[RESOLVED] Virus on Vista

Printable View

Show 40 post(s) from this thread on one page

December 28th, 2011, 03:37 PM
scarecrow

2 Attachment(s)

[RESOLVED] Virus on Vista

Hi.

I'm trying to fix my sister's pc (Windows Vista, Dell Vostro 220). It seemed like it had the common "Vista Antivirus 2012" virus. I ran the exeHelper and the Combofix and the log files are attached. I would like to know if the pc was cleaned.

Thanks a lot!

Edit: Sorry, I should've posted this in the Intensive care section.

Copy/pasted by mod fink (scarecrow.. pls do so in the future so we can easily read the scans)

exeHelper by Raktor
Build 20100414
Run at 13:58:56 on 12/28/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

ComboFix 11-12-28.03 - Owner 12/28/2011 14:10:35.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2012.1008 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\Documents\~WRL0003.tmp
c:\users\Owner\Documents\~WRL1301.tmp
c:\users\Owner\Documents\~WRL1641.tmp
c:\users\Owner\Documents\~WRL3910.tmp
c:\users\Owner\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB52221$
c:\windows\$NtUninstallKB52221$\1951776680\@
c:\windows\$NtUninstallKB52221$\1951776680\bckfg.tmp
c:\windows\$NtUninstallKB52221$\1951776680\cfg.ini
c:\windows\$NtUninstallKB52221$\1951776680\Desktop.ini
c:\windows\$NtUninstallKB52221$\1951776680\keywords
c:\windows\$NtUninstallKB52221$\1951776680\kwrd.dll
c:\windows\$NtUninstallKB52221$\1951776680\L\qnbwvoto
c:\windows\$NtUninstallKB52221$\1951776680\lsflt7.ver
c:\windows\$NtUninstallKB52221$\1951776680\U\00000001.@
c:\windows\$NtUninstallKB52221$\1951776680\U\00000002.@
c:\windows\$NtUninstallKB52221$\1951776680\U\00000004.@
c:\windows\$NtUninstallKB52221$\1951776680\U\80000000.@
c:\windows\$NtUninstallKB52221$\1951776680\U\80000004.@
c:\windows\$NtUninstallKB52221$\1951776680\U\80000032.@
c:\windows\$NtUninstallKB52221$\1982960421
c:\windows\system\svchost.exe
c:\windows\system32\certstore.dat
c:\windows\system32\FastUv32.dll
c:\windows\system32\NUSB3w32.dll
.
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NecUsb
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 19:17 . 2011-12-28 19:19 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-12-28 19:17 . 2011-12-28 19:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-28 19:17 . 2011-12-28 19:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-28 19:17 . 2011-12-28 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 19:05 . 2008-01-21 02:24 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-27 04:01 . 2011-12-27 04:01 -------- d-----w- c:\program files\%windir%
2011-12-26 23:22 . 2011-12-26 23:28 -------- d-----w- c:\program files\CCleaner
2011-12-26 23:21 . 2011-12-26 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-26 23:21 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 16:45 . 2011-12-25 16:45 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-23 19:31 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8428DBE4-20EA-4730-B980-D361454C7561}\mpengine.dll
2011-12-14 02:19 . 2011-12-14 02:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 04:17 . 2011-12-11 04:18 -------- d-----w- c:\users\Owner\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 02:59 . 2011-05-07 02:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-11 137536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-09-27 23:09 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-25 15:42 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-25 15:42 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2011-08-08 18:16 606392 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-25 15:42 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-04 21:16 6265376 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-15 81920]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-07-15 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 04:17]
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 04:17]
.
2011-09-27 c:\windows\Tasks\User_Feed_Synchronization-{8E2A636F-687E-4F61-ADB8-E4CD1B37C698}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PhotoJoy Bar Customized Web Search
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cf45c54f-801c-41b5-ac77-57f2bf418edc} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{CF45C54F-801C-41B5-AC77-57F2BF418EDC} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-28 14:19
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-28 14:24:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-28 19:24
ComboFix2.txt 2011-05-18 22:02
.
Pre-Run: 399,820,869,632 bytes free
Post-Run: 398,993,629,184 bytes free
.
- - End Of File - - 08DA688F6EB1EC4C10583B00C19059E0
December 28th, 2011, 03:52 PM
SuperSparks

No problem, I'll move it :)
December 28th, 2011, 08:35 PM
Broni
Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915

Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==============================================================

Never run Combofix on your own!
December 28th, 2011, 11:10 PM
scarecrow

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Owner :: OWNER-PC [administrator]

12/28/2011 8:25:39 PM
mbam-log-2011-12-28 (20-25-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 169004
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-28 21:13:39
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AADS-00M2B0 rev.01.00A01
Running: 6c3zdb6k.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1720] kernel32.dll!CopyFileExW 75E2BFA1 7 Bytes JMP 6FA076F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[1720] kernel32.dll!MoveFileWithProgressW 75E41104 5 Bytes JMP 6FA07590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Windows\Explorer.EXE[1720] ole32.dll!CoCreateInstance 7734E2D8 8 Bytes JMP 6FA079D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Limited)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtCreateFile + 6 77697C7E 4 Bytes [28, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtCreateFile + B 77697C83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 776983CE 1 Byte [28]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + 6 776983CE 4 Bytes [28, 03, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtMapViewOfSection + B 776983D3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenFile + 6 7769845E 4 Bytes [68, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenFile + B 77698463 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcess + 6 776984DE 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcess + B 776984E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessToken + 6 776984EE 4 Bytes CALL 76699BF4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessToken + B 776984F3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessTokenEx + 6 776984FE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenProcessTokenEx + B 77698503 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThread + 6 7769854E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThread + B 77698553 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadToken + 6 7769855E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadToken + B 77698563 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadTokenEx + 6 7769856E 4 Bytes CALL 76699C75 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtOpenThreadTokenEx + B 77698573 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryAttributesFile + 6 776985FE 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryAttributesFile + B 77698603 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryFullAttributesFile + 6 776986AE 4 Bytes CALL 76699DB3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtQueryFullAttributesFile + B 776986B3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationFile + 6 77698B8E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationFile + B 77698B93 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationThread + 6 77698BDE 4 Bytes [28, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtSetInformationThread + B 77698BE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + 6 77698E7E 1 Byte [68]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + 6 77698E7E 4 Bytes [68, 03, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] ntdll.dll!NtUnmapViewOfSection + B 77698E83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + 6 77697C7E 4 Bytes [28, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtCreateFile + B 77697C83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 776983CE 1 Byte [28]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + 6 776983CE 4 Bytes [28, 03, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtMapViewOfSection + B 776983D3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + 6 7769845E 4 Bytes [68, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenFile + B 77698463 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + 6 776984DE 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcess + B 776984E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + 6 776984EE 4 Bytes CALL 76699BF4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessToken + B 776984F3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + 6 776984FE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenProcessTokenEx + B 77698503 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + 6 7769854E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThread + B 77698553 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + 6 7769855E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadToken + B 77698563 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + 6 7769856E 4 Bytes CALL 76699C75 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtOpenThreadTokenEx + B 77698573 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + 6 776985FE 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryAttributesFile + B 77698603 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + 6 776986AE 4 Bytes CALL 76699DB3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtQueryFullAttributesFile + B 776986B3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + 6 77698B8E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationFile + B 77698B93 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + 6 77698BDE 4 Bytes [28, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtSetInformationThread + B 77698BE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 77698E7E 1 Byte [68]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + 6 77698E7E 4 Bytes [68, 03, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] ntdll.dll!NtUnmapViewOfSection + B 77698E83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + 6 77697C7E 4 Bytes [28, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + B 77697C83 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 776983CE 1 Byte [28]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 776983CE 4 Bytes [28, 03, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + B 776983D3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + 6 7769845E 4 Bytes [68, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + B 77698463 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + 6 776984DE 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + B 776984E3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + 6 776984EE 4 Bytes CALL 76699BF4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + B 776984F3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + 6 776984FE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + B 77698503 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + 6 7769854E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + B 77698553 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + 6 7769855E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + B 77698563 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + 6 7769856E 4 Bytes CALL 76699C75 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + B 77698573 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + 6 776985FE 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + B 77698603 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + 6 776986AE 4 Bytes CALL 76699DB3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + B 776986B3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + 6 77698B8E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + B 77698B93 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + 6 77698BDE 4 Bytes [28, 02, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + B 77698BE3 1 Byte [E2]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 77698E7E 1 Byte [68]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 77698E7E 4 Bytes [68, 03, 17, 00]
.text C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + B 77698E83 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3384] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3400] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe[3960] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-28 21:42:20
-----------------------------
21:42:20.157 OS Version: Windows 6.0.6001 Service Pack 1
21:42:20.157 Number of processors: 1 586 0x1601
21:42:20.157 ComputerName: OWNER-PC UserName: Owner
21:42:33.838 Initialize success
21:42:43.464 AVAST engine defs: 11122801
21:42:58.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
21:42:58.518 Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
21:43:00.624 Disk 0 MBR read successfully
21:43:00.624 Disk 0 MBR scan
21:43:00.639 Disk 0 Windows VISTA default MBR code
21:43:00.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
21:43:00.655 Disk 0 scanning sectors +976771072
21:43:00.733 Disk 0 scanning C:\Windows\system32\drivers
21:43:21.684 Service scanning
21:43:24.944 Modules scanning
21:43:31.746 Disk 0 trace - called modules:
21:43:31.761 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:43:31.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8546e4d0]
21:43:32.276 3 CLASSPNP.SYS[8859c745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x853d58a8]
21:43:35.037 AVAST engine scan C:\Windows
21:43:52.972 AVAST engine scan C:\Windows\system32
21:47:23.555 AVAST engine scan C:\Windows\system32\drivers
21:47:39.175 AVAST engine scan C:\Users\Owner
21:50:43.379 AVAST engine scan C:\ProgramData
21:53:58.690 Scan finished successfully
21:57:24.969 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
21:57:24.984 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_24
Run by Owner at 21:59:04 on 2011-12-28
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2012.1043 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\programdata\sophos web intelligence\swi_lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{46222372-5BE0-4155-8F31-2E740BD9B60E} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\rm1adrw1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PhotoJoy Bar Customized Web Search
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\owner\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-9-27 20392]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2011-12-28 123680]
R1 SKMScan;SKMScan;c:\windows\system32\drivers\skmscan.sys [2011-12-28 31736]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2011-4-14 81920]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-9-27 722616]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-12-28 167960]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-12-28 99864]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2011-5-6 232472]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-12-28 1543704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2011-4-14 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-12-28 24312]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2011-12-28 22536]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-12-28 21:25:04 123680 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-12-28 20:40:21 -------- d-----w- c:\users\owner\appdata\local\Sophos
2011-12-28 20:37:29 -------- d-----w- c:\programdata\Sophos Web Intelligence
2011-12-28 20:36:41 -------- d-----w- c:\program files\common files\Cisco Systems
2011-12-28 20:36:34 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-12-28 20:35:55 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-12-28 20:35:54 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-12-28 20:35:53 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-12-28 20:35:52 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-12-28 20:35:14 -------- d-----w- c:\programdata\Sophos
2011-12-28 20:35:14 -------- d-----w- c:\program files\Sophos
2011-12-28 19:24:26 -------- d-----w- c:\users\owner\appdata\local\temp
2011-12-28 19:23:56 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-28 19:05:22 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-27 04:01:45 -------- d-----w- c:\program files\%windir%
2011-12-27 03:31:47 85973709 ----a-w- C:\Sophos_9.7_UNMNG.exe
2011-12-26 23:22:39 -------- d-----w- c:\program files\CCleaner
2011-12-26 23:21:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 23:21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-23 19:31:25 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8428dbe4-20ea-4730-b980-d361454c7561}\mpengine.dll
2011-12-14 02:19:33 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-12-11 04:17:12 -------- d-----w- c:\users\owner\appdata\local\Facebook
.
==================== Find3M ====================
.
2011-12-12 07:35:20 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-12-12 07:35:02 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-12-12 06:52:12 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
.
============= FINISH: 21:59:49.03 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2011 4:38:15 PM
System Uptime: 12/28/2011 9:39:57 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 371.027 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Facebook Video Calling 1.0.0.8953
FoxTab PDF Converter
Google Chrome
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iolo technologies' System Mechanic
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0.1 (x86 en-US)
Nitro PDF Reader
OpenOffice.org 3.3
PDF to Word
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.3
Sophos Anti-Virus
Sophos AutoUpdate
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
VLC media player 1.1.7
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/28/2011 9:40:19 PM, Error: EventLog [6008] - The previous system shutdown at 9:38:13 PM on 12/28/2011 was unexpected.
12/28/2011 2:20:31 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
12/28/2011 2:09:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt tdx
12/28/2011 2:09:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/28/2011 2:02:53 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/28/2011 12:35:13 AM, Error: EventLog [6008] - The previous system shutdown at 12:01:24 AM on 12/28/2011 was unexpected.
12/28/2011 1:44:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/27/2011 3:04:17 PM, Error: EventLog [6008] - The previous system shutdown at 3:02:13 PM on 12/27/2011 was unexpected.
12/27/2011 11:48:48 AM, Error: EventLog [6008] - The previous system shutdown at 11:47:13 AM on 12/27/2011 was unexpected.
12/27/2011 11:40:28 AM, Error: Service Control Manager [7030] - The USB Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/27/2011 11:16:04 PM, Error: EventLog [6008] - The previous system shutdown at 7:30:01 PM on 12/27/2011 was unexpected.
12/26/2011 9:34:24 PM, Error: EventLog [6008] - The previous system shutdown at 9:32:18 PM on 12/26/2011 was unexpected.
12/26/2011 6:36:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElRawDisk i8042prt spldr Wanarpv6
12/26/2011 6:30:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
12/26/2011 6:30:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/26/2011 6:14:01 PM, Error: EventLog [6008] - The previous system shutdown at 6:12:17 PM on 12/26/2011 was unexpected.
12/26/2011 5:36:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/26/2011 5:36:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/26/2011 5:36:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/26/2011 5:36:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/26/2011 5:36:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/26/2011 5:36:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
12/26/2011 5:36:04 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.
12/26/2011 5:36:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/26/2011 5:35:50 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/26/2011 5:19:27 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/26/2011 5:19:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/26/2011 5:19:27 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
12/26/2011 5:19:27 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/26/2011 3:04:16 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document lasagna_recipe_2011c.pdf, owned by Owner, failed to print on printer Brother HL-5040 (Copy 1). Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 14155064. Number of bytes printed: 0. Total number of pages in the document: 4. Number of pages printed: 0. Client computer: \\OWNER-PC. Win32 error code returned by the print processor: 2. The system cannot find the file specified.
12/26/2011 10:37:13 PM, Error: EventLog [6008] - The previous system shutdown at 10:36:07 PM on 12/26/2011 was unexpected.
12/22/2011 10:46:50 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:08 AM on 12/22/2011 was unexpected.
12/21/2011 10:46:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
.
==== End Of File ===========================
December 28th, 2011, 11:20 PM
Broni
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
December 29th, 2011, 04:21 PM
scarecrow

I think the computer is fine now. My sister doesn't want me to mess with it anymore, so I think we can close this thread. I appreciate all of your help.
December 29th, 2011, 04:42 PM
Broni

Just keep in mind couple of rules I posted at the very beginning:

Quote:

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
December 29th, 2011, 05:42 PM
scarecrow

1 Attachment(s)

The text was too long, so I'm attaching the file instead.
December 29th, 2011, 05:53 PM
Broni

No. Split the log between couple of replies.
December 29th, 2011, 06:01 PM
scarecrow

ComboFix 11-12-29.04 - Owner 12/29/2011 16:16:06.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3036.1952 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----- File Replicators -----
.
c:\programdata\Adobe\ARM\Reader_10.0.1\10224\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\10224\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\10224\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\10811\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\10811\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\10811\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11280\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11280\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11280\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1144\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1144\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1144\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11465\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11465\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11465\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1155\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1155\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1155\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1172\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1172\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1172\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11999\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11999\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\11999\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12510\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12510\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12510\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12638\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12638\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12638\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12740\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12740\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12740\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12773\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12773\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12773\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12845\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12845\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12845\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12907\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12907\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\12907\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1300\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1300\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1300\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13001\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13001\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13001\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13152\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13152\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13152\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13245\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13245\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13245\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13359\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13359\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13359\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13373\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13373\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13373\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13534\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13534\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13534\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13728\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13728\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\13728\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14251\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14251\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14251\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14418\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14418\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14418\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14579\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14579\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14579\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14591\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14591\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\14591\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1475\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1475\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1475\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15544\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15544\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15544\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15756\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15756\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15756\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15822\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15822\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15822\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15860\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15860\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15860\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15994\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15994\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\15994\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16332\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16332\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16332\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16627\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16627\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16627\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16686\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16686\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16686\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16711\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16711\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16711\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16791\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16791\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16791\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16850\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16850\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\16850\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1688\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1688\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1688\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17046\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17046\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17046\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17071\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17071\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17071\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17358\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17358\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17358\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17363\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17363\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17363\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17827\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17827\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\17827\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18007\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18007\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18007\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18113\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18113\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18113\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18211\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18211\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18211\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1881\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1881\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\1881\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18879\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18879\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18879\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18945\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18945\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18945\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18991\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18991\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\18991\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19127\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19127\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19127\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19169\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19169\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19169\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19232\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19232\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19232\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19370\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19370\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\19370\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\20080\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\20080\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\20080\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\20544\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\20544\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\20544\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21008\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21008\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21008\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21072\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21072\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21072\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21250\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21250\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21250\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21540\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21540\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21540\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21750\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21750\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21750\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21772\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21772\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21772\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21830\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21830\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21830\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21881\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21881\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\21881\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22249\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22249\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22249\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22343\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22343\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22343\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22367\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22367\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22367\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22451\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22451\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22451\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22465\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22465\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22465\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22538\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22538\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22538\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22544\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22544\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22544\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22649\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22649\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22649\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22864\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22864\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\22864\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\23053\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\23053\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\23053\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\23107\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\23107\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\23107\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2346\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2346\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2346\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2368\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2368\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2368\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2387\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2387\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2387\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2405\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2405\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2405\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\24577\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\24577\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\24577\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\24820\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\24820\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\24820\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25351\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25351\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25351\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25500\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25500\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25500\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25749\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25749\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25749\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25777\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25777\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\25777\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\26453\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\26453\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\26453\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27271\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27271\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27271\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27333\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27333\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27333\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27678\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27678\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27678\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27912\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27912\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\27912\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28002\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28002\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28002\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2834\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2834\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2834\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2840\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2840\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\2840\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28668\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28668\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28668\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28776\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28776\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28776\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28966\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28966\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28966\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28969\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28969\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\28969\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29025\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29025\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29025\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29111\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29111\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29111\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29226\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29226\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29226\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29307\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29307\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29307\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29437\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29437\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29437\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29537\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29537\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29537\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29928\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29928\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\29928\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30070\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30070\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30070\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30219\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30219\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30219\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30304\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30304\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30304\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30393\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30393\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30393\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30920\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30920\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\30920\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3147\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3147\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3147\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31493\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31493\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31493\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31697\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31697\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31697\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3170\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3170\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3170\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31871\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31871\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\31871\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32336\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32336\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32336\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32481\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32481\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32481\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32561\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32561\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32561\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32759\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32759\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\32759\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3328\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3328\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3328\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3355\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3355\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3355\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\340\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\340\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\340\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3766\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3766\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\3766\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\4047\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\4047\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\4047\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\4280\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\4280\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\4280\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\439\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\439\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\439\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\453\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\453\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\453\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5127\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5127\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5127\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5213\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5213\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5213\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5392\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5392\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5392\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5579\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5579\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5579\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5680\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5680\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5680\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5780\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5780\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5780\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5841\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5841\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\5841\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\6101\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\6101\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\6101\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\6452\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\6452\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\6452\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\695\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\695\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\695\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\717\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\717\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\717\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7440\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7440\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7440\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7500\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7500\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7500\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7642\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7642\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7642\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7749\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7749\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7749\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7949\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7949\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\7949\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8089\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8089\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8089\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8216\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8216\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8216\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8413\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8413\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\8413\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9162\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9162\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9162\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9234\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9234\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9234\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9376\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9376\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9376\ReaderUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9688\AcrobatUpdater.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9688\AdobeARM.exe
c:\programdata\Adobe\ARM\Reader_10.0.1\9688\ReaderUpdater.exe
December 29th, 2011, 06:01 PM
scarecrow

c:\users\All Users\Adobe\ARM\Reader_10.0.1\10224\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\10224\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\10224\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\10811\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\10811\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\10811\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11280\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11280\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11280\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1144\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1144\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1144\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11465\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11465\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11465\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1155\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1155\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1155\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1172\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1172\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1172\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11999\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11999\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\11999\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12510\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12510\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12510\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12638\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12638\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12638\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12740\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12740\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12740\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12773\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12773\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12773\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12845\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12845\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12845\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12907\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12907\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\12907\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1300\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1300\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1300\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13001\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13001\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13001\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13152\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13152\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13152\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13245\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13245\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13245\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13359\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13359\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13359\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13373\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13373\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13373\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13534\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13534\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13534\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13728\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13728\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\13728\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14251\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14251\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14251\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14418\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14418\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14418\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14579\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14579\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14579\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14591\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14591\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\14591\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1475\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1475\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1475\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15544\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15544\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15544\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15756\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15756\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15756\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15822\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15822\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15822\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15860\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15860\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15860\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15994\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15994\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\15994\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16332\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16332\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16332\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16627\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16627\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16627\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16686\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16686\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16686\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16711\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16711\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16711\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16791\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16791\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16791\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16850\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16850\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\16850\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1688\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1688\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1688\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17046\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17046\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17046\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17071\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17071\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17071\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17358\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17358\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17358\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17363\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17363\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17363\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17827\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17827\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\17827\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18007\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18007\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18007\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18113\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18113\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18113\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18211\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18211\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18211\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1881\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1881\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\1881\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18879\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18879\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18879\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18945\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18945\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18945\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18991\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18991\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\18991\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19127\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19127\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19127\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19169\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19169\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19169\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19232\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19232\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19232\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19370\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19370\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\19370\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\20080\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\20080\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\20080\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\20544\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\20544\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\20544\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21008\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21008\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21008\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21072\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21072\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21072\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21250\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21250\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21250\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21540\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21540\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21540\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21750\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21750\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21750\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21772\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21772\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21772\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21830\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21830\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21830\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21881\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21881\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\21881\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22249\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22249\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22249\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22343\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22343\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22343\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22367\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22367\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22367\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22451\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22451\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22451\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22465\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22465\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22465\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22538\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22538\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22538\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22544\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22544\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22544\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22649\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22649\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22649\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22864\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22864\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\22864\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\23053\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\23053\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\23053\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\23107\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\23107\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\23107\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2346\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2346\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2346\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2368\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2368\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2368\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2387\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2387\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2387\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2405\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2405\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2405\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\24577\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\24577\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\24577\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\24820\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\24820\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\24820\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25351\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25351\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25351\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25500\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25500\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25500\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25749\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25749\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25749\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25777\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25777\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\25777\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\26453\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\26453\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\26453\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27271\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27271\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27271\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27333\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27333\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27333\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27678\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27678\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27678\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27912\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27912\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\27912\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28002\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28002\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28002\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2834\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2834\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2834\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2840\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2840\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\2840\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28668\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28668\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28668\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28776\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28776\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28776\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28966\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28966\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28966\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28969\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28969\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\28969\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29025\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29025\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29025\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29111\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29111\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29111\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29226\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29226\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29226\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29307\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29307\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29307\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29437\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29437\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29437\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29537\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29537\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29537\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29928\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29928\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\29928\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30070\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30070\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30070\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30219\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30219\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30219\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30304\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30304\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30304\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30393\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30393\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30393\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30920\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30920\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\30920\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3147\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3147\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3147\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31493\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31493\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31493\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31697\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31697\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31697\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3170\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3170\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3170\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31871\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31871\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\31871\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32336\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32336\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32336\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32481\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32481\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32481\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32561\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32561\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32561\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32759\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32759\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\32759\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3328\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3328\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3328\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3355\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3355\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3355\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\340\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\340\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\340\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3766\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3766\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\3766\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\4047\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\4047\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\4047\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\4280\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\4280\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\4280\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\439\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\439\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\439\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\453\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\453\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\453\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5127\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5127\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5127\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5213\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5213\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5213\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5392\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5392\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5392\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5579\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5579\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5579\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5680\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5680\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5680\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5780\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5780\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5780\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5841\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5841\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\5841\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\6101\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\6101\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\6101\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\6452\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\6452\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\6452\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\695\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\695\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\695\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\717\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\717\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\717\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7440\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7440\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7440\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7500\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7500\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7500\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7642\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7642\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7642\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7749\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7749\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7749\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7949\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7949\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\7949\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8089\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8089\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8089\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8216\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8216\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8216\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8413\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8413\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\8413\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9162\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9162\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9162\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9234\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9234\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9234\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9376\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9376\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9376\ReaderUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9688\AcrobatUpdater.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9688\AdobeARM.exe
c:\users\All Users\Adobe\ARM\Reader_10.0.1\9688\ReaderUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 21:27 . 2011-12-29 21:28 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-12-29 21:27 . 2011-12-29 21:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-29 21:27 . 2011-12-29 21:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-29 21:27 . 2011-12-29 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-28 21:25 . 2011-12-28 21:25 123680 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-12-28 20:40 . 2011-12-28 20:40 -------- d-----w- c:\users\Owner\AppData\Local\Sophos
2011-12-28 20:37 . 2011-12-28 20:37 -------- d-----w- c:\programdata\Sophos Web Intelligence
2011-12-28 20:36 . 2011-12-28 20:36 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-12-28 20:36 . 2011-12-28 20:35 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-12-28 20:35 . 2011-12-28 20:35 24312 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-12-28 20:35 . 2011-12-28 20:35 31736 ----a-w- c:\windows\system32\drivers\skmscan.sys
2011-12-28 20:35 . 2011-12-28 20:35 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-12-28 20:35 . 2011-12-28 20:35 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-12-28 20:35 . 2011-12-28 20:36 -------- d-----w- c:\programdata\Sophos
2011-12-28 20:35 . 2011-12-28 20:36 -------- d-----w- c:\program files\Sophos
2011-12-28 19:05 . 2008-01-21 02:24 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-27 04:01 . 2011-12-27 04:01 -------- d-----w- c:\program files\%windir%
2011-12-27 03:31 . 2011-12-27 00:30 85973709 ----a-w- C:\Sophos_9.7_UNMNG.exe
2011-12-26 23:22 . 2011-12-26 23:28 -------- d-----w- c:\program files\CCleaner
2011-12-26 23:21 . 2011-12-28 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-26 23:21 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-25 16:45 . 2011-12-25 16:45 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-23 19:31 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8428DBE4-20EA-4730-B980-D361454C7561}\mpengine.dll
2011-12-14 02:19 . 2011-12-14 02:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 04:17 . 2011-12-11 04:18 -------- d-----w- c:\users\Owner\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 07:35 . 2011-09-28 00:20 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-12-12 07:35 . 2011-09-28 00:20 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-12-12 06:52 . 2011-09-28 00:20 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-11-24 02:59 . 2011-05-07 02:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-05-06 494616]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-12-12 606904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-09-27 23:09 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-12-11 04:17 137536 ----atw- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-28 20:44 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-25 15:42 178712 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-25 15:42 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2011-12-12 06:47 606904 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 22:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-25 15:42 154136 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-04 21:16 6265376 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-12-28 24312]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-12-28 22536]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-12-28 123680]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2011-12-28 31736]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-15 81920]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-12-12 722616]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-12-28 167960]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-12-28 99864]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-12-28 1543704]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-07-15 112128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 04:17]
.
2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 04:17]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 20:44]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-28 20:44]
.
2011-09-27 c:\windows\Tasks\User_Feed_Synchronization-{8E2A636F-687E-4F61-ADB8-E4CD1B37C698}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PhotoJoy Bar Customized Web Search
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 16:27
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-29 16:35:33
ComboFix-quarantined-files.txt 2011-12-29 21:35
ComboFix2.txt 2011-05-18 22:02
.
- - End Of File - - 38E8AFD6CEAAFE5D6860E918AB2370B2
December 29th, 2011, 06:21 PM
Broni
Looks good.

How is computer doing?

Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
December 29th, 2011, 06:59 PM
scarecrow

OTL logfile created on: 12/29/2011 5:47:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.89% Memory free
6.16 Gb Paging File | 5.13 Gb Available in Paging File | 83.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 369.31 Gb Free Space | 79.29% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 17:44:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/12/28 16:37:02 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/12/28 15:50:28 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/12/28 15:36:00 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/12/12 01:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/05/27 23:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/05/06 12:36:09 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/05/06 12:36:08 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/01/14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/15 11:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/12/28 16:37:02 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/12/28 15:50:28 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/12/28 15:36:00 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/12/12 01:47:08 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/09/27 18:09:13 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/05/06 12:36:08 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/01/14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2008/07/15 11:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/28 16:25:07 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011/12/28 15:35:55 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/12/28 15:35:54 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011/12/28 15:35:52 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2009/01/20 13:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/07/15 14:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2928659668-848875194-4117170034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2928659668-848875194-4117170034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2928659668-848875194-4117170034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2928659668-848875194-4117170034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PhotoJoy Bar Customized Web Search"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 21:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 21:11:28 | 000,000,000 | ---D | M]

[2011/04/14 10:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/12/28 14:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\extensions
[2011/04/21 21:05:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 21:10:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/28 14:57:20 | 000,000,000 | ---D | M] (PhotoJoy Bar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\extensions\{cf45c54f-801c-41b5-ac77-57f2bf418edc}
[2011/11/10 18:28:00 | 000,000,927 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rm1adrw1.default\searchplugins\conduit.xml
[2011/11/23 21:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/23 21:59:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/29 20:57:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 21:59:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: AdBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.9_0\

O1 HOSTS File: ([2011/12/28 14:19:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKU\S-1-5-21-2928659668-848875194-4117170034-1000..\Run: [Spotify] C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2928659668-848875194-4117170034-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2928659668-848875194-4117170034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46222372-5BE0-4155-8F31-2E740BD9B60E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2928659668-848875194-4117170034-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 17:43:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/12/29 17:33:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Spotify
[2011/12/29 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/12/29 16:35:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/12/29 16:34:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/28 16:25:04 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2011/12/28 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/28 15:40:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Sophos
[2011/12/28 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WinRAR
[2011/12/28 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/28 15:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/28 15:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2011/12/28 15:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/12/28 15:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/12/28 15:36:34 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2011/12/28 15:35:55 | 000,024,312 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2011/12/28 15:35:54 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2011/12/28 15:35:53 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/12/28 15:35:52 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2011/12/28 15:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/12/28 15:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/12/26 23:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\%windir%
[2011/12/26 22:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/12/26 18:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/26 18:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 18:21:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/26 18:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/25 11:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/25 11:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/10 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Facebook

========== Files - Modified Within 30 Days ==========

[2011/12/29 17:49:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
[2011/12/29 17:48:57 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 17:48:57 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 17:44:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/12/29 17:33:56 | 000,001,711 | ---- | M] () -- C:\Users\Owner\Desktop\Spotify.lnk
[2011/12/29 17:22:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
[2011/12/29 15:48:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 15:48:44 | 3182,456,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 23:22:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
[2011/12/28 18:21:40 | 000,001,911 | ---- | M] () -- C:\Users\Owner\Desktop\System Mechanic.lnk
[2011/12/28 16:25:07 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2011/12/28 16:06:20 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/12/28 16:06:20 | 000,002,004 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/28 15:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
[2011/12/28 15:35:57 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2011/12/28 15:35:55 | 000,024,312 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys
[2011/12/28 15:35:54 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys
[2011/12/28 15:35:53 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll
[2011/12/28 15:35:52 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2011/12/28 14:19:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/27 11:43:27 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/27 11:43:27 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/26 22:34:20 | 000,099,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/26 22:34:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 19:30:22 | 085,973,709 | ---- | M] () -- C:\Sophos_9.7_UNMNG.exe
[2011/12/22 00:04:47 | 000,072,622 | ---- | M] () -- C:\Users\Owner\Documents\mymoney.pdf
[2011/12/19 18:49:23 | 000,010,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 02:35:20 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2011/12/12 02:35:02 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2011/12/12 01:52:12 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 22:33:40 | 000,040,555 | ---- | M] () -- C:\Users\Owner\Documents\d9ujbh.jpg
[2011/12/09 22:25:14 | 000,006,950 | ---- | M] () -- C:\Users\Owner\Documents\PART_1323487467192.jpeg
[2011/12/01 08:13:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf

========== Files Created - No Company Name ==========

[2011/12/29 17:33:56 | 000,001,711 | ---- | C] () -- C:\Users\Owner\Desktop\Spotify.lnk
[2011/12/29 17:33:56 | 000,001,697 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/12/29 16:12:59 | 000,060,416 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2011/12/28 17:52:23 | 000,001,911 | ---- | C] () -- C:\Users\Owner\Desktop\System Mechanic.lnk
[2011/12/28 16:06:20 | 000,002,042 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/12/28 16:06:20 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/28 15:44:43 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
[2011/12/28 15:44:42 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
[2011/12/28 13:45:54 | 3182,456,832 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/27 11:43:27 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/12/27 11:43:27 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2011/12/26 22:31:47 | 085,973,709 | ---- | C] () -- C:\Sophos_9.7_UNMNG.exe
[2011/12/21 23:49:57 | 000,072,622 | ---- | C] () -- C:\Users\Owner\Documents\mymoney.pdf
[2011/12/10 23:17:22 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
[2011/12/10 23:17:19 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
[2011/12/09 22:33:25 | 000,040,555 | ---- | C] () -- C:\Users\Owner\Documents\d9ujbh.jpg
[2011/12/09 22:25:12 | 000,006,950 | ---- | C] () -- C:\Users\Owner\Documents\PART_1323487467192.jpeg
[2011/12/01 08:13:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/09/27 19:12:28 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/05/18 16:54:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/18 16:54:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/18 16:54:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/18 16:54:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/18 16:54:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/05 18:38:17 | 000,010,240 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/23 16:46:49 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/04/21 16:15:22 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/04/19 20:52:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/16 15:12:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/16 15:12:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/04/14 10:19:31 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/04/14 10:19:30 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/04/14 10:19:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2011/04/14 10:19:30 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2011/04/14 10:19:29 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/04/13 12:42:30 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,399,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,099,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/27 19:25:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iolo
[2011/09/03 19:08:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nitro PDF
[2011/04/21 16:15:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2011/04/15 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/12/29 17:42:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/12/28 23:22:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000Core.job
[2011/12/29 17:22:03 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2928659668-848875194-4117170034-1000UA.job
[2011/12/29 15:37:44 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/27 18:00:20 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E2A636F-687E-4F61-ADB8-E4CD1B37C698}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2011/04/13 16:33:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/29 16:35:36 | 000,070,644 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/12/29 15:48:44 | 3182,456,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 15:48:42 | 3498,319,872 | -HS- | M] () -- C:\pagefile.sys
[2011/12/26 19:30:22 | 085,973,709 | ---- | M] () -- C:\Sophos_9.7_UNMNG.exe
[2011/08/08 14:27:18 | 018,366,440 | ---- | M] (iolo technologies, LLC ) -- C:\SystemMechanic.exe

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/22 10:33:38 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/29 17:44:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/12/28 16:39:55 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/12/28 16:39:25 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/12/28 15:36:35 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/12/28 15:36:35 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/12/28 16:39:25 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/13 12:42:44 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-23 19:31:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD

< End of report >
December 29th, 2011, 07:00 PM
scarecrow

the computer is running great! thanks a lot. here are the files:

OTL Extras logfile created on: 12/29/2011 5:47:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.89% Memory free
6.16 Gb Paging File | 5.13 Gb Available in Paging File | 83.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 369.31 Gb Free Space | 79.29% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DF79DDB-DD03-45D2-843C-6E0D33FB7229}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047F646C-E827-4A3B-8EDC-535F36ECE7D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{16DAF982-7CED-4BD0-BC01-605E430D565F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44B89169-5183-4A8B-AE00-E01561614E9A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{54B8E0FB-5C96-42AC-8E36-C9ED570230E8}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{707E2836-5472-416F-B9CA-FA62FA734DAC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{948A98C6-EE60-4492-8788-663357ED7268}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C24F4ABB-CCC9-4B19-BADF-D8CA9A6F903C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E1296FFB-0D34-415A-87B7-B6E31824725C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E954A571-C782-440F-9309-AA34F1D05C2F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E97ADA57-9B91-4BB4-89D3-3B0D81F8A1E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5850916-350C-4F62-80AD-85CEBFFF7DE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{671E07EC-5957-44D8-B16D-7E169AD82F2A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{3BFB44F2-21AB-463F-A237-958EBCBFF5C3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2881063B-C58F-49EB-97FD-8BF58EC580F9}" = Nitro PDF Reader
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2928659668-848875194-4117170034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 10:49:05 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3002
Description =

Error - 12/29/2011 1:50:05 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2011 1:54:41 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3002
Description =

Error - 12/29/2011 4:35:44 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 12/29/2011 4:36:06 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 12/29/2011 4:36:06 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/29/2011 4:36:51 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2011 4:50:30 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2011 4:54:30 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3002
Description =

Error - 12/29/2011 6:22:48 PM | Computer Name = Owner-PC | Source = LoadPerf | ID = 3002
Description =

[ OSession Events ]
Error - 8/1/2011 11:45:58 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6244
seconds with 180 seconds of active time. This session ended with a crash.

Error - 10/1/2011 11:09:08 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23438
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 10/23/2011 11:17:39 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36358
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 10/25/2011 10:28:25 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6310
seconds with 300 seconds of active time. This session ended with a crash.

Error - 12/11/2011 12:42:57 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27479
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/17/2011 5:20:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/18/2011 4:52:18 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/18/2011 4:53:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/19/2011 1:23:07 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/19/2011 1:24:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/20/2011 12:33:54 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/20/2011 2:27:44 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/20/2011 2:29:00 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/21/2011 1:57:34 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 8/21/2011 1:58:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >
December 29th, 2011, 07:12 PM
Broni
Good news :)

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  Code:
  
  :OTL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD :Commands [purity] [emptytemp] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
===============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
==========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.

Show 40 post(s) from this thread on one page