Mantawa

I uninstalled chrome and re-installed it. That seems to have worked. What do you recommend?

I should tell you that I ran OTL twice... the first time I received the following report. I figured that I just didn't paste the text completely and tried again. Error: Unable to interpret <CHR - default_search_provider: WhiteSmoke Search (Enabled)> in the current context! Error: Unable to interpret <CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860> in the current context! Error: Unable to interpret <CHR - default_search_provider: suggest_url => in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860> in the current context! Error: Unable to interpret <IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context! Error: Unable to interpret <O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found> in the current context! OTL by OldTimer - Version 3.2.35.1 log created on 03072012_071341

========== OTL ========== Unable to fix default_search_provider items. Unable to fix default_search_provider items. Unable to fix default_search_provider items. HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry key HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004_Classes\.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004_Classes\ComFile\ not found. HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully! OTL by OldTimer - Version 3.2.35.1 log created on 03072012_071528

OTL Extras logfile created on: 3/6/2012 9:36:04 PM - Run 1 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\USER\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 15.97% Memory free 3.85 Gb Paging File | 1.73 Gb Available in Paging File | 45.04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 106.78 Gb Total Space | 13.62 Gb Free Space | 12.76% Space Free | Partition Type: NTFS Drive D: | 5.00 Gb Total Space | 2.93 Gb Free Space | 58.56% Space Free | Partition Type: NTFS Drive E: | 111.79 Gb Total Space | 30.00 Gb Free Space | 26.83% Space Free | Partition Type: NTFS Drive F: | 546.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: OPTERON | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .cmd [@ = cmdfile] -- Reg Error: Key error. File not found .com [@ = ComFile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- Reg Error: Key error. File not found .vbs [@ = VBSFile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "29126:TCP" = 29126:TCP:*:Enabled:Azureus "57479:TCP" = 57479:TCP:*:Enabled:bittorrent "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "1886:TCP" = 1886:TCP:*:Enabled:Genieo ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB) "C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe" = C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe" = C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe:*:Enabled:Terraria -- (Re-Logic) "C:\Documents and Settings\USER\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\USER\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1314ED6A-FDAC-41BC-A7BA-3582FF883F3A}" = Community Smartbar "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools "{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari "{30E10267-3B27-42CC-B727-681DEBD30C4D}" = Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4642B082-DBC9-44CA-87F3-7A0B997B9590}" = Brother HL-5250DN "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{491EAC1A-8ECB-45D5-97D1-0583D5676914}" = ProMash "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012 "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{53C239F5-7E23-493D-8FB6-F8EEEA5C2154}" = Garmin Training Center "{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}" = SolidWorks Explorer 2007 sp0 "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B5E816C-A761-4F5B-BF48-84B794556CAA}_is1" = Freelang Dictionary (wordlist) "{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3 "{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC "{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007 "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8AC9520B-25F3-4B3C-B83A-2E4B51AF8DEC}" = Fritz8 "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95FCA50A-CF7D-457E-AF69-F058F8BC2844}" = SolidWorks 2007 SP0 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE2AFE1-617E-478F-9BE5-DABB63B4380A}" = COSMOSMotion 2007 SP0 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{A83C5D20-CA65-432E-B103-730664547FB5}" = Tina 9 - TI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9 "{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E}" = COSMOSWorks 2007 SP0 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder "{E0000600-0600-0600-0600-000000000600}" = ICS Viewer 6.0 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012 "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5 "{FAF88B432344413595BB2DED98385684}" = DivX User Guide "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "7-Zip" = 7-Zip 9.15 beta "7-Zip 9.20" = 7-Zip 9.20 "Across Lite 2.0" = Across Lite 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10 "Audacity_is1" = Audacity 1.2.6 "AVG" = AVG 2012 "AVG Secure Search" = AVG Security Toolbar "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "BeerSmith 2" = BeerSmith 2 "BetterLinksChrome" = BetterLinks v1.0.7 (remove only) "BitTorrent" = BitTorrent "Canon CanoScan LiDE 200 User Registration" = Canon CanoScan LiDE 200 User Registration "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner (remove only) "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows4.0" = Coupon Printer for Windows "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Creative NOMAD II Driver" = Creative NOMAD II Driver "EpicPlay" = EpicPlay "ESET Online Scanner" = ESET Online Scanner v3 "HammerHead Rhythm Station" = HammerHead Rhythm Station "Hugin_release_is1" = Hugin 2009.4.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "iLivid" = iLivid "InfraRecorder" = InfraRecorder "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "LVG332" = 3rd Grade "Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221) "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "oggcodecs" = oggcodecs 0.71.0946 "PrimoPDF2.0" = PrimoPDF "PUBLISHERR" = Microsoft Office Publisher 2007 Trial "PunkBusterSvc" = PunkBuster Services "QuicktimeAlt_is1" = QuickTime Alternative 1.69 "R for Windows_is1" = R for Windows 2.5.1 "RealPlayer 12.0" = RealPlayer "RegistryBooster 2_is1" = Uniblue RegistryBooster 2 "Sendori" = Sendori "SopCast" = SopCast 3.2.9 "SpywareBlaster_is1" = SpywareBlaster 4.2 "ST6UNST #1" = Machinehead GearCalc Pro (32 bit) "Steam App 105600" = Terraria "Steam App 1250" = Killing Floor "TomTom HOME" = TomTom HOME 2.8.2.2264 "Veetle TV" = Veetle TV 0.9.18 "vShare" = vShare Plugin "WBA_F.C Toolbar" = WBA F.C. Toolbar "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WinAVR" = WinAVR 20060125 (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Energy Blue Theme Pack" = Windows XP Energy Blue Theme Pack "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "XP Codec Pack" = XP Codec Pack "Xvid_is1" = Xvid 1.2.2 final uninstall "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in "BitTorrent DNA" = DNA "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/4/2012 4:16:31 PM | Computer Name = OPTERON | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2001141 Error - 3/4/2012 4:16:31 PM | Computer Name = OPTERON | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2001141 Error - 3/4/2012 4:33:57 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000 Description = Faulting application javaw.exe, version 6.0.260.3, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0001245f. Error - 3/4/2012 4:34:06 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001 Description = Fault bucket -1809748939. Error - 3/6/2012 2:58:05 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000 Description = Faulting application javaw.exe, version 6.0.260.3, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0001240b. Error - 3/6/2012 2:58:09 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001 Description = Fault bucket -1814028883. Error - 3/6/2012 3:05:28 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000 Description = Faulting application javaw.exe, version 6.0.260.3, faulting module nvoglnt.dll, version 6.14.11.9745, fault address 0x00717a16. Error - 3/6/2012 3:05:32 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001 Description = Fault bucket -1813797555. Error - 3/6/2012 6:45:05 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000 Description = Faulting application javaw.exe, version 6.0.260.3, faulting module nvoglnt.dll, version 6.14.11.9745, fault address 0x00717a39. Error - 3/6/2012 6:45:09 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001 Description = Fault bucket -1813594957. [ System Events ] Error - 3/2/2012 8:35:19 AM | Computer Name = OPTERON | Source = Dhcp | ID = 1002 Description = The IP address lease 10.0.0.7 for the Network Card with network address 0015F2170C12 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message). Error - 3/2/2012 10:13:13 AM | Computer Name = OPTERON | Source = BROWSER | ID = 8032 Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F4688967-C48E-4E37-9106-7A7BF9CDB52F}. The backup browser is stopping. Error - 3/2/2012 6:40:25 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000 Description = The Active Common Service service failed to start due to the following error: %%3 Error - 3/2/2012 6:40:25 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000 Description = The IWin service service failed to start due to the following error: %%3 Error - 3/2/2012 6:43:44 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000 Description = The Active Common Service service failed to start due to the following error: %%3 Error - 3/2/2012 6:43:44 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000 Description = The IWin service service failed to start due to the following error: %%3 Error - 3/3/2012 7:46:28 AM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000 Description = The Active Common Service service failed to start due to the following error: %%3 Error - 3/3/2012 7:46:28 AM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000 Description = The IWin service service failed to start due to the following error: %%3 Error - 3/4/2012 3:23:55 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7034 Description = The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s). Error - 3/5/2012 11:14:51 PM | Computer Name = OPTERON | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 10.0.0.4 on the Network Card with network address 0015F2170C12. < End of report >

OTL logfile created on: 3/6/2012 9:36:04 PM - Run 1 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\USER\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 15.97% Memory free 3.85 Gb Paging File | 1.73 Gb Available in Paging File | 45.04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 106.78 Gb Total Space | 13.62 Gb Free Space | 12.76% Space Free | Partition Type: NTFS Drive D: | 5.00 Gb Total Space | 2.93 Gb Free Space | 58.56% Space Free | Partition Type: NTFS Drive E: | 111.79 Gb Total Space | 30.00 Gb Free Space | 26.83% Space Free | Partition Type: NTFS Drive F: | 546.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive H: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: OPTERON | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/06 21:35:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe PRC - [2012/03/06 06:49:49 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe PRC - [2012/01/18 07:14:52 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2011/12/01 17:47:12 | 000,076,096 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriTray.exe PRC - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriSvc.exe PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/08/02 14:21:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/05/04 03:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2005/12/27 10:32:12 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe ========== Modules (No Company Name) ========== MOD - [2012/03/06 06:49:48 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll MOD - [2012/03/06 06:49:46 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll MOD - [2012/03/06 06:48:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avutil-51.dll MOD - [2012/03/06 06:48:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avformat-53.dll MOD - [2012/03/06 06:48:19 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avcodec-53.dll MOD - [2012/02/28 16:00:47 | 014,415,144 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll MOD - [2012/02/28 16:00:37 | 000,857,896 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll MOD - [2012/02/28 16:00:36 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll MOD - [2012/02/28 16:00:36 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll MOD - [2012/02/28 16:00:36 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll MOD - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe MOD - [2012/01/18 07:14:52 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2011/11/19 06:42:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011/10/24 04:33:11 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\lwjgl.dll MOD - [2011/10/24 04:33:11 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\OpenAL32.dll MOD - [2011/10/24 04:33:11 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\jinput-dx8.dll MOD - [2011/10/24 04:33:11 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\jinput-raw.dll MOD - [2010/03/31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004/02/25 18:31:24 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater) SRV - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Sendori) SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/07 16:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus® SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/28 17:02:25 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper) SRV - [2005/12/27 10:32:12 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WinDriver6) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SDDMI2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT) DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alaahwxf) DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/12/13 19:32:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/07/16 02:00:31 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2009/01/21 12:03:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrpmpr5.sys -- (BVRPMPR5) DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer) DRV - [2008/04/13 13:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2007/09/04 18:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\amdppm.sys -- (AmdPPM) DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/03/18 14:16:59 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2006/03/18 14:16:59 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2006/03/18 14:16:57 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2005/11/02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\copperhd.sys -- (UsbFltr) DRV - [2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce DRV - [2004/11/17 06:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/11/05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004/08/12 21:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004/05/19 06:51:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wusbgxp.sys -- (PRISM_A02) DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI) DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{7640701C-2E82-47F8-9AF5-756184174422}: "URL" = http://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{82936E37-1C9C-4612-91C6-3F465462D835}: "URL" = http://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{975CB869-B881-4DCB-BD60-A9FD6F8ED7AF}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{B40870B4-C7B8-4CDE-A660-CA1365BA0531}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.1.0.01 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 11:52:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\USER\Local Settings\Application Data\RewardsArcade\498\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/18 07:32:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 3\components [2012/01/18 08:03:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 3\plugins [2012/01/18 07:21:34 | 000,000,000 | ---D | M] [2011/05/19 13:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2009/12/25 10:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/02/28 16:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions [2010/03/07 11:36:57 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010/07/01 19:21:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/14 15:54:56 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66} [2009/12/06 15:36:40 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011/05/15 17:47:45 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2008/09/03 12:40:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2011/12/22 00:19:56 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\textlinks@epicplay.com [2009/12/11 13:44:26 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\toolbar@shopathome.com [2012/02/28 16:08:28 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\wecarereminder@bryan [2011/02/01 16:21:37 | 000,005,282 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\searchplugins\Foxtab Web Search.xml [2008/11/11 20:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/18 07:32:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7 [2012/02/04 11:52:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4 [2010/07/04 12:29:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll [2008/01/07 19:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2007/01/28 11:12:30 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll ========== Chrome ========== CHR - default_search_provider: WhiteSmoke Search (Enabled) CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 CHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: GamePlayLabs Plugin (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\plugins\NPcol400.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np-mswmp.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npMozCouponPrinter.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AVG Safe Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: Weather Underground = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\ O1 HOSTS File: ([2012/03/04 14:34:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (WBA F.C. Toolbar) - {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - C:\Program Files\WBA_F.C\prxtbWBA1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (WBA F.C. Toolbar) - {6DE481F0-7179-4AD6-A857-3DCBCFBB24D4} - C:\Program Files\WBA_F.C\prxtbWBA1.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sendori Tray Icon.lnk = C:\Program Files\Sendori\SendoriTray.exe (Sendori, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class) O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class) O16 - DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} http://www.wildpockets.com/common/WildPocketsLoader-15079.cab (Wild Pockets Loader Plugin Control Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: DhcpNameServer = 68.87.75.194 68.87.64.146 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/14 17:31:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/08/21 13:45:36 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008/09/08 16:13:25 | 000,000,058 | R--- | M] () - H:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2012/03/06 21:35:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe [2012/03/06 09:07:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/03/05 22:19:59 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/03/04 14:17:16 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/03/04 14:13:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/03/04 14:13:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/03/04 14:13:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/03/04 14:13:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/03/04 14:13:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/03/04 14:13:44 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/03/04 14:04:57 | 004,426,766 | R--- | C] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe [2012/03/02 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\RK_Quarantine [2012/03/02 07:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Infection II ========== Files - Modified Within 30 Days ========== [2012/03/06 21:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/03/06 21:35:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe [2012/03/06 20:41:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job [2012/03/06 19:42:53 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Google Chrome.lnk [2012/03/06 19:42:53 | 000,002,260 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/03/06 18:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job [2012/03/06 18:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/03/06 18:32:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job [2012/03/06 18:26:23 | 000,498,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/03/06 18:26:23 | 000,087,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/03/06 17:47:11 | 090,970,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/03/04 17:46:12 | 000,384,099 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2012/03/04 15:24:27 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\HtsysmNT.sys [2012/03/04 14:35:15 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012/03/04 14:34:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/03/04 14:34:26 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/03/04 14:34:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job [2012/03/04 14:31:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/03/04 14:31:11 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys [2012/03/04 14:17:22 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012/03/04 14:05:02 | 004,426,766 | R--- | M] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe [2012/03/02 09:16:47 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2012/03/01 18:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job [2012/02/28 16:27:03 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\spoon.png [2012/02/28 16:03:51 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Terraria.url [2012/02/20 11:54:24 | 000,272,615 | ---- | M] () -- C:\WINDOWS\System32\Appendix B Macroinvertebrate Taxa of Spring Creek and Penns Creek.pdf [2012/02/15 15:44:08 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/02/15 01:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2012/03/04 16:24:02 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys [2012/03/04 14:13:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/03/04 14:13:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/03/04 14:13:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/03/04 14:13:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/03/04 14:13:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/02/28 16:27:03 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\spoon.png [2012/02/28 16:03:51 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\Terraria.url [2012/02/20 11:54:22 | 000,272,615 | ---- | C] () -- C:\WINDOWS\System32\Appendix B Macroinvertebrate Taxa of Spring Creek and Penns Creek.pdf [2012/02/14 16:01:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 16:01:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2011/05/26 18:37:22 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2011/05/19 13:58:34 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011/01/30 19:39:27 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010/12/06 07:57:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2010/12/03 07:16:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/12 21:40:31 | 000,000,360 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2010/10/14 19:25:47 | 000,487,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/07/05 16:06:10 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2010/07/05 16:06:10 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2010/07/05 16:06:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2010/07/05 16:06:10 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2010/06/27 10:05:22 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010/06/18 19:54:55 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PnkBstrK.sys [2010/06/18 19:54:22 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe [2010/06/03 04:24:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/04/03 21:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin ========== LOP Check ========== [2008/04/06 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayTune [2006/03/17 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2012/01/18 07:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2011/10/16 18:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2010/10/14 18:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2008/10/24 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner [2008/10/11 21:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2009/08/23 10:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/02/15 21:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2009/06/16 11:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2010/10/14 21:38:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2009/12/13 19:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2007/04/03 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes [2009/04/08 19:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN [2011/12/30 12:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linkury [2012/03/06 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/10/03 20:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS [2007/10/20 09:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge [2007/02/12 20:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5 [2011/12/22 00:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sendori [2010/07/05 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software [2009/12/25 10:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009/09/28 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs [2008/10/22 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2011/10/24 05:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i [2011/10/24 04:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder [2009/04/15 20:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware [2009/03/21 09:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011/11/19 10:28:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824} [2010/07/04 13:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/12/05 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/10 11:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2006/05/13 10:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.BitTornado [2012/02/28 16:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.minecraft [2011/03/03 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Amazon [2011/08/18 06:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG [2011/10/13 13:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG Secure Search [2011/10/13 13:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG2012 [2008/10/12 19:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Azureus [2011/12/01 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BitTorrent [2010/02/15 21:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canneverbe Limited [2009/11/07 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canon [2011/11/06 15:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Catalina Marketing Corp [2007/07/15 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ChessBase [2009/12/13 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools Lite [2007/04/03 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DassaultSystemes [2008/04/06 12:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DisplayTune [2010/05/13 17:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DNA [2006/05/15 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DWGeditor [2010/07/28 16:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\E-centives [2006/03/17 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Echo Software [2009/04/27 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\eMusic [2009/04/08 19:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GARMIN [2009/03/06 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\gtk-2.0 [2010/03/19 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\KendallHunt [2007/02/17 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2009/04/08 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MotionBased [2011/04/16 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\My Games [2010/11/17 13:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Petroglyph [2010/05/13 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Phex [2007/10/23 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PureEdge [2011/02/27 16:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\RegistryKeys [2011/10/25 18:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Sammsoft [2007/02/12 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\scar5 [2008/01/13 11:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Seven Zip [2008/02/16 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ShredderChess [2010/08/24 17:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\sldIM [2011/10/13 09:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Spotify [2006/03/14 20:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2009/12/25 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2008/10/19 16:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Uniblue [2009/09/28 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\VistaCodecs [2010/12/28 11:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\vShare [2011/04/17 11:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Vso [2011/10/24 05:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\WeatherBug [2012/03/06 18:32:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010/12/03 21:53:36 | 000,000,158 | ---- | M] ()(C:\Documents and Settings\USER\Desktop\????????(Hydatophylax nigrovittatus McLachlan) ??? ???.url) -- C:\Documents and Settings\USER\Desktop\띠무늬우묵날도래(Hydatophylax nigrovittatus McLachlan) 네이버 블로그.url [2010/12/03 21:53:36 | 000,000,158 | ---- | C] ()(C:\Documents and Settings\USER\Desktop\????????(Hydatophylax nigrovittatus McLachlan) ??? ???.url) -- C:\Documents and Settings\USER\Desktop\띠무늬우묵날도래(Hydatophylax nigrovittatus McLachlan) 네이버 블로그.url < End of report >

Chrome is up to date. I cleared browsing history, and looked for suspicious items. I did not see any. I'm still being sent to isearch.whitesmoke.com when i search in chrome's address bar.

Thank you, This seems to have fixed IE. Is there a similar procedure for restoring chrome?

ComboFix 12-03-04.01 - USER 03/05/2012 22:21:50.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1383 [GMT -5:00] Running from: c:\documents and settings\USER\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))) . . 2012-03-04 21:24 . 2012-03-04 20:24 2304 ----a-w- c:\windows\system32\HtsysmNT.sys 2012-03-04 19:32 . 2012-03-04 19:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-03-04 19:32 . 2012-03-04 19:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-03-04 19:32 . 2012-03-04 19:32 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-03-04 19:32 . 2012-03-04 19:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-03-04 19:32 . 2012-03-04 19:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-03-04 19:32 . 2012-03-04 19:32 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-03-04 19:32 . 2012-03-04 19:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-03-04 19:32 . 2012-03-04 19:32 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-03-04 19:31 . 2012-03-04 19:31 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-03-04 19:31 . 2012-03-04 19:31 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-03-04 19:31 . 2012-03-04 19:31 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-03-04 19:31 . 2012-03-04 19:31 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-03-04 19:31 . 2012-03-04 19:31 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-03-04 19:31 . 2012-03-04 19:31 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-03-04 19:31 . 2012-03-04 19:31 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-03-04 19:31 . 2012-03-04 19:31 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-03-04 19:31 . 2012-03-04 19:31 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-02-14 21:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-14 21:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-28 20:55 . 2011-05-30 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-12 16:53 . 2004-08-04 04:17 1859968 ----a-w- c:\windows\system32\win32k.sys 2011-12-22 05:25 . 2008-07-24 13:51 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys 2011-12-22 05:25 . 2009-10-06 23:11 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-12-22 05:25 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-12-19 01:11 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-12-19 00:41 . 2010-06-19 00:54 138056 ----a-w- c:\documents and settings\USER\Application Data\PnkBstrK.sys 2011-12-19 00:40 . 2008-07-24 13:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-12-17 19:46 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-17 19:46 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:46 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-16 12:22 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec 2011-12-10 20:24 . 2010-05-15 01:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}] 2011-05-09 09:49 176936 ----a-w- c:\program files\WBA_F.C\prxtbWBA1.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-18 12:14 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296] . [HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Sendori Tray Icon.lnk - c:\program files\Sendori\SendoriTray.exe [2011-12-1 76096] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2005-12-27 15:32 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-10-07 10:17 323392 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-02 07:11 136176 ----atw- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade] 2008-11-03 00:44 495616 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe] 2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-04 23:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] 2004-12-20 22:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-08-02 19:21 1242448 ----a-w- c:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-21 18:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2010-02-17 06:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"= "c:\\Documents and Settings\\USER\\Application Data\\Spotify\\spotify.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\pandorasaga\\SteamIntegrator.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "29126:TCP"= 29126:TCP:Azureus "57479:TCP"= 57479:TCP:bittorrent "1886:TCP"= 1886:TCP:Genieo . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 7:32 PM 691696] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648] R2 Sendori;Sendori;c:\program files\Sendori\SendoriSvc.exe [12/1/2011 5:47 PM 98624] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/18/2012 7:15 AM 909152] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2008 4:23 PM 47360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [9/17/2008 4:47 PM 16512] S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 12:56 AM 14336] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32] . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32] . 2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job - c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11] . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job - c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11] . 2012-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02] . 2012-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02] . 2006-05-13 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-17 14:04] . 2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146 TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-05 22:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EDEFBE5-5DDF-F27B-7AB3-F2414FD2E5C4}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abnjbionafodmmfjaoajpkhcbnknhhgoom"=hex:61,61,00,00 "bbnjbionafodmmfjaodimeiknepcfifdaeho"=hex:61,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(960) c:\windows\system32\relog_ap.dll . - - - - - - - > 'explorer.exe'(952) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\AVG\AVG2012\avgsysx.dll c:\program files\AVG\AVG2012\avgopensslx.dll c:\program files\AVG\AVG2012\avgntopensslx.dll c:\progra~1\SPYBOT~1\SDHelper.dll . Completion time: 2012-03-05 22:32:57 ComboFix-quarantined-files.txt 2012-03-06 03:32 ComboFix2.txt 2012-03-04 19:40 . Pre-Run: 5,384,318,976 bytes free Post-Run: 5,359,378,432 bytes free . - - End Of File - - 4863E6C01580F00F119794C7ECAA5ACD

ComboFix 12-03-04.01 - USER 03/04/2012 14:24:07.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1491 [GMT -5:00] Running from: c:\documents and settings\USER\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\USER\Application Data\inst.exe c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\searchplugins\bing-zugo.xml c:\documents and settings\USER\Application Data\vso_ts_preview.xml c:\documents and settings\USER\WINDOWS c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\program files\Shared c:\program files\StartNow Toolbar c:\program files\StartNow Toolbar\ReactivateFF.exe c:\program files\StartNow Toolbar\ReactivateIE.exe c:\program files\StartNow Toolbar\Resources\images\engine_images.png c:\program files\StartNow Toolbar\Resources\images\engine_maps.png c:\program files\StartNow Toolbar\Resources\images\engine_news.png c:\program files\StartNow Toolbar\Resources\images\engine_videos.png c:\program files\StartNow Toolbar\Resources\images\engine_web.png c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files\StartNow Toolbar\Resources\images\icon_games.png c:\program files\StartNow Toolbar\Resources\images\icon_msn.png c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files\StartNow Toolbar\Resources\images\icon_travel.png c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files\StartNow Toolbar\Resources\installer.xml c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files\StartNow Toolbar\Resources\skin\separator.png c:\program files\StartNow Toolbar\Resources\skin\splitter.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files\StartNow Toolbar\Resources\toolbar.xml c:\program files\StartNow Toolbar\Resources\update.xml c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files\StartNow Toolbar\Toolbar32.dll c:\program files\StartNow Toolbar\ToolbarBroker.exe c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files\StartNow Toolbar\uninstall.dat C:\Thumbs.db c:\windows\desktop c:\windows\system32\BSTIEPrintCtl1.dll c:\windows\system32\Cache c:\windows\system32\Cache\0be03d606b8b1fa0.fb c:\windows\system32\Cache\240a1c1a5ab80f73.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\826ee1bafdf9f937.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ACTIVE_COMMON_SERVICE -------\Legacy_IWIN_SERVICE -------\Service_Active Common Service -------\Service_IWin service -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 ))))))))))))))))))))))))))))))) . . 2012-03-04 19:32 . 2012-03-04 19:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-03-04 19:32 . 2012-03-04 19:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-03-04 19:32 . 2012-03-04 19:32 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-03-04 19:32 . 2012-03-04 19:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-03-04 19:32 . 2012-03-04 19:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-03-04 19:32 . 2012-03-04 19:32 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-03-04 19:32 . 2012-03-04 19:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-03-04 19:32 . 2012-03-04 19:32 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-03-04 19:31 . 2012-03-04 19:31 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-03-04 19:31 . 2012-03-04 19:31 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-03-04 19:31 . 2012-03-04 19:31 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-03-04 19:31 . 2012-03-04 19:31 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-03-04 19:31 . 2012-03-04 19:31 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-03-04 19:31 . 2012-03-04 19:31 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-03-04 19:31 . 2012-03-04 19:31 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-03-04 19:31 . 2012-03-04 19:31 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-03-04 19:31 . 2012-03-04 19:31 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-02-14 21:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-14 21:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-28 20:55 . 2011-05-30 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-12 16:53 . 2004-08-04 04:17 1859968 ----a-w- c:\windows\system32\win32k.sys 2011-12-22 05:25 . 2008-07-24 13:51 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys 2011-12-22 05:25 . 2009-10-06 23:11 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-12-22 05:25 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-12-19 01:11 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-12-19 00:41 . 2010-06-19 00:54 138056 ----a-w- c:\documents and settings\USER\Application Data\PnkBstrK.sys 2011-12-19 00:40 . 2008-07-24 13:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-12-17 19:46 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-17 19:46 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:46 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-16 12:22 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec 2011-12-10 20:24 . 2010-05-15 01:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}] 2011-05-09 09:49 176936 ----a-w- c:\program files\WBA_F.C\prxtbWBA1.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-18 12:14 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296] . [HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Sendori Tray Icon.lnk - c:\program files\Sendori\SendoriTray.exe [2011-12-1 76096] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2005-12-27 15:32 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-10-07 10:17 323392 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-06-02 07:11 136176 ----atw- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade] 2008-11-03 00:44 495616 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe] 2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-04 23:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] 2004-12-20 22:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-08-02 19:21 1242448 ----a-w- c:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-21 18:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2010-02-17 06:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"= "c:\\Documents and Settings\\USER\\Application Data\\Spotify\\spotify.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "29126:TCP"= 29126:TCP:Azureus "57479:TCP"= 57479:TCP:bittorrent "1886:TCP"= 1886:TCP:Genieo . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 7:32 PM 691696] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648] R2 Sendori;Sendori;c:\program files\Sendori\SendoriSvc.exe [12/1/2011 5:47 PM 98624] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/18/2012 7:15 AM 909152] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2008 4:23 PM 47360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [9/17/2008 4:47 PM 16512] S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 12:56 AM 14336] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32] . 2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job - c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11] . 2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job - c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11] . 2012-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02] . 2012-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02] . 2006-05-13 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-17 14:04] . 2012-03-04 c:\windows\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146 TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-04 14:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EDEFBE5-5DDF-F27B-7AB3-F2414FD2E5C4}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abnjbionafodmmfjaoajpkhcbnknhhgoom"=hex:61,61,00,00 "bbnjbionafodmmfjaodimeiknepcfifdaeho"=hex:61,61,00,00 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(960) c:\windows\system32\relog_ap.dll . - - - - - - - > 'explorer.exe'(3736) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\AVG\AVG2012\avgsysx.dll c:\program files\AVG\AVG2012\avgopensslx.dll c:\program files\AVG\AVG2012\avgntopensslx.dll c:\progra~1\SPYBOT~1\SDHelper.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\NVIDIA Corporation\nTune\nTuneService.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-03-04 14:40:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-04 19:40 . Pre-Run: 5,574,766,592 bytes free Post-Run: 7,113,547,776 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - 068B2B6E868F5B2C98A0E3137D2A4B98

Sorry, I missed that. Just ran it...here it is. ---------------------------------------- Blog This Browser Extension {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll Enabled All Users ---------------------------------------- Skype add-on for Internet Explorer Browser Extension {898EA8C8-E7FF-479B-8935-AEC46303B9E5} C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Enabled All Users ---------------------------------------- Research Browser Extension {92780B25-18CC-41C8-B9BE-3C9C571A8263} C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Enabled All Users ---------------------------------------- n/a Browser Extension {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} C:\PROGRA~1\SPYBOT~1\SDHelper.dll Enabled All Users ---------------------------------------- n/a Browser Extension {E2E2DD38-D088-4134-82B7-F2BA38496583} %windir%\Network Diagnostic\xpnetdiag.exe Enabled All Users ---------------------------------------- Messenger Browser Extension {FB5F1910-F110-11D2-BB9E-00C04F795683} C:\Program Files\Messenger\msmsgs.exe Enabled All Users ---------------------------------------- &Address Toolbar {01E04581-4EEE-11D0-BFE9-00AA005B4383} %SystemRoot%\system32\browseui.dll Enabled Current User ---------------------------------------- &Links Toolbar {0E5CBF21-D15F-11D0-8301-00AA005B4383} %SystemRoot%\system32\SHELL32.dll Enabled Current User ---------------------------------------- (Empty) Toolbar {EF99BD32-C1FB-11D2-892F-0090271D4F88} (empty) Enabled Current User ---------------------------------------- Google Toolbar Toolbar {2318C2B1-4965-11D4-9B18-009027A5CD4F} C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Enabled Current User ---------------------------------------- WBA F.C. Toolbar Toolbar {6DE481F0-7179-4AD6-A857-3DCBCFBB24D4} C:\Program Files\WBA_F.C\prxtbWBA1.dll Enabled Current User ---------------------------------------- (Empty) Toolbar {D4027C7F-154A-4066-A1AD-4243D8127440} (empty) Enabled Current User ---------------------------------------- (Empty) Toolbar {21FA44EF-376D-4D53-9B0F-8A89D3229068} (empty) Enabled Current User ---------------------------------------- (Empty) Toolbar {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} (empty) Enabled Current User ---------------------------------------- WBA F.C. Toolbar Toolbar {6DE481F0-7179-4AD6-A857-3DCBCFBB24D4} C:\Program Files\WBA_F.C\prxtbWBA1.dll Enabled All Users ---------------------------------------- Bing Bar Toolbar {8DCB7100-DF86-4384-8842-8FA844297B3F} "C:\Program Files\Microsoft\BingBar\BingExt.dll" Enabled All Users ---------------------------------------- AVG Security Toolbar Toolbar {95B7759C-8C7F-4BF1-B163-73684A933233} C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll Enabled All Users ---------------------------------------- StartNow Toolbar Toolbar {5911488E-9D1E-40EC-8CBB-06B231CC153F} C:\Program Files\StartNow Toolbar\Toolbar32.dll Enabled All Users ---------------------------------------- Google Toolbar Toolbar {2318C2B1-4965-11D4-9B18-009027A5CD4F} C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Enabled All Users ---------------------------------------- (Empty) BHO {02478D38-C3F9-4EFB-9B51-7695ECA05670} (empty) Enabled All Users ---------------------------------------- Adobe PDF Link Helper BHO {18DF081C-E8AD-4283-A596-FA578C2EBDC3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Enabled All Users ---------------------------------------- AVG Safe Search BHO {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} C:\Program Files\AVG\AVG2012\avgssie.dll Enabled All Users ---------------------------------------- Spybot-S&D IE Protection BHO {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll Enabled All Users ---------------------------------------- EpicPlay BHO {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} (empty) Enabled All Users ---------------------------------------- WBA F.C. Toolbar BHO {6DE481F0-7179-4AD6-A857-3DCBCFBB24D4} C:\Program Files\WBA_F.C\prxtbWBA1.dll Enabled All Users ---------------------------------------- StartNow Toolbar Helper BHO {6E13D095-45C3-4271-9475-F3B48227DD9F} C:\Program Files\StartNow Toolbar\Toolbar32.dll Enabled All Users ---------------------------------------- Windows Live ID Sign-in Helper BHO {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Enabled All Users ---------------------------------------- AVG Security Toolbar BHO {95B7759C-8C7F-4BF1-B163-73684A933233} C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll Enabled All Users ---------------------------------------- Google Toolbar Helper BHO {AA58ED58-01DD-4D91-8333-CF10577473F7} C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Enabled All Users ---------------------------------------- Skype add-on for Internet Explorer BHO {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Enabled All Users ---------------------------------------- Google Toolbar Notifier BHO BHO {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll Enabled All Users ---------------------------------------- Bing Bar Helper BHO {D2CE3E00-F94A-4740-988E-03DC2F38C34F} "C:\Program Files\Microsoft\BingBar\BingExt.dll" Enabled All Users ---------------------------------------- WeCareReminder Class BHO {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll Enabled All Users ---------------------------------------- Java Plug-In 2 SSV Helper BHO {DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Program Files\Java\jre6\bin\jp2ssv.dll Enabled All Users ---------------------------------------- JQSIEStartDetectorImpl Class BHO {E7E6F031-17CE-4C07-BC86-EABFE594F69C} C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Enabled All Users ---------------------------------------- E&xport to Microsoft Excel Menu Extension res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Enabled Current User ---------------------------------------- Google Sidewiki... Menu Extension res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html Enabled Current User ---------------------------------------- swg Run - Startup "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" Enabled Current User ---------------------------------------- Google Update Run - Startup "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c Enabled Current User ---------------------------------------- NvMediaCenter Run - Startup RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Enabled All Users ---------------------------------------- NvCplDaemon Run - Startup RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Enabled All Users ---------------------------------------- QuickTime Task Run - Startup "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime Enabled All Users ---------------------------------------- iTunesHelper Run - Startup "C:\Program Files\iTunes\iTunesHelper.exe" Enabled All Users ---------------------------------------- AVG_TRAY Run - Startup "C:\Program Files\AVG\AVG2012\avgtray.exe" Enabled All Users ---------------------------------------- Adobe ARM Run - Startup "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Enabled All Users ---------------------------------------- SunJavaUpdateSched Run - Startup "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Enabled All Users ---------------------------------------- vProt Run - Startup "C:\Program Files\AVG Secure Search\vprot.exe" Enabled All Users ---------------------------------------- ROC_roc_dec12 Run - Startup "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 Enabled All Users ---------------------------------------- IE Search Band Explorer Bar - Vertical {30D02401-6A81-11D0-8274-00C04FD5AE38} C:\WINDOWS\system32\ieframe.dll Enabled All Users ---------------------------------------- &Tip of the Day Explorer Bar - Horizontal {4D5C8C25-D075-11D0-B416-00C04FB90376} %SystemRoot%\system32\shdocvw.dll Enabled All Users ---------------------------------------- &Discuss Explorer Bar - Horizontal {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} shdocvw.dll Enabled All Users ---------------------------------------- File Search Explorer Band Explorer Bar - Vertical {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} %SystemRoot%\system32\SHELL32.dll Enabled All Users ---------------------------------------- Favorites Band Explorer Bar - Vertical {EFA24E61-B078-11D0-89E4-00C04FC9E26E} %SystemRoot%\system32\shdocvw.dll Enabled All Users ---------------------------------------- History Band Explorer Bar - Vertical {EFA24E62-B078-11D0-89E4-00C04FC9E26E} %SystemRoot%\system32\shdocvw.dll Enabled All Users ---------------------------------------- Explorer Band Explorer Bar - Vertical {EFA24E64-B078-11D0-89E4-00C04FC9E26E} %SystemRoot%\system32\shdocvw.dll Enabled All Users ---------------------------------------- &Research Explorer Bar - Vertical {FF059E31-CC5A-4E2E-BF3B-96E929D65503} C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL Enabled All Users

21:06:21.0875 2672 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07 21:06:22.0171 2672 ============================================================ 21:06:22.0171 2672 Current date / time: 2012/03/02 21:06:22.0171 21:06:22.0171 2672 SystemInfo: 21:06:22.0171 2672 21:06:22.0171 2672 OS Version: 5.1.2600 ServicePack: 3.0 21:06:22.0171 2672 Product type: Workstation 21:06:22.0171 2672 ComputerName: OPTERON 21:06:22.0171 2672 UserName: USER 21:06:22.0171 2672 Windows directory: C:\WINDOWS 21:06:22.0171 2672 System windows directory: C:\WINDOWS 21:06:22.0171 2672 Processor architecture: Intel x86 21:06:22.0171 2672 Number of processors: 2 21:06:22.0171 2672 Page size: 0x1000 21:06:22.0171 2672 Boot type: Normal boot 21:06:22.0171 2672 ============================================================ 21:06:22.0843 2672 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:06:22.0875 2672 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:06:22.0921 2672 \Device\Harddisk0\DR0: 21:06:22.0921 2672 MBR used 21:06:22.0921 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782 21:06:22.0921 2672 \Device\Harddisk1\DR1: 21:06:22.0921 2672 MBR used 21:06:22.0921 2672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD592535 21:06:22.0937 2672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xD592574, BlocksNum 0xA0124D 21:06:23.0093 2672 Initialize success 21:06:23.0093 2672 ============================================================ 21:06:28.0250 3076 ============================================================ 21:06:28.0250 3076 Scan started 21:06:28.0250 3076 Mode: Manual; SigCheck; TDLFS; 21:06:28.0250 3076 ============================================================ 21:06:28.0406 3076 Abiosdsk - ok 21:06:28.0421 3076 abp480n5 - ok 21:06:28.0453 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:06:28.0812 3076 ACPI - ok 21:06:28.0921 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:06:29.0062 3076 ACPIEC - ok 21:06:29.0078 3076 adpu160m - ok 21:06:29.0109 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:06:29.0250 3076 aec - ok 21:06:29.0281 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:06:29.0328 3076 AFD - ok 21:06:29.0328 3076 Aha154x - ok 21:06:29.0343 3076 aic78u2 - ok 21:06:29.0343 3076 aic78xx - ok 21:06:29.0468 3076 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 21:06:29.0609 3076 ALCXWDM - ok 21:06:29.0625 3076 AliIde - ok 21:06:29.0656 3076 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 21:06:29.0687 3076 AmdK8 - ok 21:06:29.0718 3076 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 21:06:29.0734 3076 AmdPPM - ok 21:06:29.0750 3076 amsint - ok 21:06:29.0765 3076 asc - ok 21:06:29.0765 3076 asc3350p - ok 21:06:29.0781 3076 asc3550 - ok 21:06:29.0828 3076 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys 21:06:29.0828 3076 ASPI ( UnsignedFile.Multi.Generic ) - warning 21:06:29.0828 3076 ASPI - detected UnsignedFile.Multi.Generic (1) 21:06:29.0859 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:06:29.0984 3076 AsyncMac - ok 21:06:30.0000 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:06:30.0125 3076 atapi - ok 21:06:30.0125 3076 Atdisk - ok 21:06:30.0171 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:06:30.0296 3076 Atmarpc - ok 21:06:30.0343 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:06:30.0484 3076 audstub - ok 21:06:30.0531 3076 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 21:06:30.0562 3076 AVGIDSDriver - ok 21:06:30.0593 3076 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 21:06:30.0593 3076 AVGIDSEH - ok 21:06:30.0640 3076 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 21:06:30.0640 3076 AVGIDSFilter - ok 21:06:30.0671 3076 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 21:06:30.0687 3076 AVGIDSShim - ok 21:06:30.0718 3076 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 21:06:30.0734 3076 Avgldx86 - ok 21:06:30.0734 3076 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 21:06:30.0750 3076 Avgmfx86 - ok 21:06:30.0750 3076 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 21:06:30.0765 3076 Avgrkx86 - ok 21:06:30.0796 3076 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 21:06:30.0812 3076 Avgtdix - ok 21:06:30.0859 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:06:31.0000 3076 Beep - ok 21:06:31.0046 3076 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys 21:06:31.0062 3076 BrPar ( UnsignedFile.Multi.Generic ) - warning 21:06:31.0062 3076 BrPar - detected UnsignedFile.Multi.Generic (1) 21:06:31.0093 3076 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 21:06:31.0109 3076 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning 21:06:31.0109 3076 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1) 21:06:31.0156 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:06:31.0296 3076 cbidf2k - ok 21:06:31.0312 3076 cd20xrnt - ok 21:06:31.0328 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:06:31.0484 3076 Cdaudio - ok 21:06:31.0515 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:06:31.0656 3076 Cdfs - ok 21:06:31.0671 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:06:31.0812 3076 Cdrom - ok 21:06:31.0859 3076 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys 21:06:31.0984 3076 Changer - ok 21:06:32.0000 3076 CmdIde - ok 21:06:32.0031 3076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:06:32.0156 3076 Compbatt - ok 21:06:32.0171 3076 Cpqarray - ok 21:06:32.0187 3076 dac2w2k - ok 21:06:32.0203 3076 dac960nt - ok 21:06:32.0234 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:06:32.0359 3076 Disk - ok 21:06:32.0421 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:06:32.0593 3076 dmboot - ok 21:06:32.0625 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:06:32.0765 3076 dmio - ok 21:06:32.0781 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:06:32.0906 3076 dmload - ok 21:06:32.0937 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:06:33.0062 3076 DMusic - ok 21:06:33.0078 3076 dpti2o - ok 21:06:33.0093 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:06:33.0218 3076 drmkaud - ok 21:06:33.0234 3076 EagleNT - ok 21:06:33.0265 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:06:33.0390 3076 Fastfat - ok 21:06:33.0421 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:06:33.0562 3076 Fdc - ok 21:06:33.0578 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:06:33.0718 3076 Fips - ok 21:06:33.0734 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:06:33.0875 3076 Flpydisk - ok 21:06:33.0906 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:06:34.0031 3076 FltMgr - ok 21:06:34.0062 3076 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 21:06:34.0078 3076 fssfltr - ok 21:06:34.0109 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:06:34.0265 3076 Fs_Rec - ok 21:06:34.0281 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:06:34.0421 3076 Ftdisk - ok 21:06:34.0453 3076 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 21:06:34.0578 3076 gameenum - ok 21:06:34.0609 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 21:06:34.0625 3076 GEARAspiWDM - ok 21:06:34.0640 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:06:34.0765 3076 Gpc - ok 21:06:34.0796 3076 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys 21:06:34.0828 3076 grmnusb - ok 21:06:34.0906 3076 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys 21:06:34.0968 3076 Hardlock - ok 21:06:35.0015 3076 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys 21:06:35.0156 3076 HidBatt - ok 21:06:35.0171 3076 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:06:35.0328 3076 hidusb - ok 21:06:35.0343 3076 hpn - ok 21:06:35.0375 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:06:35.0406 3076 HTTP - ok 21:06:35.0437 3076 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 21:06:35.0578 3076 i2omgmt - ok 21:06:35.0609 3076 i2omp - ok 21:06:35.0656 3076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:06:35.0796 3076 i8042prt - ok 21:06:35.0875 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:06:36.0000 3076 Imapi - ok 21:06:36.0031 3076 ini910u - ok 21:06:36.0031 3076 IntelIde - ok 21:06:36.0078 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:06:36.0203 3076 Ip6Fw - ok 21:06:36.0250 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:06:36.0390 3076 IpFilterDriver - ok 21:06:36.0437 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:06:36.0578 3076 IpInIp - ok 21:06:36.0609 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:06:36.0718 3076 IpNat - ok 21:06:36.0750 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:06:36.0890 3076 IPSec - ok 21:06:36.0906 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:06:37.0031 3076 IRENUM - ok 21:06:37.0046 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:06:37.0187 3076 isapnp - ok 21:06:37.0203 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:06:37.0343 3076 Kbdclass - ok 21:06:37.0359 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:06:37.0484 3076 kbdhid - ok 21:06:37.0515 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:06:37.0640 3076 kmixer - ok 21:06:37.0671 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:06:37.0718 3076 KSecDD - ok 21:06:37.0765 3076 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys 21:06:37.0875 3076 lbrtfdc - ok 21:06:37.0921 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:06:38.0078 3076 mnmdd - ok 21:06:38.0109 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:06:38.0250 3076 Modem - ok 21:06:38.0281 3076 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 21:06:38.0312 3076 motmodem - ok 21:06:38.0343 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:06:38.0468 3076 Mouclass - ok 21:06:38.0515 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:06:38.0656 3076 mouhid - ok 21:06:38.0671 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:06:38.0812 3076 MountMgr - ok 21:06:38.0812 3076 mraid35x - ok 21:06:38.0828 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:06:38.0968 3076 MRxDAV - ok 21:06:39.0015 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:06:39.0031 3076 MRxSmb - ok 21:06:39.0078 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:06:39.0203 3076 Msfs - ok 21:06:39.0218 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:06:39.0343 3076 MSKSSRV - ok 21:06:39.0343 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:06:39.0484 3076 MSPCLOCK - ok 21:06:39.0484 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:06:39.0609 3076 MSPQM - ok 21:06:39.0640 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:06:39.0781 3076 mssmbios - ok 21:06:39.0812 3076 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 21:06:39.0968 3076 ms_mpu401 - ok 21:06:40.0000 3076 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 21:06:40.0015 3076 MTsensor - ok 21:06:40.0062 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:06:40.0078 3076 Mup - ok 21:06:40.0125 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:06:40.0250 3076 NDIS - ok 21:06:40.0281 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:06:40.0312 3076 NdisTapi - ok 21:06:40.0328 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:06:40.0484 3076 Ndisuio - ok 21:06:40.0515 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:06:40.0656 3076 NdisWan - ok 21:06:40.0687 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:06:40.0718 3076 NDProxy - ok 21:06:40.0750 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:06:40.0875 3076 NetBIOS - ok 21:06:40.0906 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:06:41.0015 3076 NetBT - ok 21:06:41.0046 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:06:41.0187 3076 Npfs - ok 21:06:41.0218 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:06:41.0375 3076 Ntfs - ok 21:06:41.0406 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:06:41.0562 3076 Null - ok 21:06:41.0953 3076 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:06:42.0359 3076 nv - ok 21:06:42.0390 3076 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys 21:06:42.0406 3076 nvata - ok 21:06:42.0468 3076 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys 21:06:42.0500 3076 nvax - ok 21:06:42.0531 3076 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 21:06:42.0546 3076 NVENETFD - ok 21:06:42.0562 3076 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 21:06:42.0593 3076 nvnetbus - ok 21:06:42.0625 3076 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys 21:06:42.0656 3076 nvnforce - ok 21:06:42.0671 3076 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys 21:06:42.0687 3076 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning 21:06:42.0687 3076 NVR0Dev - detected UnsignedFile.Multi.Generic (1) 21:06:42.0734 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:06:42.0890 3076 NwlnkFlt - ok 21:06:42.0890 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:06:43.0031 3076 NwlnkFwd - ok 21:06:43.0078 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 21:06:43.0218 3076 Parport - ok 21:06:43.0234 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:06:43.0359 3076 PartMgr - ok 21:06:43.0406 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:06:43.0562 3076 ParVdm - ok 21:06:43.0578 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:06:43.0703 3076 PCI - ok 21:06:43.0718 3076 PCIDump - ok 21:06:43.0765 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:06:43.0906 3076 PCIIde - ok 21:06:43.0937 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:06:44.0046 3076 Pcmcia - ok 21:06:44.0078 3076 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 21:06:44.0078 3076 pcouffin ( UnsignedFile.Multi.Generic ) - warning 21:06:44.0078 3076 pcouffin - detected UnsignedFile.Multi.Generic (1) 21:06:44.0093 3076 PDCOMP - ok 21:06:44.0093 3076 PDFRAME - ok 21:06:44.0109 3076 PDRELI - ok 21:06:44.0125 3076 PDRFRAME - ok 21:06:44.0125 3076 perc2 - ok 21:06:44.0140 3076 perc2hib - ok 21:06:44.0187 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:06:44.0312 3076 PptpMiniport - ok 21:06:44.0359 3076 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys 21:06:44.0375 3076 PRISM_A02 - ok 21:06:44.0406 3076 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 21:06:44.0531 3076 Processor - ok 21:06:44.0546 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:06:44.0703 3076 Ptilink - ok 21:06:44.0718 3076 ql1080 - ok 21:06:44.0718 3076 Ql10wnt - ok 21:06:44.0734 3076 ql12160 - ok 21:06:44.0750 3076 ql1240 - ok 21:06:44.0750 3076 ql1280 - ok 21:06:44.0781 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:06:44.0937 3076 RasAcd - ok 21:06:44.0968 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:06:45.0093 3076 Rasl2tp - ok 21:06:45.0125 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:06:45.0250 3076 RasPppoe - ok 21:06:45.0265 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:06:45.0406 3076 Raspti - ok 21:06:45.0437 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:06:45.0593 3076 Rdbss - ok 21:06:45.0609 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:06:45.0765 3076 RDPCDD - ok 21:06:45.0796 3076 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 21:06:45.0828 3076 RDPWD - ok 21:06:45.0875 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:06:46.0015 3076 redbook - ok 21:06:46.0046 3076 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 21:06:46.0203 3076 ROOTMODEM - ok 21:06:46.0218 3076 SDDMI2 - ok 21:06:46.0265 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:06:46.0390 3076 Secdrv - ok 21:06:46.0421 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:06:46.0562 3076 serenum - ok 21:06:46.0578 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 21:06:46.0718 3076 Serial - ok 21:06:46.0750 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:06:46.0875 3076 Sfloppy - ok 21:06:46.0890 3076 Simbad - ok 21:06:46.0937 3076 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys 21:06:46.0953 3076 snapman ( UnsignedFile.Multi.Generic ) - warning 21:06:46.0953 3076 snapman - detected UnsignedFile.Multi.Generic (1) 21:06:46.0968 3076 Sparrow - ok 21:06:46.0984 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:06:47.0093 3076 splitter - ok 21:06:47.0140 3076 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 21:06:47.0140 3076 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 21:06:47.0140 3076 sptd ( LockedFile.Multi.Generic ) - warning 21:06:47.0140 3076 sptd - detected LockedFile.Multi.Generic (1) 21:06:47.0156 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:06:47.0281 3076 sr - ok 21:06:47.0328 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:06:47.0359 3076 Srv - ok 21:06:47.0406 3076 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 21:06:47.0437 3076 StarOpen ( UnsignedFile.Multi.Generic ) - warning 21:06:47.0437 3076 StarOpen - detected UnsignedFile.Multi.Generic (1) 21:06:47.0468 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:06:47.0562 3076 swenum - ok 21:06:47.0625 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:06:47.0750 3076 swmidi - ok 21:06:47.0765 3076 symc810 - ok 21:06:47.0765 3076 symc8xx - ok 21:06:47.0781 3076 SYMIDSCO - ok 21:06:47.0796 3076 sym_hi - ok 21:06:47.0796 3076 sym_u3 - ok 21:06:47.0828 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:06:47.0953 3076 sysaudio - ok 21:06:48.0000 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:06:48.0015 3076 Tcpip - ok 21:06:48.0046 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:06:48.0171 3076 TDPIPE - ok 21:06:48.0203 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:06:48.0328 3076 TDTCP - ok 21:06:48.0343 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:06:48.0484 3076 TermDD - ok 21:06:48.0531 3076 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 21:06:48.0531 3076 tifsfilter ( UnsignedFile.Multi.Generic ) - warning 21:06:48.0546 3076 tifsfilter - detected UnsignedFile.Multi.Generic (1) 21:06:48.0562 3076 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys 21:06:48.0609 3076 timounter ( UnsignedFile.Multi.Generic ) - warning 21:06:48.0609 3076 timounter - detected UnsignedFile.Multi.Generic (1) 21:06:48.0625 3076 TosIde - ok 21:06:48.0671 3076 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 21:06:48.0796 3076 tunmp - ok 21:06:48.0828 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:06:48.0953 3076 Udfs - ok 21:06:48.0953 3076 ultra - ok 21:06:48.0984 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:06:49.0125 3076 Update - ok 21:06:49.0171 3076 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 21:06:49.0187 3076 USBAAPL - ok 21:06:49.0218 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:06:49.0359 3076 usbccgp - ok 21:06:49.0406 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:06:49.0515 3076 usbehci - ok 21:06:49.0546 3076 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys 21:06:49.0578 3076 UsbFltr - ok 21:06:49.0609 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:06:49.0734 3076 usbhub - ok 21:06:49.0765 3076 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 21:06:49.0890 3076 usbohci - ok 21:06:49.0921 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:06:50.0062 3076 usbprint - ok 21:06:50.0093 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:06:50.0218 3076 usbscan - ok 21:06:50.0250 3076 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 21:06:50.0375 3076 usbser - ok 21:06:50.0406 3076 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:06:50.0531 3076 usbstor - ok 21:06:50.0546 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:06:50.0671 3076 VgaSave - ok 21:06:50.0687 3076 ViaIde - ok 21:06:50.0750 3076 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys 21:06:50.0765 3076 vmm - ok 21:06:50.0812 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:06:50.0921 3076 VolSnap - ok 21:06:50.0984 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:06:51.0109 3076 Wanarp - ok 21:06:51.0156 3076 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 21:06:51.0187 3076 Wdf01000 - ok 21:06:51.0187 3076 WDICA - ok 21:06:51.0218 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:06:51.0343 3076 wdmaud - ok 21:06:51.0375 3076 WinDriver6 - ok 21:06:51.0437 3076 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 21:06:51.0468 3076 WpdUsb - ok 21:06:51.0515 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:06:51.0546 3076 WudfPf - ok 21:06:51.0562 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:06:51.0578 3076 WudfRd - ok 21:06:51.0625 3076 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0 21:06:55.0593 3076 \Device\Harddisk0\DR0 - ok 21:06:55.0609 3076 MBR (0x1B8) (a17ff5c6092cc5fe1d7c1862c9edab97) \Device\Harddisk1\DR1 21:06:55.0750 3076 \Device\Harddisk1\DR1 - ok 21:06:55.0765 3076 Boot (0x1200) (840762bebb355162130de35f2fccda36) \Device\Harddisk0\DR0\Partition0 21:06:55.0765 3076 \Device\Harddisk0\DR0\Partition0 - ok 21:06:55.0765 3076 Boot (0x1200) (0206517a0de520faf75bcd7ed78d3ab1) \Device\Harddisk1\DR1\Partition0 21:06:55.0765 3076 \Device\Harddisk1\DR1\Partition0 - ok 21:06:55.0781 3076 Boot (0x1200) (babe80a7dae192a52f67c7240513b59b) \Device\Harddisk1\DR1\Partition1 21:06:55.0781 3076 \Device\Harddisk1\DR1\Partition1 - ok 21:06:55.0781 3076 ============================================================ 21:06:55.0781 3076 Scan finished 21:06:55.0781 3076 ============================================================ 21:06:55.0890 2472 Detected object count: 10 21:06:55.0890 2472 Actual detected object count: 10 21:06:59.0531 2472 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0531 2472 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0531 2472 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0531 2472 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0531 2472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0531 2472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0531 2472 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0531 2472 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0531 2472 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0531 2472 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0531 2472 snapman ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0531 2472 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0546 2472 sptd ( LockedFile.Multi.Generic ) - skipped by user 21:06:59.0546 2472 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 21:06:59.0546 2472 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0546 2472 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0546 2472 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0546 2472 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:59.0546 2472 timounter ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:59.0546 2472 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:07:02.0656 3268 Deinitialize success

RogueKiller V7.2.1 [02/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: USER [Admin rights] Mode: Scan -- Date: 03/02/2012 07:38:59 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer (216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146) -> FOUND [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer (216.146.35.240,216.146.36.240,10.0.0.1) -> FOUND [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer (216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146) -> FOUND [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer (216.146.35.240,216.146.36.240,10.0.0.1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 q4master.idsoftware.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1200JB-00GVC0 +++++ --- User --- [MBR] 97963ef3f656d259546cad511a0a4a93 [bSP] 6690b7f2349dcd31654070523c6ae2cb : Standard MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: ST3120813AS +++++ --- User --- [MBR] e07f402554cacc36ec55344db85a7095 [bSP] a28e25268ab44ce7c41c5bf9272a0ab5 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 109348 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 223946100 | Size: 5122 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt

Hello, searches have been redirected to whitesmoke. Please help. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by USER at 19:34:26 on 2012-03-01 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1100 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Sendori\SendoriSvc.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Sendori\SendoriTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.com/ uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: EpicPlay: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - EpicPlay BHO: WBA F.C. Toolbar: {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - c:\program files\wba_f.c\prxtbWBA1.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: WBA F.C. Toolbar: {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - c:\program files\wba_f.c\prxtbWBA1.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sendor~1.lnk - c:\program files\sendori\SendoriTray.exe uPolicies-explorer: NoActiveDesktop = 00000000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer = 216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146 TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : DhcpNameServer = 68.87.75.194 68.87.64.146 TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer = 216.146.35.240,216.146.36.240,10.0.0.1 TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : DhcpNameServer = 10.0.0.1 Filter: text/html - {27637b8f-784d-485c-8505-aa7e77eceff5} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll LSA: Authentication Packages = msv1_0 relog_ap mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\mozilla firefox 3 beta 3\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-1-13 54760] R2 Sendori;Sendori;c:\program files\sendori\SendoriSvc.exe [2011-12-1 98624] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] S2 Active Common Service;Active Common Service; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104] S2 IWin service;IWin service; [x] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2008-9-17 16512] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-02-14 21:01:46 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-14 21:01:46 3072 ------w- c:\windows\system32\iacenc.dll . ==================== Find3M ==================== . 2012-02-28 20:55:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys 2011-12-22 05:25:35 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys 2011-12-22 05:25:10 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-12-22 05:25:10 281656 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-12-19 01:11:40 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-12-19 00:41:17 138056 ----a-w- c:\documents and settings\user\application data\PnkBstrK.sys 2011-12-19 00:40:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 19:35:40.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 3/14/2006 6:33:22 PM System Uptime: 2/29/2012 3:41:44 PM (28 hours ago) . Motherboard: ASUSTeK Computer INC. | | A8N-E Processor: Dual Core AMD Opteron Processor 165 | Socket 939 | 1809/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 107 GiB total, 5.43 GiB free. D: is FIXED (NTFS) - 5 GiB total, 2.929 GiB free. E: is FIXED (NTFS) - 112 GiB total, 29.996 GiB free. F: is CDROM (UDF) H: is CDROM (UDF) I: is Removable J: is Removable K: is Removable L: is Removable N: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: Motorola USB Modem Device ID: ROOT\MODEM\0001 Manufacturer: Motorola Name: Motorola USB Modem #2 PNP Device ID: ROOT\MODEM\0001 Service: Modem . ==== System Restore Points =================== . RP515: 2/17/2012 3:50:13 PM - System Checkpoint RP516: 2/17/2012 6:04:22 PM - Software Distribution Service 3.0 RP517: 2/18/2012 8:38:16 PM - System Checkpoint RP518: 2/18/2012 9:27:43 PM - Software Distribution Service 3.0 RP519: 2/20/2012 1:20:46 PM - System Checkpoint RP520: 2/24/2012 4:14:45 PM - System Checkpoint RP521: 2/27/2012 4:19:50 PM - System Checkpoint RP522: 2/28/2012 6:32:31 PM - System Checkpoint RP523: 2/29/2012 6:47:05 PM - System Checkpoint RP524: 3/1/2012 6:54:29 PM - System Checkpoint . ==== Installed Programs ====================== . 3rd Grade 7-Zip 9.15 beta 7-Zip 9.20 Acrobat.com Acronis True Image Across Lite 2.0 Adobe Acrobat Connect Add-in Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Adobe Shockwave Player 11 Alliance of Valiant Arms Amazon MP3 Downloader 1.0.10 AMD Processor Driver Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 5 AsusUpdate Audacity 1.2.6 AVG 2012 AVG PC Tuneup 2011 AVG Security Toolbar AVS Video Converter 6 AVS4YOU Software Navigator 1.2 Battlefield: Bad Company™ 2 BeerSmith 2 BetterLinks v1.0.7 (remove only) Bing Bar BitPim 1.0.5 BitTorrent Bonjour Brother HL-5250DN Canon CanoScan LiDE 200 User Registration Canon MP Navigator EX 2.0 Canon Utilities Solution Menu CanoScan LiDE 200 Scanner Driver CCleaner (remove only) CDBurnerXP Chinese Traditional Fonts Support For Adobe Reader 9 Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2 Community Smartbar Compatibility Pack for the 2007 Office system ConvertXtoDVD 2.2.3.258 ConvertXtoDVD 3.2.1.55b COSMOSMotion 2007 SP0 COSMOSWorks 2007 SP0 Coupon Printer for Windows Creative NOMAD II Driver Data Lifeguard Tools DivX User Guide DNA DWGeditor EA Download Manager eDrawings 2007 EpicPlay ESET Online Scanner v3 EVGA Display Driver Freelang Dictionary (wordlist) Fritz8 Garmin Communicator Plugin Garmin Training Center Garmin USB Drivers Garmin WebUpdater getPlus® for Adobe GIMP 2.6.5 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper HammerHead Rhythm Station HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hugin 2009.4.0 ICS Viewer 6.0 iLivid InfraRecorder InstallIQ Updater ISO Recorder Itibiti RTC iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java 6 Update 26 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 Junk Mail filter update Killing Floor Korean Fonts Support For Adobe Reader 9 LAME v3.98.2 for Audacity LiveUpdate 1.80 (Symantec Corporation) Machinehead GearCalc Pro (32 bit) Magic ISO Maker v5.3 (build 0221) Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Games for Windows - LIVE Redistributable Microsoft Image Composite Editor Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.3 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher 2007 Microsoft Office Publisher 2007 Trial Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Virtual PC 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 mobile PhoneTools MotionBased Agent Motorola Driver Installation 3.4.0 Mozilla Firefox 9.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB933579) NVIDIA Display Control Panel NVIDIA Drivers NVIDIA nTune NVIDIA nView Desktop Manager NVIDIA PhysX NvMixer oggcodecs 0.71.0946 OpenOffice.org Installer 1.0 Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 PrimoPDF ProMash PunkBuster Services QuickTime QuickTime Alternative 1.69 R for Windows 2.5.1 RD 2.12 RealPlayer RealUpgrade 1.0 Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Segoe UI Sendori Skype Toolbars Skype™ 4.2 SolidWorks 2007 SP0 SolidWorks Explorer 2007 sp0 SolidWorks Installation Manager SopCast 3.2.9 Spelling Dictionaries Support For Adobe Reader 9 Spotify Spybot - Search & Destroy SpywareBlaster 4.2 StartNow Toolbar Steam Terraria Tina 9 - TI TomTom HOME 2.8.2.2264 TomTom HOME Visual Studio Merge Modules Type to Learn 3 Uniblue RegistryBooster 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 System (KB2539530) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982664) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Veetle TV 0.9.18 Vista Codec Package Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 vShare Plugin WBA F.C. Toolbar WebFldrs XP WinAVR 20060125 (remove only) Windows Defender Windows Defender Signatures Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Energy Blue Theme Pack Windows XP Service Pack 3 WinRAR archiver Xfire (remove only) XP Codec Pack Xvid 1.2.2 final uninstall Yahoo! Messenger Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 2/29/2012 3:48:36 PM, error: Dhcp [1002] - The IP address lease 10.0.0.7 for the Network Card with network address 0015F2170C12 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message). 2/24/2012 3:47:53 PM, error: Service Control Manager [7000] - The IWin service service failed to start due to the following error: The system cannot find the path specified. 2/24/2012 3:47:53 PM, error: Service Control Manager [7000] - The Active Common Service service failed to start due to the following error: The system cannot find the path specified. . ==== End Of File =========================== attach.txt