- | C] () -- C:\Users\Carrie\AppData\Roaming\nvModes.001

[2008/01/23 19:34:06 | 000,062,739 | -H-- | C] () -- C:\Users\Carrie\AppData\Roaming\nvModes.dat

[2008/01/22 21:01:12 | 000,052,736 | -H-- | C] () -- C:\Users\Carrie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/18 18:44:24 | 000,167,936 | -H-- | C] () -- C:\Windows\System32\nvccoin.dll

[2008/01/18 18:44:23 | 000,016,480 | -H-- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/01/18 18:41:36 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ntprint.exe

[2008/01/18 18:24:10 | 003,547,136 | -H-- | C] () -- C:\Windows\System32\nvvitvs.dll

[2008/01/18 18:24:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\nvgamesr.dll

[2008/01/18 11:21:51 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008/01/18 11:08:18 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2008/01/18 11:03:21 | 000,000,628 | -H-- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini

[2008/01/18 11:03:18 | 000,101,376 | -H-- | C] () -- C:\Windows\System32\APOMngr.dll

[2008/01/18 11:03:18 | 000,066,560 | -H-- | C] () -- C:\Windows\System32\CmdRtr.dll

[2008/01/18 10:50:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2007/07/25 18:40:02 | 000,999,424 | -H-- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/10 09:26:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006/11/07 15:25:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\px.ini

[2006/11/03 19:25:56 | 000,389,120 | -H-- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 002,149,648 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 08:34:33 | 000,038,400 | ---- | C] () -- C:\Windows\System32\dmloader.dll

[2006/11/02 06:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,154,646 | -H-- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:33:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:25:44 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 06:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 05:03:35 | 001,029,120 | ---- | C] () -- C:\Windows\System32\d3d10.dll

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:57:02 | 000,017,408 | ---- | C] () -- C:\Windows\System32\ias.dll

[2006/11/02 04:52:25 | 000,016,488 | -H-- | C] () -- C:\Windows\System32\drivers\i2omgmt.sys

[2006/11/02 04:51:15 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\mskssrv.sys

[2006/11/02 04:47:42 | 000,044,544 | ---- | C] () -- C:\Windows\System32\deskmon.dll

[2006/11/02 04:46:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\gpedit.dll

[2006/11/02 04:43:42 | 000,132,096 | ---- | C] () -- C:\Windows\System32\scksp.dll

[2006/11/02 04:37:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\KBDBASH.DLL

[2006/11/02 04:33:44 | 000,281,088 | ---- | C] () -- C:\Windows\System32\cmipnpinstall.dll

[2006/11/02 04:32:40 | 000,034,816 | ---- | C] () -- C:\Windows\System32\waitfor.exe

[2006/11/02 04:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2006/09/17 01:36:50 | 000,520,192 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 01:36:50 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2001/11/14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/01/20 12:45:32 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\acccore

[2010/09/20 20:47:02 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\Canon

[2011/03/04 13:01:54 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\Jasc

[2010/04/03 22:59:44 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\ManyCam

[2009/08/03 17:10:30 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\NCH Swift Sound

[2009/06/08 01:15:02 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\Pogo Games

[2009/06/08 01:15:13 | 000,000,000 | -H-D | M] -- C:\Users\Carrie\AppData\Roaming\ScanSoft

[2011/04/05 13:06:33 | 000,032,596 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:588B60C7

< End of report >

OTL Extras logfile created on: 4/7/2011 5:35:46 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Carrie\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free

6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.31 Gb Total Space | 111.95 Gb Free Space | 50.82% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 3.05 Gb Free Space | 30.48% Space Free | Partition Type: NTFS

Computer Name: CARRIE-LAPTOP | User Name: Carrie | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-167150308-33276035-3128934323-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3211B9E8-9591-4BBE-934B-D28A42314CCC}" = rport=137 | protocol=17 | dir=out | app=system |

"{3B6671F2-1DEB-4C1D-90EC-162B67675961}" = lport=445 | protocol=6 | dir=in | app=system |

"{6CD888EA-C040-42AF-8613-58B3982C26A2}" = rport=139 | protocol=6 | dir=out | app=system |

"{7332B232-5209-42DD-8AD5-9E7C43BA3563}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{82F02F00-5E12-401D-9064-5A62614A67E2}" = rport=445 | protocol=6 | dir=out | app=system |

"{AD96B137-513D-4B28-9B23-1B46284AED33}" = lport=137 | protocol=17 | dir=in | app=system |

"{B4695CEA-CD54-4A65-834D-B66E6FC82CF6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{BE5EAA09-34CD-471A-A473-8353B190C37D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{E0608016-2DB1-42BE-8B73-6F67B8B05331}" = lport=138 | protocol=17 | dir=in | app=system |

"{E3FB7E2D-8501-43FD-9C00-57B9A6E679FC}" = rport=138 | protocol=17 | dir=out | app=system |

"{F5F9F209-6B73-4505-A5BA-701EF1A8B626}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{005A21F4-093E-4F86-9196-1CA9DAC2976D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{0A1285A8-3388-481A-830E-4B9555F53B74}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{0B001ADD-CA27-451E-8DC2-D4108A528C12}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{0BC31D58-D37F-47D4-BCC9-4808E941BBB6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{0FB87337-AC2B-49E1-A702-7E42D271FFA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{178D2A24-EC81-42F4-8D5B-25D41A1DC46F}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{18C53331-8ED2-44DC-B70D-358A83101962}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{1CE414D2-39B5-46EE-A46E-7712A307838E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{1DFCD60B-97B5-4CF1-BCD9-664FFEE2786D}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |

"{1FB3E420-79F9-4754-AA30-D931B0A9D2EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{24C77E8E-D37F-406E-B46D-5E029EDF0294}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{2CFC0D0D-D6CD-4849-ACB4-8B4331E950C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{35D2DA1A-1D5D-4FAA-95C0-B5F4B779E28A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3A5B7528-6ABA-4A43-9E72-94D78C2D6346}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3E94EF14-7CAA-4E1C-AC91-308CA8E85C87}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"{4D18B123-3E7F-4625-B302-2A9AF81DB086}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

"{4EDE9B45-E2EE-4B7A-A532-A4247336CD35}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{50A4BBDA-8C9C-4B73-B216-9A2AD1F48E4D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{540D911F-4AE1-439D-A1DE-67A25271E7B4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{552C05A7-CA3C-415D-B362-6C1BF002FD22}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{560C457B-1309-451C-A10B-54FE221866B6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1247105899\ee\aolsoftware.exe |

"{564107DF-8ECA-4FC4-9292-615AC70145AC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{57E96C8D-4D82-4A0F-AF84-F0945DA3ACE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{58EEC94C-CB90-4768-BB2B-2035BB0E0081}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{5A9AEA89-9953-4E0D-A907-80F99C0802D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61CC8921-F5AA-4BF7-893C-C2E7F0BAFAF3}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |

"{638BD641-2A41-4C12-9ED0-2CCCDC974DE0}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{6ACDF1EF-DA9A-4AEC-BE91-939D1891D9A1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{6C23B96E-A2C8-42CC-8792-5B94509B0C6E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

"{6CE0341C-64E1-4B8B-934A-67B2A15944FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6FA5E969-2E99-4A2A-AE21-AED4D4893BFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{75749C0B-EF29-4CE4-8802-6FF17BDC2FD8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{81451725-2A4A-4FD5-B319-0F4CD2942F15}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{8424EE59-943D-4841-ABE4-4450347259C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{858366E3-183C-4B00-82A8-B8716C72734D}" = protocol=6 | dir=in | app=c:\windows\temp\~os163c.tmp\rlvknlg.exe |

"{8616CEB5-60E8-45C6-80DE-D0463792753C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{862A13A9-2A9D-4659-9992-69D569E7CBA9}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{86F8FB64-AED5-4110-A705-792855442375}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{87002E23-58F3-4BB3-A423-278CB77CBDC5}" = protocol=6 | dir=in | app=c:\windows\temp\~os5080.tmp\rlvknlg.exe |

"{8B0A246E-699B-47BE-B734-1667E1F48A4F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{92AEC2C3-B5E3-4B4B-A050-3150BC07A896}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{98BBFADB-91A5-4E42-B623-5F1A610A507D}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |

"{990E9E1D-9772-4981-A5B5-8CC94CDA9E26}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{9E8F0760-5737-4996-9DB9-104E7F1462E4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{AFDD0D0D-E8B6-456F-9DF8-1DBE4A238116}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B1DEFA83-9260-4F17-8BAB-5BE3C7D7C64F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{B610D7E4-0B3D-46AD-B0A5-D7547F8427A6}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{B795D09B-DB99-4564-864B-B5CE3B1EEE55}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{B94F8A27-F14D-4A64-9F99-990C3C701FE9}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{B9D54D9D-8E9E-4A4D-BE59-D174BE39D254}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{BB3CFE6A-C748-4656-81A3-AFE1D2D39101}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1247105899\ee\aolsoftware.exe |

"{BD1E9638-5A3B-4905-ADFD-6240FE8467A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{C150DEA6-1144-4BBF-AEC7-9D6AF45024E9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{C3BD8A88-E2F4-4E3D-8178-CDA3A15A4FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C5D09265-6CC7-4B24-8E7A-0C96CB57623C}" = protocol=6 | dir=in | app=c:\windows\temp\~os8d79.tmp\rlvknlg.exe |

"{CC54BD02-69B8-4D66-B6D5-B2B5D79D0E69}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CF2466E7-923B-4459-873C-1E3331BAF934}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D8865C8F-9B97-418E-ADCD-B0E382CF1A5D}" = protocol=6 | dir=in | app=c:\users\carrie\appdata\local\temp\~os90cc.tmp\rlvknlg.exe |

"{D9EC9317-D9E5-46ED-842A-773D0C562045}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{DAF274FE-B8E8-4A8F-8549-0DB205C282D3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{DDED0141-E36F-48F8-A59E-856A4FFF811B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EA21032E-6829-4406-ABCC-DFB0B65676B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F4CACEDD-E4CD-446C-B648-B74CAF2E2FD3}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |

"{F4D07CEF-1D66-4E35-B5AC-CFFFC73018F2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{F851FDE4-4242-4F46-83B1-E57B2135574C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F868543C-AD32-4569-B8F0-8E3304F4E8D7}" = protocol=6 | dir=in | app=c:\windows\temp\~os6558.tmp\rlvknlg.exe |

"{FC8ACDB8-6696-4D81-8C35-57F55FA87A7E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install

"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online

"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1

"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB

"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100

"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7

"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher

"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E518C80C-C549-40E1-844C-669ED64195D3}" = FTP Surfer

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Elise · April 8, 2011

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

ooglefish3 · April 8, 2011

Here ya go;-)

ComboFix 11-04-07.08 - Carrie 04/08/2011 9:09.2.2 - x86 NETWORK

Microsoft

Elise · April 8, 2011

Hi again, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


FCopy::
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys | c:\windows\System32\drivers\tcpip.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ooglefish3 · April 8, 2011

Ok, I did what you asked and after it ran that script, it produced a log.txt in notepad. NOW, I cannot get online with it. I am on my desktop right now typing this. Basically, I now have no connection to the net.

ooglefish3 · April 8, 2011

Oh, and all those desktop files that were unhidden before, and hidden again.

ooglefish3 · April 8, 2011

I meant all desktop items are also hidden again.

Elise · April 8, 2011

Hi, you mean your personal files (shortcuts and the like) have disappeared? If so, run unhide.exe

Can you explain me how you connect to the internet (wired, wireless,...). Also, right click on the tray connection icon and select the Repair option. What does that say?

ooglefish3 · April 8, 2011

This is done wireless, I ran the unhide.exe icons are now back. I have to run it in normal mode since it will not allow me to do that in safe mode. Which means I have to go into task manager right away to end that Windows Restore virus from running.

When I right click on the network icon,>diagnose and repair> The window pops-up There might be a problem with one or more network adapters on this computer.

The adapter "Marvell Yukon 88E8040 PCI E Fast Ethernet Controller is experiencing driver and or hardware related issues

Make sure your Internet Protocal Bindings are correct.

Still having this Windows Restore Virus window open whenever I try to diagnose. I have to go into Task Manager to kill it. This Windows Restore is the root of the problem.

ooglefish3 · April 8, 2011

Up until running that last script in Combo, my connection was fine.

Elise · April 8, 2011

First lets get rid of the rogue software, then lets concentrate on the internet problem.

Please run the following as a CFScript.

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vVTKvjYbBVaNeSx"=-

File::
c:\programdata\vVTKvjYbBVaNeSx.exe

Post me the resulting log and if the internet still does not function:

Click Start > Programs > Accessories, right click on Command Prompt and select "run as administrator".

Type the following and press enter.

netsh int ip reset

Restart your computer and let me know if the internet works afterwards.

ooglefish3 · April 9, 2011

Ok this is where I am at and was. First, after I ran that one cfscript u had me drop into combofix, it ran it, gave me a. Txt file titled info when I went to Ken my browser, I couldn't connect all of a sudden to internet. So, I did what u asked and we t to diagnose and repair. Of course u can only do that in normal mode. So, of course that windows restore virus started up to so, I had to end that in task manager, well as you read, those issue options it gave me came up. I rebooted into safe mode with networking and again, alll my desktop icons were gone and going under the start menu, all programs that was empty again. So I tried unhide program in the search field to find it and run it but it cannot find it.. anyway, I wrote out that new script u provided in notepad, it ran it but never generated a. Txt file. I went into command mode typed in what u provided and nothing changed, still cannot connect online. So, right now, I rebooted into safe mode command line, drilled down and I am running malwarebytes in hopes it will help with something but I'm running it without updates since hence, I cannot connect to the net. Hhhhelp.

?

ooglefish3 · April 9, 2011

sorry my last reply was through my phone browser and it may not make any sense. using my wii browser now so if you need clarification on anything please ask. thanks.

Elise · April 9, 2011

Don't worry, I got the important info.

From the command prompt, can you execute the netsh int ip reset command and if so, did that restore connectivity?

You can run the CFScript from safe mode command prompt, but for that to work, I need to know where the CFScript is located.

The command is as follows: c:\users\Carrie\Downloads\ComboFix.exe c:\users\carrie\<location of cfscript> (you can for example create and save the CFScript in the same location as combofix).

ooglefish3 · April 11, 2011

Okay, first thank you for the reply as always. Second, this is insane, now my desktop has a problem as well. I'll get to that in a different thread after I get this laptop up and running.

Anywho, here is where I am at. I went into "Safe Mode Command Prompt Only" and tried running netsh int ip reset by entering the following C:\netsh int ip reset (obviously the C:\ was already there) The response I received below was: There's no user specified settings to be reset.

Now, here is the kicker. I tried to search for ComboFix by going into C:\DIR What came back was a brief listing of files (Directory of C:\) I found ComboFix, entered cd C:\ComboFix, after which I did a DIR of ComboFix which returned 0 files 2 DIR(s)

I have tried going into C:\Program Files and even under that directory I find 0 files 3 DIR(s). I am assuming the majority of the files, be it Program Files, Windows, Users, etc. etc. are hidden. Problem with that is, I would need to download/install unhide.exe simply because I cannot find it.

I also entered in you're suggestion of C:\users\Carrie\Downloads\ComboFix.exe and it came back with: The system cannot find the path specified.

I even tried entering c:\users\Carrie\Downloads\ComboFix and what came back was: The system cannot find the path specified. BUT, it then came up with: C:\Users\Carrie I did a DIR under this and the return I received was: Volume in drive C is OS; Volume Serial Number is 1E82-9683; File Not Found.

So, that is currently where I am at. I like to think every problem has a solution, which this whole debacle I am sure has without having to do anything drastic like reinstalling Windows etc.

Hope the info above helps somewhat. Luckily, I enjoy working on computers....heh

Elise · April 11, 2011

At the time you ran combofix the second time, there was a bug in the tool that caused it to delete some files/folders. To undo what was deleted/fixed, please download and run http://download.bleepingcomputer.com/sUBs/MiniFixes/CF-undo-All.exe

You can download it on a working computer, put it on a flashdrive and transfer it to this one. After running the tool, let me know if things are back in working order.

Sorry for not recognizing this earlier; because the second log was not posted, I did not realize you were hit by this bug.

screen317 · April 28, 2011

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Windows restore virus

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information