Solved suspect ransomware freezing PC when trying to access internet

[Resolved] suspect ransomware freezing PC when trying to access internet

This is a strange situation that I am not familiar with. A desktop computer running Windows 7 Home Premium has a mesage displaying when one attempts to connect to the internet. The message claims to be from the FBI and demands payment of a fine ($200) to be paid via some type of 'money card. This is obbiously one huge fraud but no matter it has that particular computer locked out of the internet. Therefore it presents problems in trying to eliminate the problems!

I am on a different unit, but connected to the same modem and router and not experiencing any of this trouble. My unit is using WiFi and the desk top with problems is hard wired to the router...

Please help me resolve this issue!!

At this time I am having the problem unit run the latest installed AVAST scan and will follow with Malwarebytes, which I know is a bit dated...

Thank you ro any assistance...

jim

 

mbam log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.06.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

9/5/2012 8:53:33 PM
mbam-log-2012-09-05 (21-50-26).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283060
Time elapsed: 56 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\39347aac-3b56fb15 (Trojan.Ransom) -> No action taken.
C:\Users\Owner\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.

(end)

 

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-06 06:48:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500JD-75HBB0 rev.08.02D08
Running: 51u3x0db.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91056DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90910A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9105785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9105C2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9105C330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9105C422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9105C252]
SSDT 919303AE ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9105C29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9105C3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91056E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90910B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91056AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91056E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91059D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91057B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9105C30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9105C352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9105C446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9105C278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9105C3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9105C2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9105C400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90910CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x910579CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91056EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91056F28]
SSDT 919303B3 ZwSetContextThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91056B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91056CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91056C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91056D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90910D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91056F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90910BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90926D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C76359 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CB6DA0 4 Bytes [F8, 6D, 05, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CB6DC8 4 Bytes [5A, 0A, 91, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CB6E28 4 Bytes [5E, 78, 05, 91] {POP ESI; JS 0x8; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CB6E7C 4 Bytes [E4, C2, 05, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AC 82CB6E81 3 Bytes [C3, 05, 91]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E43C64 5 Bytes JMP 90923C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E5C290 5 Bytes JMP 90925764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E713D7 4 Bytes CALL 910581B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E8B1E0 4 Bytes CALL 910581CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F150F6 7 Bytes JMP 90926D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9200F000, 0x38CD55, 0xE8000020]
PAGE peauth.sys 9B364B9B 72 Bytes [E0, EA, 67, 94, DD, 79, AA, ...]
.text kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[452] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 003103FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00310804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 003101F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[460] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00310600
.text C:\Windows\system32\wininit.exe[528] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[528] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[528] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[528] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[528] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[528] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[528] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[528] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00060600
.text C:\Program Files\Hide My IP 2008\SecureSrv.exe[536] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[544] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[548] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[548] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[548] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[548] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[548] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[548] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[548] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[548] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\services.exe[584] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[584] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[584] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[600] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\lsass.exe[600] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[608] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[692] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[968] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[968] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[968] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[968] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[968] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[968] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[968] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[968] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 002A0A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002A03FC
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 002A0804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002A01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 002A0600
.text C:\Windows\system32\AUDIODG.EXE[1072] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 005C0A08
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 005C03FC
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 005C0804
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 005C01F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 005C0600
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00A40A08
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 00A403FC
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00A40804
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 00A401F8
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00A40600
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00230A08
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002303FC
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00230804
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002301F8
.text C:\Windows\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1408] kernel32.dll!SetUnhandledExceptionFilter 77C1F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1408] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1416] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1416] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1416] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1416] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[1416] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[1416] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[1416] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[1416] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\spoolsv.exe[1564] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1564] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1564] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00090A08
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00090804
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[1564] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 002D0A08
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002D03FC
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 002D0804
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 002D0600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001F03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001F0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1696] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1720] USER32.dll!SetWindowsHookExA

 

761C6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1768] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1768] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1768] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1896] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\Dwm.exe[1896] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\Dwm.exe[1896] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1896] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\Dwm.exe[1896] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\Dwm.exe[1896] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\Dwm.exe[1896] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\Dwm.exe[1896] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00140600
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001703FC
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001701F8
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!UnhookWindowsHookEx 7619ADF9 3 Bytes JMP 001A0A08
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!UnhookWindowsHookEx + 4 7619ADFD 1 Byte [8A]
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!UnhookWinEvent 7619B750 3 Bytes JMP 001A03FC
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!UnhookWinEvent + 4 7619B754 1 Byte [8A]
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001A0804
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001A01F8
.text C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe[1916] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001A0600
.text C:\Windows\system32\taskhost.exe[1920] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1920] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1920] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[1920] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00070600
.text C:\Windows\system32\lxctcoms.exe[1972] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Windows\system32\lxctcoms.exe[1972] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Windows\system32\lxctcoms.exe[1972] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\lxctcoms.exe[1972] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\lxctcoms.exe[1972] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\lxctcoms.exe[1972] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\lxctcoms.exe[1972] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\lxctcoms.exe[1972] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001E0804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe[1988] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001E0600
.text C:\Windows\system32\taskeng.exe[2024] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[2024] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[2024] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2024] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[2024] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[2024] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[2024] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[2024] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2148] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2148] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001601F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 003B0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 003B03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 003B0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 003B01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2172] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2624] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\WUDFHost.exe[2784] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2784] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2784] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2784] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\WUDFHost.exe[2784] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\WUDFHost.exe[2784] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\WUDFHost.exe[2784] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\WUDFHost.exe[2784] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00140600
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001703FC
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001701F8
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00200A08
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002003FC
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00200804
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002001F8
.text C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\SearchIndexer.exe[3396] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3396] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3396] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3396] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3396] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3396] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3396] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3396] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001E03FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001E0804
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3648] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe[3664] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001E03FC
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 001E0804
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Lexmark 5400 Series\lxctmon.exe[3676] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001501F8
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 002D0A08
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002D03FC
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 002D0804
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002D01F8
.text C:\Program Files\Lexmark 5400 Series\ezprint.exe[3732] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 002D0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4036] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00210600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 00150A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 001503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 00150804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 001501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4068] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\taskeng.exe[4908] ntdll.dll!LdrUnloadDll 77D0C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[4908] ntdll.dll!LdrLoadDll 77D1223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[4908] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4908] USER32.dll!UnhookWindowsHookEx 7619ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[4908] USER32.dll!UnhookWinEvent 7619B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[4908] USER32.dll!SetWindowsHookExW 7619E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[4908] USER32.dll!SetWinEventHook 761A24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[4908] USER32.dll!SetWindowsHookExA 761C6D0C 5 Bytes JMP 000F0600
.text C:\Users\Owner\Downloads\51u3x0db.exe[5740] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73F6F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe[3104] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75D3FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73F6F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/23/2011 1:06:37 PM
System Uptime: 9/6/2012 7:07:10 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 14.546 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP175: 9/5/2012 4:21:13 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
aTube Catcher
avast! Free Antivirus
CCleaner
CutePDF Writer 2.8
DivX Web Player
DotNET35SP1Setup1
eMule
Express Rip
Express Zip
Fast Traffic Sniper
Freemake Video Converter version 2.4.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hide My IP 2008
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 31
JavaFX 2.1.1
Lexmark 5400 Series
Lexmark Toolbar
LiveVDO plugin 1.3
magicJack
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (8.0)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Paint.NET v3.5.10
Prism Video File Converter
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Sonic Activation Module
StuffIt Expander 2011
SugarSync Manager
SUPERAntiSpyware
Switch Sound File Converter
TreeSize Free V2.7
TVUPlayer 2.5.3.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
Veetle TV
Windows Movie Maker 2.6
WinZip 16.5
WinZip Courier
.
==== Event Viewer Messages From Past Week ========
.
9/6/2012 7:07:26 PM, Error: Service Control Manager [7000] - The avgntflt service failed to start due to the following error: The system cannot find the file specified.
9/5/2012 3:25:30 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/5/2012 3:25:30 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/5/2012 11:42:30 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/4/2012 4:52:28 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
9/4/2012 4:52:25 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
9/3/2012 7:56:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0x872dd510, 0x9242ad68, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090312-21949-01.
.
==== End Of File ===========================

 

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Owner at 19:30:08 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1862 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxctcoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Users\Owner\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\aswMBR.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [cdloader] "c:\users\owner\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe "
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe "
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\securenet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9F796EC1-5415-4D43-BA34-706D1D3AA718} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\sm6exwex.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\owner\downloads\emsisoftemergencykit\run\a2ddax86.sys [2012-8-31 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-12 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-12 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-12 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-12 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-14 44768]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 SecureSrv;SecureSrv;c:\program files\hide my ip 2008\SecureSrv.exe [2012-5-5 110880]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-23 66616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-26 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-13 113120]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-25 1343400]
.
=============== Created Last 30 ================
.
2012-09-01 02:57:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-19 08:11:20 -------- d-----w- c:\users\owner\appdata\roaming\JAM Software
2012-08-19 08:11:17 -------- d-----w- c:\program files\JAM Software
.
==================== Find3M ====================
.
2012-09-01 02:57:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 02:57:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-11 18:13:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-11 18:13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:30:54.06 ===============

 

aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 19:20:16
-----------------------------
19:20:16.756 OS Version: Windows 6.1.7601 Service Pack 1
19:20:16.756 Number of processors: 2 586 0xF0D
19:20:16.756 ComputerName: OWNER-PC UserName: Owner
19:20:24.864 Initialize success
19:20:24.964 AVAST engine defs: 12090601
19:21:28.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:21:28.404 Disk 0 Vendor: WDC_WD2500JD-75HBB0 08.02D08 Size: 238418MB BusType: 3
19:21:28.435 Disk 0 MBR read successfully
19:21:28.435 Disk 0 MBR scan
19:21:28.435 Disk 0 Windows 7 default MBR code
19:21:28.451 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:21:28.466 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238316 MB offset 206848
19:21:28.482 Disk 0 scanning sectors +488278016
19:21:28.575 Disk 0 scanning C:\Windows\system32\drivers
19:21:39.383 Service scanning
19:22:02.855 Modules scanning
19:22:20.709 Disk 0 trace - called modules:
19:22:20.729 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:22:21.059 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86730030]
19:22:21.059 3 CLASSPNP.SYS[8bd8b59e] -> nt!IofCallDriver -> [0x86263918]
19:22:21.069 5 ACPI.sys[838893d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8597d908]
19:22:21.699 AVAST engine scan C:\Windows
19:22:24.515 AVAST engine scan C:\Windows\system32
19:25:03.803 AVAST engine scan C:\Windows\system32\drivers
19:25:16.333 AVAST engine scan C:\Users\Owner
19:29:36.936 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\New Scan Logs\MBR.dat "
19:29:36.946 The log file has been saved successfully to "C:\Users\Owner\Desktop\New Scan Logs\aswMBR.txt "

 

re-running the Malwarebytes scan and will forward in a few... sorry I forgot to send the other one... my bad

 

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

9/7/2012 8:40:06 PM
mbam-log-2012-09-07 (20-40-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282850
Time elapsed: 48 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Combofix

ComboFix 12-09-07.03 - Owner 09/07/2012 22:04:01.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2247 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\nud0repor.pad
c:\users\Owner\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 02:09 . 2012-09-08 02:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-08 02:09 . 2012-09-08 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 02:57 . 2012-09-01 02:57 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 02:51 . 2012-09-01 02:51 -------- d-----w- c:\program files\Common Files\Java
2012-08-19 08:11 . 2012-08-19 08:11 -------- d-----w- c:\users\Owner\AppData\Roaming\JAM Software
2012-08-19 08:11 . 2012-08-19 08:11 -------- d-----w- c:\program files\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 02:57 . 2012-06-04 17:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 02:57 . 2011-08-23 20:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-11 18:13 . 2012-04-01 04:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-11 18:13 . 2011-08-23 20:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-10-30 17:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-28 19:13 . 2012-07-13 15:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} "= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@= "{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} "
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@= "{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} "
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@= "{A759AFF6-5851-457D-A540-F4ECED148351} "
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@= "{1574C9EF-7D58-488F-B358-8B78C1538F51} "
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:29 365648 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-26 39408]
"cdloader "= "c:\users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"lxctmon.exe "= "c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server "= "c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint "= "c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2008\SecureSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 20:20]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 20:20]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646591151-1669844780-1480992367-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 12:00]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2646591151-1669844780-1480992367-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\securenet.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sm6exwex.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-07 22:11:47
ComboFix-quarantined-files.txt 2012-09-08 02:11
ComboFix2.txt 2012-05-08 18:38
.
Pre-Run: 16,283,324,416 bytes free
Post-Run: 16,197,681,152 bytes free
.
- - End Of File - - 1FD9EE6D04A1BD347434433417C895BA

 

The computer seems to be running fine, memory is always tight but other than that there are not issues that are creating problems.

Avira is and has not been 'active' in ages, I cannot even locate it to delete it, it does not show up in the program add/delete files! So if there is a way to dump the files that seem to remain, I would love to know how!

Running the latest scans and will forward the results shortly...

thank you

 

OTL logfile created on: 9/7/2012 10:44:07 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 57.44% Memory free
6.50 Gb Paging File | 4.87 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.73 Gb Total Space | 15.21 Gb Free Space | 6.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 22:39:22 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/27 15:38:55 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 13:56:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/09/05 13:01:50 | 000,110,880 | ---- | M] () -- C:\Program Files\Hide My IP 2008\SecureSrv.exe
PRC - [2007/03/19 08:58:47 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe
PRC - [2007/03/19 08:58:17 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/31 00:17:23 | 000,082,944 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2008/08/30 00:53:16 | 000,151,552 | ---- | M] () -- C:\Windows\System32\securenet.dll
MOD - [2007/03/19 08:58:17 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
MOD - [2007/01/10 10:38:54 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctscw.dll
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/09/20 10:15:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\VCUPermits9.dll
MOD - [2006/09/20 10:15:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\VCUError9.dll
MOD - [2006/06/08 22:39:54 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctdrec.dll


========== Services (SafeList) ==========

SRV - [2012/07/28 15:13:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/06 13:56:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/25 12:19:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/05 13:01:50 | 000,110,880 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Hide My IP 2008\SecureSrv.exe -- (SecureSrv)
SRV - [2007/03/19 08:58:47 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/31 00:21:16 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 B3 65 7C B9 61 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B67131CD-2666-4791-93AA-7E69525EBE3F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B67131CD-2666-4791-93AA-7E69525EBE3F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_en-GBUS446
IE - HKCU\..\SearchScopes\{EF627E0A-144F-42AC-92A4-2D7D6726B888}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14674&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=T9&apn_dtid=YYYYYYURUS&apn_uid=1e96527e-137e-4bd7-8b4a-9d4d868d7d77&apn_sauid=8E11D2A0-5FA8-408E-A45B-1F5DCDFFE372
IE - HKCU\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111127&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{FAC9FF79-9E9A-4981-ABB2-EE3F0C0A53AB}: "URL" = http://searchya.com/?chnl=ft-101&s=1&cr=19542007&cd=2XzutAtN2Y1L1QzutDtDtC0DyCtDyEtByCtByCtD0E0DtCtAtBtN0D0TzutBtDtCtBtDtAtDyB&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/10/12 23:32:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/14 15:00:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files\WinZip Courier\FFExt [2012/06/01 19:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 15:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 13:09:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/20 03:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/05/20 03:11:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 15:13:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 13:09:25 | 000,000,000 | ---D | M]

[2012/07/13 11:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/07/14 11:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sm6exwex.default\extensions
[2012/07/13 12:36:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sm6exwex.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/13 11:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/28 15:13:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/27 09:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.foxnews.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.ask.com/?l=dis&o=14676cr
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: LiveVDO plug-in (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll
CHR - plugin: LiveVDO plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: WinZip Courier = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.5.9731.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: LiveVDO plugin = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/07 22:10:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKCU..\Run: [cdloader] C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\securenet.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F796EC1-5415-4D43-BA34-706D1D3AA718}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 22:39:21 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/09/07 22:11:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/07 22:02:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/07 22:02:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/07 22:02:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/07 22:01:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/07 21:39:11 | 004,749,820 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/06 19:19:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/09/06 19:16:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/08/31 22:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/31 14:15:02 | 000,999,520 | ---- | C] (Solid State Networks) -- C:\Users\Owner\Desktop\install_reader10_en_gtbp_chrd_aih.exe
[2012/08/31 00:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2012/08/30 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Scan Logs
[2012/08/19 04:11:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\JAM Software
[2012/08/19 04:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[2012/08/19 04:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 22:42:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/07 22:39:22 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/09/07 22:10:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/07 22:05:22 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2646591151-1669844780-1480992367-1000UA.job
[2012/09/07 21:39:11 | 004,749,820 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/09/07 16:55:44 | 000,053,382 | ---- | M] () -- C:\Users\Owner\Desktop\539367_521635581183767_302367106_n.jpg
[2012/09/07 12:42:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/07 09:33:55 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 09:33:55 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/07 09:28:06 | 000,000,953 | ---- | M] () -- C:\Users\Owner\Desktop\magicJack.lnk
[2012/09/07 09:26:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/07 09:26:28 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 23:27:21 | 000,021,657 | ---- | M] () -- C:\Users\Owner\Desktop\253436_10151191538008945_228011387_n.jpg
[2012/09/06 22:42:38 | 000,030,336 | ---- | M] () -- C:\Users\Owner\Desktop\Tessa env..jpg
[2012/09/06 19:19:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/09/06 19:16:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/09/06 08:05:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2646591151-1669844780-1480992367-1000Core.job
[2012/09/05 20:50:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/05 12:50:38 | 000,242,549 | ---- | M] () -- C:\Users\Owner\Desktop\20120905-the-untouchables-x600-1346845475.jpg
[2012/09/01 02:03:43 | 487,769,398 | ---- | M] () -- C:\Users\Owner\Desktop\_27inside.man.2006.dvdrip.eng_axxo_4a330.flv_27
[2012/09/01 00:20:21 | 000,050,579 | ---- | M] () -- C:\Users\Owner\Desktop\andikitten.jpg
[2012/08/31 23:34:14 | 000,031,807 | ---- | M] () -- C:\Users\Owner\Desktop\400818_10152092720030377_1696029556_n.jpg
[2012/08/31 23:07:47 | 003,775,056 | ---- | M] () -- C:\Users\Owner\Desktop\09 Andi - Some Day My Prince Will Come.mp3
[2012/08/31 14:15:02 | 000,999,520 | ---- | M] (Solid State Networks) -- C:\Users\Owner\Desktop\install_reader10_en_gtbp_chrd_aih.exe
[2012/08/21 03:19:55 | 000,000,987 | ---- | M] () -- C:\Users\Owner\Desktop\CCleaner.lnk
[2012/08/19 19:35:28 | 000,034,815 | ---- | M] () -- C:\Users\Owner\Desktop\000002.jpg
[2012/08/18 15:40:31 | 000,000,078 | ---- | M] () -- C:\Users\Owner\Desktop\Schedules are in Amsterdam Time.url
[2012/08/09 18:31:28 | 000,330,733 | ---- | M] () -- C:\Users\Owner\Desktop\Olumpics.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/07 22:02:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/07 22:02:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/07 22:02:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/07 22:02:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/07 16:56:04 | 000,053,382 | ---- | C] () -- C:\Users\Owner\Desktop\539367_521635581183767_302367106_n.jpg
[2012/09/07 02:28:05 | 000,030,336 | ---- | C] () -- C:\Users\Owner\Desktop\Tessa env..jpg
[2012/09/06 23:28:57 | 000,021,657 | ---- | C] () -- C:\Users\Owner\Desktop\253436_10151191538008945_228011387_n.jpg
[2012/09/05 12:51:11 | 000,242,549 | ---- | C] () -- C:\Users\Owner\Desktop\20120905-the-untouchables-x600-1346845475.jpg
[2012/09/01 01:48:51 | 487,769,398 | ---- | C] () -- C:\Users\Owner\Desktop\_27inside.man.2006.dvdrip.eng_axxo_4a330.flv_27
[2012/09/01 00:35:18 | 000,050,579 | ---- | C] () -- C:\Users\Owner\Desktop\andikitten.jpg
[2012/08/31 23:34:42 | 000,031,807 | ---- | C] () -- C:\Users\Owner\Desktop\400818_10152092720030377_1696029556_n.jpg
[2012/08/31 23:07:20 | 003,775,056 | ---- | C] () -- C:\Users\Owner\Desktop\09 Andi - Some Day My Prince Will Come.mp3
[2012/08/31 00:17:24 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[2012/08/21 03:19:55 | 000,000,987 | ---- | C] () -- C:\Users\Owner\Desktop\CCleaner.lnk
[2012/08/19 19:36:29 | 000,034,815 | ---- | C] () -- C:\Users\Owner\Desktop\000002.jpg
[2012/08/18 15:40:31 | 000,000,078 | ---- | C] () -- C:\Users\Owner\Desktop\Schedules are in Amsterdam Time.url
[2012/08/13 23:36:14 | 000,000,953 | ---- | C] () -- C:\Users\Owner\Desktop\magicJack.lnk
[2012/08/09 18:31:09 | 000,330,733 | ---- | C] () -- C:\Users\Owner\Desktop\Olumpics.jpg
[2012/05/08 14:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/05 22:02:46 | 000,151,552 | ---- | C] () -- C:\Windows\System32\securenet.dll
[2011/12/03 23:03:06 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{BC0D22D4-2CEF-4640-8048-174475F8C9D2}
[2011/12/02 15:46:16 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{D5E89EAC-4EC9-4916-A116-272082A643D4}
[2011/12/01 19:46:48 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/09/06 14:18:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2011/09/06 14:18:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2011/09/06 14:17:43 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2011/09/06 14:17:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2011/09/06 14:17:43 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2011/09/06 14:17:43 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2011/09/06 14:17:42 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2011/09/06 14:17:42 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2011/09/06 14:17:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2011/09/06 14:17:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2011/09/06 14:17:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2011/09/06 14:17:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2011/09/06 14:17:41 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2011/09/06 14:17:41 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2011/09/06 14:17:40 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2011/09/06 14:17:40 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2011/09/06 14:17:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2011/09/06 14:17:39 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2011/09/04 17:54:55 | 000,016,896 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 17:05:31 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2011/08/28 17:05:30 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/25 13:26:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/25 11:14:54 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2011/08/23 13:19:32 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2011/09/06 14:25:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\5400 Series
[2011/10/12 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aura4You
[2011/11/06 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.fastcashcommissions.fasttrafficsniper
[2012/01/10 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HamsterSoft
[2012/08/19 04:11:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\JAM Software
[2012/09/07 09:28:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp
[2011/10/11 03:25:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nullsoft
[2011/12/13 02:36:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeaZip
[2011/11/08 02:24:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2012/06/04 15:08:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/09/06 19:07:29 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\SugarSync Shared Folders:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Magic Briefcase:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Freemake:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Freecorder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\CC Welcome card:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Aura Video Converter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Aura Video Converter Professional:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\VIP 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\UToob URLs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Through The Years 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\The Silhouettes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Tessa env..jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Slanderous:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\ShortCut Icons:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Rock the 80s:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\RAssmusen Minisites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Rare Cuties:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Picked Chick!.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\newpic.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\New Scan Logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\New folder (2):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Mckenzie Patton:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Madeline Anthology:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\LIVE at the Catus 2009 singles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Joyce 244.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Jackie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Installers & Unused:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Grammys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\General Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Favorites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Fast Cash:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\etycoon modules:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Elbert Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\EBooks program:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Download video clips:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\cutie cola.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Compressed Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\CK Nite in the 90s:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\CK Christmas 2010 wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\CK Christmas 2009 wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\CK Christmas 2007 Full:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\CC Pics & Vids 10-1-2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Cami Coms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Cactus Recitals:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Burn Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\breaking bad burn:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Audio-Video Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\andikitten.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\Ali Vids:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\539367_521635581183767_302367106_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\400818_10152092720030377_1696029556_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\26 O Holy Night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\253436_10151191538008945_228011387_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\20120905-the-untouchables-x600-1346845475.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\2011 Voices In Praise:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\2011 Christmas:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\2010 concert pix:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\09 Andi - Some Day My Prince Will Come.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\04 One Less Day to Go 1.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Desktop\000002.jpg:Roxio EMC Stream
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:96D0C06F

< End of report >

 

OTL Extras logfile created on: 9/7/2012 10:44:07 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 57.44% Memory free
6.50 Gb Paging File | 4.87 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.73 Gb Total Space | 15.21 Gb Free Space | 6.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EC47539-1274-4140-B8DF-74AC0E6BAE7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2ACB5BE8-DAEC-4372-9E9E-2DE374965811}" = rport=445 | protocol=6 | dir=out | app=system |
"{35BD2FC4-808B-48E2-9F75-BFE8006638AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4752A3A3-0F00-41D3-BF4A-3B0A7533BAA7}" = lport=138 | protocol=17 | dir=in | app=system |
"{5516D178-FD79-47DC-A1D3-5C0E8E69EEE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{710BAD3C-B67A-4949-9EB3-9EF115C8D57B}" = lport=139 | protocol=6 | dir=in | app=system |
"{7538EAD2-0984-4E3B-902B-C8B8C5793523}" = lport=445 | protocol=6 | dir=in | app=system |
"{81ACB1C1-334D-44B1-AF97-8602BD3813D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{980198FB-D040-41F6-A7B8-1CE1FBE15647}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{999004DB-4C63-4643-8A0F-77AEC6CA908E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2EED87C-7E9D-47C1-9459-630BD88C259C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9991EF4-D4FB-4101-814A-62ABDCE45990}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043FF98F-BD5B-4770-9670-BFD31721B43C}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{0483BBF4-5CCE-4A81-BC5C-5CFBFE302D7A}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"{248A7D36-C90E-4CF0-825E-C493ECACC9AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{255A2FFB-6209-4930-B687-35EA1389A7A6}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{2A13013B-06F2-4B74-88C4-BC9D097285FB}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{2D8A90FE-6F0E-4999-BCCE-9D289194B986}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4080C417-CE78-4ED5-B9E2-F7706383FC4E}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"{4D264C98-60AE-41B8-AF4C-0B47B25CD54B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4E41D6E8-A6B5-444F-972B-5403282B813B}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{6539751B-95F5-4EF9-BDBE-A1B0ECB67040}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{78FB8C7E-0D23-4BE1-B946-A09AE06CFC56}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe |
"{7AA05127-E988-4B4A-B8E6-D6C1B9E43E41}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{83D5E650-04D4-4A59-A7F4-0BDA93F8BA4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8D4EAE0F-4A5B-4979-981A-A5C070DA96B3}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{99C83F09-76A8-444F-A837-B1504AAA3876}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{B63DAE29-4F51-4240-9AF4-ECD3D452CA95}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{BBEBBB7C-E525-4513-9529-CB862C9D7F6C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E247F32D-1791-46BB-AE98-0CB6389CEBCE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3966A41-AD8A-447D-BCF0-F4512119D0FD}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe |
"{FD011F7B-7404-490C-9E94-237C2B6F3C2B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FF98CEF6-D594-4BE5-9A91-8168DF019C0F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{29CDCB01-42EE-440A-B5F4-BDA46D7D7BC9}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{63868B2D-87AD-4430-8763-378941C714F7}C:\users\owner\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{762ECEE4-0152-4062-867F-BDAA1640E413}C:\users\owner\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{9CB02379-9BA6-4660-8152-DA2A2236D11B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AB696684-8621-4A9F-923B-49FD84EB2C7C}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{C34EE41D-FA8B-4FD8-89E1-7C5BA8C1CE91}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{C622044C-CDDC-47BD-9FF7-AD0AD0C38D2A}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{1AB06992-04ED-4E07-92B3-95FF8FEBD291}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{216C14BB-9B80-4D41-8BB4-1F136757BED6}C:\users\owner\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{45AA952A-8004-44B0-9D63-7C42F6B0074F}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{61DF1E15-79FF-474D-AFBB-A550EDDA8199}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8C6B66C1-EB3A-42AD-B31C-7113BC491CE7}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{C19252FE-EFC6-47AF-BD57-5850E62C2F8B}C:\users\owner\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{EBC39DC5-B99D-44E5-B473-3093BBE4B281}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{59E98F3F-48D6-42A9-8250-079671E02B2D}" = StuffIt Expander 2011
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6B879152-071A-36B4-0F97-37B05552FA05}" = Fast Traffic Sniper
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.fastcashcommissions.fasttrafficsniper" = Fast Traffic Sniper
"CutePDF Writer Installation" = CutePDF Writer 2.8
"eMule" = eMule
"ExpressRip" = Express Rip
"ExpressZip" = Express Zip
"Freemake Video Converter_is1" = Freemake Video Converter version 2.4.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hide My IP 2008_is1" = Hide My IP 2008
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 5400 Series" = Lexmark 5400 Series
"LiveVDO plugin" = LiveVDO plugin 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Prism" = Prism Video File Converter
"SugarSync" = SugarSync Manager
"Switch" = Switch Sound File Converter
"TreeSize Free_is1" = TreeSize Free V2.7
"TVUPlayer" = TVUPlayer 2.5.3.1
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8b40ce156071554f" = DotNET35SP1Setup1
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2012 12:52:06 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/12/2012 1:01:42 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/13/2012 10:40:41 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RoxWatchTray9.exe, version: 9.0.1.64, time
stamp: 0x454e39e6 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b60 Exception code: 0xc0000374 Fault offset: 0x000c380b Faulting process
id: 0xbc4 Faulting application start time: 0x01cd610574d67cbf Faulting application
path: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b7e2e2fe-ccf8-11e1-b642-001d60426260

Error - 7/13/2012 11:54:21 AM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/14/2012 1:03:20 AM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/14/2012 7:23:37 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/14/2012 9:09:13 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/15/2012 2:32:44 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/15/2012 4:08:16 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/16/2012 11:59:18 AM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/16/2012 1:00:14 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e70 Start
Time: 01cd636a857cd250 Termination Time: 30 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ OSession Events ]
Error - 10/13/2011 2:49:02 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43471
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/21/2011 6:54:51 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5331
seconds with 600 seconds of active time. This session ended with a crash.

Error - 3/3/2012 6:25:25 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3341
seconds with 660 seconds of active time. This session ended with a crash.

Error - 4/5/2012 1:57:04 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 341
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/23/2012 1:47:29 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5250
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/11/2012 7:19:11 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24153
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/6/2012 6:59:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 9/6/2012 7:03:11 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 9/6/2012 7:07:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 9/7/2012 3:51:58 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 9/7/2012 3:55:05 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 9/7/2012 4:09:57 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 9/7/2012 9:26:35 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error: %%2

Error - 9/7/2012 10:03:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/7/2012 10:06:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/7/2012 10:10:17 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

All processes killed
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
Service avipbb stopped successfully!
Service avipbb deleted successfully!
C:\Windows\System32\drivers\avipbb.sys moved successfully.
Service avgntflt stopped successfully!
Service avgntflt deleted successfully!
C:\Windows\System32\drivers\avgntflt.sys moved successfully.
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
C:\Windows\System32\drivers\ssmdrv.sys moved successfully.
Use Chrome's Settings page to change the HomePage.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
ADS C:\Users\Owner\Documents\SugarSync Shared Folders:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Documents\Magic Briefcase:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Documents\Freemake:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Documents\Freecorder:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Documents\CC Welcome card:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Documents\Aura Video Converter:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Documents\Aura Video Converter Professional:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\VIP 2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\UToob URLs:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Through The Years 2008:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\The Silhouettes:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Tessa env..jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Slanderous:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\ShortCut Icons:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Rock the 80s:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\RAssmusen Minisites:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Rare Cuties:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Picked Chick!.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\newpic.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\New Scan Logs:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\New folder (2):Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Mckenzie Patton:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Madeline Anthology:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\LIVE at the Catus 2009 singles:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Joyce 244.JPG:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Jackie:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Installers & Unused:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Grammys:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\General Stuff:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Owner\Desktop\Favorites:Roxio EMC Stream .
ADS C:\Users\Owner\Desktop\Fast Cash:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\etycoon modules:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Elbert Pics:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\EBooks program:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Owner\Desktop\Downloads:Roxio EMC Stream .
ADS C:\Users\Owner\Desktop\Download video clips:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\cutie cola.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Compressed Files:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\CK Nite in the 90s:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\CK Christmas 2010 wmv:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\CK Christmas 2009 wmv:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\CK Christmas 2007 Full:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\CC Pics & Vids 10-1-2011:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Cami Coms:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Cactus Recitals:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Burn Folder:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\breaking bad burn:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Owner\Desktop\Audio-Video Tools:Roxio EMC Stream .
ADS C:\Users\Owner\Desktop\andikitten.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\Ali Vids:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\539367_521635581183767_302367106_n.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\400818_10152092720030377_1696029556_n.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\26 O Holy Night.mp3:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\253436_10151191538008945_228011387_n.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\20120905-the-untouchables-x600-1346845475.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\2011 Voices In Praise:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\2011 Christmas:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\2010 concert pix:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Owner\Desktop\09 Andi - Some Day My Prince Will Come.mp3:Roxio EMC Stream .
ADS C:\Users\Owner\Desktop\04 One Less Day to Go 1.wav:Roxio EMC Stream deleted successfully.
ADS C:\Users\Owner\Desktop\000002.jpg:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:96D0C06F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 373686 bytes
->Temporary Internet Files folder emptied: 40083000 bytes
->Java cache emptied: 268080 bytes
->FireFox cache emptied: 92711907 bytes
->Google Chrome cache emptied: 112649861 bytes
->Flash cache emptied: 68659 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153423 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53786 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 235.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.1 log created on 09072012_231731

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1NDJXVI\fastbutton[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1NDJXVI\like[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1NDJXVI\xd_arbiter[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJWCF3F1\0[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJWCF3F1\0[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJWCF3F1\ext-render-secure[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0RHFVWQ\103500-active-suspect-ransomware-freezing-pc-when-trying-access-internet-2[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0RHFVWQ\aiCAR1R8UU.htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7D8QL82O\DtCol[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7D8QL82O\xd_arbiter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\12[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\facebook_com[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\fc[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\getInPage[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\MoreStoriesPagelet[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\st[1] moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JO4NTLM\xd_arbiter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FTL6WV1\0[1].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\JET8C37.tmp moved successfully.
C:\Windows\temp\~ROMFN_00000A98 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...