Broadband Tech > Security > Security Cleanup > [Malware] Need Help with Malaware known as DNS Changer

My internet provider has informed me that I am infected with Malware known as DNS Changer . I see no symptoms whatsoever on my computer but my internet provider is telling me that my computer is sending out information and is infected with the DNS Changer and suspend my account due to this problem. I tried alot of different scanners and nothing is showing up. I need help please.

I am running windows 7 32 bit.

****contents of the MBAM log (Step 2)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8255

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/28/2011 12:04:02 AM
mbam-log-2011-11-28 (00-04-02).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 287912
Time elapsed: 45 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****contents of OTL.txt (Step 3)

OTL logfile created on: 11/28/2011 8:53:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\computer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.64% Memory free
4.92 Gb Paging File | 3.85 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 83.80 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.26 Gb Free Space | 4.01% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/11/28 08:19:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
PRC - [2011/11/14 10:50:18 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2010/03/15 13:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/07/01 13:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\computer\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003/12/22 12:49:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/12/04 12:49:12 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/03/03 04:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/27 13:40:48 | 000,041,160 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 35 06 31 CF 4A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 09:48:56 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/11/24 00:14:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} »quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} »download.divx.com/player/DivXBro···ugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} »acs.pandasoftware.com/activescan···ubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/pub/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/11/28 08:19:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/11/24 00:38:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/24 00:38:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/24 00:38:14 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\temp
[2011/11/24 00:00:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/24 00:00:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/24 00:00:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/24 00:00:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/23 23:51:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/23 23:34:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 12:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/20 10:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/19 21:26:14 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/11/19 21:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/11/19 21:15:12 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\QuickScan
[2011/11/19 10:28:07 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\AVG2012
[2011/11/19 10:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/19 10:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/19 10:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/14 08:55:58 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/11/14 08:55:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2011/11/10 08:31:24 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/30 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/30 18:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/30 18:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/30 18:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/02 14:28:21 | 010,895,360 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2010/09/03 22:43:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\computer\AppData\Roaming\pcouffin.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/11/28 08:19:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/11/27 23:21:46 | 000,021,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 23:21:46 | 000,021,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 23:18:53 | 000,686,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/27 23:18:53 | 000,127,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/27 23:16:43 | 000,000,178 | ---- | M] () -- C:\Users\computer\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ DSLReports.com, ISP Information.url
[2011/11/27 23:14:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 23:14:16 | 1602,789,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 23:08:31 | 000,001,110 | ---- | M] () -- C:\Users\computer\Desktop\TFC.exe - Shortcut.lnk
[2011/11/27 20:06:38 | 000,000,277 | ---- | M] () -- C:\Users\computer\Desktop\Learning Curve TWR Battery-Powered Thomas LCT99717 eBay.url
[2011/11/27 20:06:17 | 000,000,277 | ---- | M] () -- C:\Users\computer\Desktop\NEW THOMAS & FRIENDS WOODEN RAILWAY BATTERY-OP SALTY eBay.url
[2011/11/27 20:06:02 | 000,000,238 | ---- | M] () -- C:\Users\computer\Desktop\Amazon.com Shopping Cart.url
[2011/11/27 11:52:48 | 000,000,126 | ---- | M] () -- C:\Users\computer\Desktop\Job Bank - Search.url
[2011/11/27 08:25:56 | 110,885,427 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/11/24 17:18:43 | 000,050,367 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjg.avm
[2011/11/24 00:14:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/23 23:39:37 | 000,000,233 | ---- | M] () -- C:\Users\computer\Desktop\Remove Google redirect virus.url
[2011/11/22 21:21:43 | 000,000,341 | ---- | M] () -- C:\Users\computer\Desktop\Login to your File.url
[2011/11/22 09:48:56 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 13:07:13 | 000,000,501 | ---- | M] () -- C:\Users\computer\Desktop\Memory Lane Step back in time - Previously Classmates.com#!-ajax_memberListOptimized_2communityId=31914&communityType=1&startYear=1993&endYear=1993&tab=yearsAttended&sort=lastname&firstLetter=&ugcIcon=&page=2----ajax_member.url
[2011/11/20 13:11:50 | 000,000,941 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/20 13:04:06 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/20 10:20:03 | 000,001,250 | ---- | M] () -- C:\Users\computer\Desktop\Spybot - Search & Destroy.lnk
[2011/11/19 21:34:20 | 000,000,224 | ---- | M] () -- C:\Users\computer\Desktop\Microsoft Security.url
[2011/11/14 10:50:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/10 21:22:04 | 000,000,145 | ---- | M] () -- C:\Users\computer\Desktop\Thomas & Friends Videos.url
[2011/11/10 11:46:43 | 003,951,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/04 17:31:54 | 002,140,593 | ---- | M] () -- C:\Users\computer\Desktop\washer&dryer.pdf
[2011/11/02 11:55:17 | 000,000,193 | ---- | M] () -- C:\Users\computer\Desktop\Welcome to Facebook.url
[2011/10/30 18:54:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 18:52:21 | 000,002,503 | ---- | M] () -- C:\Users\computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/30 18:52:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/30 18:51:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/11/27 23:16:43 | 000,000,178 | ---- | C] () -- C:\Users\computer\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ DSLReports.com, ISP Information.url
[2011/11/27 23:08:31 | 000,001,110 | ---- | C] () -- C:\Users\computer\Desktop\TFC.exe - Shortcut.lnk
[2011/11/27 20:06:38 | 000,000,277 | ---- | C] () -- C:\Users\computer\Desktop\Learning Curve TWR Battery-Powered Thomas LCT99717 eBay.url
[2011/11/27 20:06:17 | 000,000,277 | ---- | C] () -- C:\Users\computer\Desktop\NEW THOMAS & FRIENDS WOODEN RAILWAY BATTERY-OP SALTY eBay.url
[2011/11/27 20:06:02 | 000,000,238 | ---- | C] () -- C:\Users\computer\Desktop\Amazon.com Shopping Cart.url
[2011/11/27 11:52:48 | 000,000,126 | ---- | C] () -- C:\Users\computer\Desktop\Job Bank - Search.url
[2011/11/24 00:00:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 00:00:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 00:00:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 00:00:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 00:00:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/23 23:35:48 | 000,000,233 | ---- | C] () -- C:\Users\computer\Desktop\Remove Google redirect virus.url
[2011/11/21 13:07:12 | 000,000,501 | ---- | C] () -- C:\Users\computer\Desktop\Memory Lane Step back in time - Previously Classmates.com#!-ajax_memberListOptimized_2communityId=31914&communityType=1&startYear=1993&endYear=1993&tab=yearsAttended&sort=lastname&firstLetter=&ugcIcon=&page=2----ajax_member.url
[2011/11/20 13:04:06 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/20 12:54:55 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/19 21:34:20 | 000,000,224 | ---- | C] () -- C:\Users\computer\Desktop\Microsoft Security.url
[2011/11/19 10:27:08 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/10 21:22:04 | 000,000,145 | ---- | C] () -- C:\Users\computer\Desktop\Thomas & Friends Videos.url
[2011/11/04 17:31:54 | 002,140,593 | ---- | C] () -- C:\Users\computer\Desktop\washer&dryer.pdf
[2011/10/30 18:54:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/30 18:51:13 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/22 08:06:02 | 000,007,607 | ---- | C] () -- C:\Users\computer\AppData\Local\Resmon.ResmonCfg
[2011/06/02 14:28:20 | 000,328,704 | ---- | C] () -- C:\Windows\presys64.dll
[2011/06/02 14:28:20 | 000,320,000 | ---- | C] () -- C:\Windows\mdiwindb.dll
[2011/06/02 14:28:15 | 000,003,571 | ---- | C] () -- C:\Windows\memsetk.dll
[2011/06/02 14:28:15 | 000,000,304 | ---- | C] () -- C:\Windows\ktonthk.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\tedunrw.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\sntlevel.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\renbe23.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\javcorbin.dll
[2011/06/02 14:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\javcorain.dll
[2011/05/29 08:28:39 | 000,000,027 | ---- | C] () -- C:\Windows\penwinx32.dll
[2010/12/01 09:25:29 | 000,000,002 | -HS- | C] () -- C:\Users\computer\AppData\Roaming\.zreglib
[2010/11/08 07:05:43 | 000,000,941 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/01 15:55:25 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2010/10/03 16:52:57 | 000,081,920 | ---- | C] () -- C:\Users\computer\AppData\Roaming\ezpinst.exe
[2010/10/03 16:34:48 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/10/03 11:49:01 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/09/03 22:43:54 | 000,007,176 | ---- | C] () -- C:\Users\computer\AppData\Roaming\pcouffin.cat
[2010/09/03 22:43:54 | 000,001,144 | ---- | C] () -- C:\Users\computer\AppData\Roaming\pcouffin.inf
[2010/06/02 11:10:56 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/06/02 11:10:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/02 11:10:56 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/06/02 11:10:56 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2010/06/02 11:10:54 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/06/02 11:10:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/06/02 11:10:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/06/02 11:10:52 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/06/02 11:10:52 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/02 11:10:52 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/06/02 11:10:52 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/06/02 11:10:52 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/06/02 11:10:52 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/06/02 11:10:52 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/06/02 11:10:52 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/06/02 11:10:52 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/06/02 11:10:52 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/06/02 11:10:52 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/06/02 11:10:52 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/06/02 11:10:52 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/06/02 11:10:52 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/06/02 11:10:52 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/06/02 11:10:52 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/06/02 11:10:52 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/06/02 11:10:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010/06/02 11:10:52 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2010/06/02 11:10:30 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/06/02 11:10:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2010/06/02 11:10:30 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/06/02 11:10:30 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/06/02 11:10:28 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/06/02 11:10:28 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/06/02 11:10:28 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/06/02 11:10:28 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/08 23:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2009/11/08 23:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\System32\avformat.dll
[2009/11/08 23:50:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\avutil.dll
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 003,951,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,686,878 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,127,598 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/29 17:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2009/03/11 14:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/12 08:09:47 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\AnvSoft
[2011/11/19 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\AVG2012
[2011/11/27 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\BitTorrent
[2010/09/12 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Canon
[2011/06/02 21:08:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/24 19:58:35 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\DVDVideoSoft
[2011/08/24 19:56:22 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/02 20:23:24 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Filter Forge 2
[2011/06/19 00:35:30 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\HandBrake
[2011/07/16 13:03:35 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Leadertech
[2011/03/14 07:12:06 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\MOBILedit
[2011/11/19 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\QuickScan
[2011/08/23 12:55:59 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Research In Motion
[2011/05/20 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Smilebox
[2011/06/02 10:39:21 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TuneUp Software
[2011/11/14 12:30:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Vso
[2011/08/07 21:27:58 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:FB1B13D8

****contents of Extras.txt (Step 3)

OTL Extras logfile created on: 11/28/2011 8:53:33 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\computer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.64% Memory free
4.92 Gb Paging File | 3.85 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 83.80 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.26 Gb Free Space | 4.01% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCF00F5-04A5-4543-A088-705480811202}_is1" = Compiled Driver Disk(Motorola) 0.99
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB26AB83-D2E8-45E4-B510-CD670C506C74}" = Codecs Video Pack
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.1.1
"AnyDVD" = AnyDVD
"AVG" = AVG 2012
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Filter Forge 2_is1" = Filter Forge 2.008
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/14/2011 5:52:38 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/14/2011 5:53:51 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/14/2011 5:54:57 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\compiled
driver disk(motorola)\driverinstaller\amd64\DriverInstaller64.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/14/2011 5:54:59 PM | Computer Name = computer-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/19/2011 1:54:26 AM | Computer Name = laptop | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16f0 Start
Time: 01cca67f4fc092f5 Termination Time: 54 Application Path: C:\Program Files\Windows
Media Player\wmplayer.exe Report Id: d63900db-1272-11e1-96b3-001b248e0cb7

Error - 11/19/2011 10:31:50 AM | Computer Name = laptop | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary AVG network filter service. System Error: The system cannot find the file
specified. .

Error - 11/20/2011 8:00:16 PM | Computer Name = laptop | Source = Windows Backup | ID = 4103
Description =

Error - 11/22/2011 10:49:34 AM | Computer Name = laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 11/26/2011 11:47:58 PM | Computer Name = laptop | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x000a1993 Faulting
process id: 0x934 Faulting application start time: 0x01ccacaf1198533f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash11e.ocx
Report
Id: 983ccbe8-18aa-11e1-9678-001b248e0cb7

Error - 11/27/2011 8:00:01 PM | Computer Name = laptop | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 7/24/2011 8:44:37 PM | Computer Name = computer-PC | Source = DCOM | ID = 10010
Description =

Error - 7/24/2011 8:46:56 PM | Computer Name = computer-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ElbyVCD

Error - 7/28/2011 8:44:55 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =

Error - 7/28/2011 8:45:21 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =

Error - 7/28/2011 3:48:42 PM | Computer Name = computer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the BFE service.

Error - 8/2/2011 9:57:34 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =

Error - 8/2/2011 9:57:35 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =

Error - 8/2/2011 10:49:50 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =

Error - 8/2/2011 10:49:50 AM | Computer Name = computer-PC | Source = DCOM | ID = 10016
Description =

Error - 8/6/2011 6:34:47 PM | Computer Name = computer-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ElbyVCD

****contents of checkup.txt (Step 4)

Results of screen317's Security Check version 0.99.28
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
CCleaner
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Windows Defender MSMpEng.exe
AVG avgrsx.exe
AVG avgemc.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

****contents of the Online AntiVirus Scan log(Step 5)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1bbd82a2bc16a946bd3919f3a80dbc11
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-29 04:24:02
# local_time=2011-11-28 11:24:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 21524629 74078194 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118382
# found=0
# cleaned=0
# scan_time=7260

QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Mon Nov 28 19:38:25 2011
Machine ID: D05A0F27

No infection found.
-------------------

Processes
---------
(verified) AVG Internet Security 424 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(verified) AVG Internet Security 392 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(verified) Flash® Player Installer/Uninstaller 3952 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
(verified) Intel(R) Common User Interface 2928 C:\Windows\System32\igfxsrvc.exe
(verified) Microsoft Malware Protection 1072 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(verified) Microsoft® .NET Framework 1796 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(verified) Microsoft® Windows® Operating System 3400 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 2036 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 1428 C:\Windows\System32\conhost.exe
(verified) Microsoft® Windows® Operating System 712 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 644 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 1984 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 772 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 780 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 2792 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 3196 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 3172 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 3040 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 2820 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 764 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 276 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1668 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 596 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 940 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1696 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2056 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2088 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1512 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1448 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1404 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2940 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1272 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1244 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1200 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1816 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3756 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1904 C:\Windows\System32\taskhost.exe
(verified) Microsoft® Windows® Operating System 692 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 844 C:\Windows\System32\winlogon.exe
(verified) MobileDeviceService 1836 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) OnlineCmdLineScanner.exe 2808 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(verified) OnlineCmdLineScanner.exe 3788 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(verified) Windows® Internet Explorer 2796 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3168 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3464 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3932 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3220 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 216.246.75.147
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 216.246.75.147
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 66.235.142.58
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 66.235.142.58
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 74.125.226.225
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 74.125.226.225
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 69.171.228.40
Process iexplore.exe (3932) connected on port 80 (HTTP) --> 69.171.228.40

Process wininit.exe (692) listens on ports: 49152 (RPC)
Process services.exe (764) listens on ports: 49158 (RPC)
Process lsass.exe (772) listens on ports: 49155 (RPC)
Process svchost.exe (1020) listens on ports: 135 (RPC)
Process svchost.exe (1200) listens on ports: 49153 (RPC)
Process svchost.exe (1272) listens on ports: 49154 (RPC)
Process svchost.exe (2940) listens on ports: 49159 (RPC)
Process wmpnetwk.exe (3400) listens on ports: 554 (RTSP)

Autoruns and critical files
---------------------------
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe

(verified) Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
(verified) iTunes C:\Program Files\iTunes\iTunesHelper.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\cmd.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins
---------------
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
(verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
(verified) Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
(verified) Panda ActiveScan 2.0 C:\Windows\Downloaded Program Files\as2stubie.dll
(verified) sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
(verified) Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Scan
----
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files\QuickTime\QTTask.exe
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 3967e309bd3c1de0574cdd5a2c06cfc4 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
MD5: bf9f1da37c1a597fec0c50b86fb23daf C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\2a25182592e8c63ea14d0935b0580b9d\SMSvcHost.ni.exe
MD5: 3e80e0995b343504acdc380a6e485193 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MD5: 3da097922954e10b426b39080d9218d7 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
MD5: 536f6963798ce038090fa047a9026949 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MD5: e15ff0fd41e998a7ce27af1f1cf8dca3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
MD5: 0b8a02326aaa52df2878ead4b3faf2d5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MD5: c53291a27182148d28f47cfc2bdadff5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MD5: a2fbad05e30d830e9208b6e8dfb409f6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MD5: c1ef78195dee2d5c6175b4bc1f4d69a0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.07 KB recvd
Scanned 957 files and modules - 3 seconds

==============================================================================
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

Download ComboFix from one of these locations:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

ComboFix 11-11-29.04 - computer 11/29/2011 18:54:25.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.965 [GMT -5:00]
Running from: c:\users\computer\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-21 18:02 . 2011-10-07 01:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-20 18:03 . 2011-11-20 18:02 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD368FBC-E5B1-4C71-A5FF-BD3C31C7C847}\gapaengine.dll
2011-11-20 17:54 . 2011-11-20 17:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-20 15:28 . 2011-11-20 15:28 -------- d-----w- c:\program files\ESET
2011-11-20 02:26 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-11-20 02:26 . 2011-11-20 02:26 -------- d-----w- c:\program files\Panda Security
2011-11-20 02:15 . 2011-11-29 00:42 -------- d-----w- c:\users\computer\AppData\Roaming\QuickScan
2011-11-19 15:51 . 2011-11-19 15:51 -------- d-----w- c:\users\DefaultAppPool
2011-11-19 15:28 . 2011-11-19 15:28 -------- d-----w- c:\users\computer\AppData\Roaming\AVG2012
2011-11-19 15:26 . 2011-11-24 04:49 -------- d-----w- c:\programdata\AVG2012
2011-11-19 15:21 . 2011-11-27 13:26 -------- d-----w- c:\programdata\MFAData
2011-11-14 13:55 . 2011-11-14 13:55 -------- d-----w- c:\windows\system32\BestPractices
2011-11-14 13:55 . 2011-11-14 13:55 -------- d-----w- C:\inetpub
2011-11-10 13:31 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 13:31 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 13:31 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 15:50 . 2011-05-19 18:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-13 14:48 . 2011-10-13 14:48 53248 ----a-r- c:\users\computer\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-01 02:35 . 2011-10-12 03:41 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-12 03:41 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-12 03:41 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-24_05.28.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 19:46 . 2011-11-28 04:16 44302 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-28 04:16 45546 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-02 19:46 . 2011-11-28 04:16 11562 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2098787853-2589996545-2676783875-1001_UserData.bin
+ 2010-09-02 18:41 . 2011-11-29 11:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-02 18:41 . 2011-11-23 23:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-02 18:41 . 2011-11-29 11:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-02 18:41 . 2011-11-23 23:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-11-23 23:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-11-29 11:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-28 04:14 . 2011-11-28 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 04:48 . 2011-11-24 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 04:48 . 2011-11-24 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-28 04:14 . 2011-11-28 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-03 00:19 . 2011-11-27 21:14 297794 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2011-11-28 04:18 686878 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-24 04:53 686878 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-24 04:53 127598 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2011-11-28 04:18 127598 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:47 . 2011-11-28 04:13 492508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2011-11-24 04:47 492508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-21 12:24 . 2011-11-27 16:06 3146820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2098787853-2589996545-2676783875-1001-8192.dat
+ 2011-06-12 21:42 . 2011-11-28 04:13 42446876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2098787853-2589996545-2676783875-1001-4096.dat
+ 2011-05-02 12:04 . 2011-11-24 14:17 33247704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2098787853-2589996545-2676783875-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start »www.avg.com/ww.special-uninstall···9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk]
path=c:\users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seagate Product Registration.lnk]
path=c:\users\computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate Product Registration.lnk
backup=c:\windows\pss\Seagate Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 21:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 11:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-01-27 18:45 287077 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 01:29 2415456 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-11-22 22:21 4765040 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoreADManager]
2011-05-04 02:42 3308032 ----a-w- c:\windows\diskperfm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-01-19 01:43 124256 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 19:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\Itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 15:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-05-12 03:26 313160 ----a-w- c:\users\computer\AppData\Roaming\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startw3i]
2010-11-24 17:09 173328 ----a-w- c:\program files\PC Speed Maximizer\Startw3i.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 06:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 61182320;61182320; [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-04 47360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 BackupService;BackupService;c:\users\computer\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10925416
*Deregistered* - 10925416
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\2454C4C4636313: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\25F4E4: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\4505D2C494E4B4F5549334237383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\A657E6761627F6F6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{49DA6464-467E-4185-BE46-850BA6B1D90F}\F43726F627E656026416D696C697: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2098787853-2589996545-2676783875-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1827BC-05E8-B234-08F7-B86A77B8CAA5}*]
"haelnmlhiemadbhe"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,6f,
00,00
"iakalcicfhhnalafcc"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,6f,
00,00
"hancaoboikjdlnkf"=hex:61,63,65,68,6c,6f,62,63,65,6f,6e,6e,69,68,66,64,65,67,
6a,68,65,68,6b,6a,6d,66,6e,65,63,6d,6d,61,6b,67,6d,64,62,64,6c,68,6a,68,61,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA1827BC-05E8-B234-08F7-B86A77B8CAA5}\InProcServer32*]
"jaiacoedopjodlflajoo"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,
6f,00,00
"iaiamogaoigcfomlfe"=hex:69,61,67,6a,65,6d,70,6c,66,63,62,6c,63,6f,6f,6d,70,6f,
00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-29 19:09:24
ComboFix-quarantined-files.txt 2011-11-30 00:09
ComboFix2.txt 2011-11-24 05:38
.
Pre-Run: 90,857,648,128 bytes free
Post-Run: 90,807,492,608 bytes free
.
- - End Of File - - EA0388EA6EE82D04BE62386AC66C1174

DNS servers
208.67.222.222
208.67.220.220