Jump to content


Photo
- - - - -

Whitesmoke ETC...

Whitesmoke white smoke

  • This topic is locked This topic is locked
24 replies to this topic

#1 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 01 March 2012 - 07:46 PM

Hello, searches have been redirected to whitesmoke. Please help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by USER at 19:34:26 on 2012-03-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1100 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sendori\SendoriSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Sendori\SendoriTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EpicPlay: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - EpicPlay
BHO: WBA F.C. Toolbar: {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - c:\program files\wba_f.c\prxtbWBA1.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WBA F.C. Toolbar: {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - c:\program files\wba_f.c\prxtbWBA1.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sendor~1.lnk - c:\program files\sendori\SendoriTray.exe
uPolicies-explorer: NoActiveDesktop = 00000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer = 216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146
TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : DhcpNameServer = 68.87.75.194 68.87.64.146
TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer = 216.146.35.240,216.146.36.240,10.0.0.1
TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : DhcpNameServer = 10.0.0.1
Filter: text/html - {27637b8f-784d-485c-8505-aa7e77eceff5} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\mozilla firefox 3 beta 3\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-1-13 54760]
R2 Sendori;Sendori;c:\program files\sendori\SendoriSvc.exe [2011-12-1 98624]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
S2 Active Common Service;Active Common Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104]
S2 IWin service;IWin service; [x]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2008-9-17 16512]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-14 21:01:46 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:01:46 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-02-28 20:55:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 05:25:35 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys
2011-12-22 05:25:10 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-22 05:25:10 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-19 01:11:40 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-19 00:41:17 138056 ----a-w- c:\documents and settings\user\application data\PnkBstrK.sys
2011-12-19 00:40:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:35:40.15 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/14/2006 6:33:22 PM
System Uptime: 2/29/2012 3:41:44 PM (28 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: Dual Core AMD Opteron™ Processor 165 | Socket 939 | 1809/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 5.43 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 2.929 GiB free.
E: is FIXED (NTFS) - 112 GiB total, 29.996 GiB free.
F: is CDROM (UDF)
H: is CDROM (UDF)
I: is Removable
J: is Removable
K: is Removable
L: is Removable
N: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola USB Modem
Device ID: ROOT\MODEM\0001
Manufacturer: Motorola
Name: Motorola USB Modem #2
PNP Device ID: ROOT\MODEM\0001
Service: Modem
.
==== System Restore Points ===================
.
RP515: 2/17/2012 3:50:13 PM - System Checkpoint
RP516: 2/17/2012 6:04:22 PM - Software Distribution Service 3.0
RP517: 2/18/2012 8:38:16 PM - System Checkpoint
RP518: 2/18/2012 9:27:43 PM - Software Distribution Service 3.0
RP519: 2/20/2012 1:20:46 PM - System Checkpoint
RP520: 2/24/2012 4:14:45 PM - System Checkpoint
RP521: 2/27/2012 4:19:50 PM - System Checkpoint
RP522: 2/28/2012 6:32:31 PM - System Checkpoint
RP523: 2/29/2012 6:47:05 PM - System Checkpoint
RP524: 3/1/2012 6:54:29 PM - System Checkpoint
.
==== Installed Programs ======================
.
3rd Grade
7-Zip 9.15 beta
7-Zip 9.20
Acrobat.com
Acronis True Image
Across Lite 2.0
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11
Alliance of Valiant Arms
Amazon MP3 Downloader 1.0.10
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
AsusUpdate
Audacity 1.2.6
AVG 2012
AVG PC Tuneup 2011
AVG Security Toolbar
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Battlefield: Bad Company™ 2
BeerSmith 2
BetterLinks v1.0.7 (remove only)
Bing Bar
BitPim 1.0.5
BitTorrent
Bonjour
Brother HL-5250DN
Canon CanoScan LiDE 200 User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 200 Scanner Driver
CCleaner (remove only)
CDBurnerXP
Chinese Traditional Fonts Support For Adobe Reader 9
Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2
Community Smartbar
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.2.3.258
ConvertXtoDVD 3.2.1.55b
COSMOSMotion 2007 SP0
COSMOSWorks 2007 SP0
Coupon Printer for Windows
Creative NOMAD II Driver
Data Lifeguard Tools
DivX User Guide
DNA
DWGeditor
EA Download Manager
eDrawings 2007
EpicPlay
ESET Online Scanner v3
EVGA Display Driver
Freelang Dictionary (wordlist)
Fritz8
Garmin Communicator Plugin
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
getPlus® for Adobe
GIMP 2.6.5
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HammerHead Rhythm Station
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hugin 2009.4.0
ICS Viewer 6.0
iLivid
InfraRecorder
InstallIQ Updater
ISO Recorder
Itibiti RTC
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Junk Mail filter update
Killing Floor
Korean Fonts Support For Adobe Reader 9
LAME v3.98.2 for Audacity
LiveUpdate 1.80 (Symantec Corporation)
Machinehead GearCalc Pro (32 bit)
Magic ISO Maker v5.3 (build 0221)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Image Composite Editor
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
mobile PhoneTools
MotionBased Agent
Motorola Driver Installation 3.4.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
NvMixer
oggcodecs 0.71.0946
OpenOffice.org Installer 1.0
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PrimoPDF
ProMash
PunkBuster Services
QuickTime
QuickTime Alternative 1.69
R for Windows 2.5.1
RD 2.12
RealPlayer
RealUpgrade 1.0
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Segoe UI
Sendori
Skype Toolbars
Skype™ 4.2
SolidWorks 2007 SP0
SolidWorks Explorer 2007 sp0
SolidWorks Installation Manager
SopCast 3.2.9
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.2
StartNow Toolbar
Steam
Terraria
Tina 9 - TI
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Type to Learn 3
Uniblue RegistryBooster 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Veetle TV 0.9.18
Vista Codec Package
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
vShare Plugin
WBA F.C. Toolbar
WebFldrs XP
WinAVR 20060125 (remove only)
Windows Defender
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Energy Blue Theme Pack
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
XP Codec Pack
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
2/29/2012 3:48:36 PM, error: Dhcp [1002] - The IP address lease 10.0.0.7 for the Network Card with network address 0015F2170C12 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
2/24/2012 3:47:53 PM, error: Service Control Manager [7000] - The IWin service service failed to start due to the following error: The system cannot find the path specified.
2/24/2012 3:47:53 PM, error: Service Control Manager [7000] - The Active Common Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

Attached Files



#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 March 2012 - 04:24 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 02 March 2012 - 07:40 AM

RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: USER [Admin rights]
Mode: Scan -- Date: 03/02/2012 07:38:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer (216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer (216.146.35.240,216.146.36.240,10.0.0.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer (216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer (216.146.35.240,216.146.36.240,10.0.0.1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 q4master.idsoftware.com



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200JB-00GVC0 +++++
--- User ---
[MBR] 97963ef3f656d259546cad511a0a4a93
[BSP] 6690b7f2349dcd31654070523c6ae2cb : Standard MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST3120813AS +++++
--- User ---
[MBR] e07f402554cacc36ec55344db85a7095
[BSP] a28e25268ab44ce7c41c5bf9272a0ab5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 109348 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 223946100 | Size: 5122 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 March 2012 - 09:29 AM

I would like to see if this program detects WhiteSmoke as a test.

Please do this for me:

Download and unzip to a folder > Toolbarcop from the link below:

http://www.snapfiles...g=601108&loc=10

Double click on the Toolbarcop icon to run it.
Go to Tools > click Scan for search bars
After the scan is done > click Main > Select All > Copy to clipboard
Paste it into notepad and attach it to your next reply.

--------------------------


I want to check for any rootkits.......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 02 March 2012 - 09:09 PM

21:06:21.0875 2672 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:06:22.0171 2672 ============================================================
21:06:22.0171 2672 Current date / time: 2012/03/02 21:06:22.0171
21:06:22.0171 2672 SystemInfo:
21:06:22.0171 2672
21:06:22.0171 2672 OS Version: 5.1.2600 ServicePack: 3.0
21:06:22.0171 2672 Product type: Workstation
21:06:22.0171 2672 ComputerName: OPTERON
21:06:22.0171 2672 UserName: USER
21:06:22.0171 2672 Windows directory: C:\WINDOWS
21:06:22.0171 2672 System windows directory: C:\WINDOWS
21:06:22.0171 2672 Processor architecture: Intel x86
21:06:22.0171 2672 Number of processors: 2
21:06:22.0171 2672 Page size: 0x1000
21:06:22.0171 2672 Boot type: Normal boot
21:06:22.0171 2672 ============================================================
21:06:22.0843 2672 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:06:22.0875 2672 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:06:22.0921 2672 \Device\Harddisk0\DR0:
21:06:22.0921 2672 MBR used
21:06:22.0921 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
21:06:22.0921 2672 \Device\Harddisk1\DR1:
21:06:22.0921 2672 MBR used
21:06:22.0921 2672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD592535
21:06:22.0937 2672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xD592574, BlocksNum 0xA0124D
21:06:23.0093 2672 Initialize success
21:06:23.0093 2672 ============================================================
21:06:28.0250 3076 ============================================================
21:06:28.0250 3076 Scan started
21:06:28.0250 3076 Mode: Manual; SigCheck; TDLFS;
21:06:28.0250 3076 ============================================================
21:06:28.0406 3076 Abiosdsk - ok
21:06:28.0421 3076 abp480n5 - ok
21:06:28.0453 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:06:28.0812 3076 ACPI - ok
21:06:28.0921 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:06:29.0062 3076 ACPIEC - ok
21:06:29.0078 3076 adpu160m - ok
21:06:29.0109 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:06:29.0250 3076 aec - ok
21:06:29.0281 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:06:29.0328 3076 AFD - ok
21:06:29.0328 3076 Aha154x - ok
21:06:29.0343 3076 aic78u2 - ok
21:06:29.0343 3076 aic78xx - ok
21:06:29.0468 3076 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:06:29.0609 3076 ALCXWDM - ok
21:06:29.0625 3076 AliIde - ok
21:06:29.0656 3076 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:06:29.0687 3076 AmdK8 - ok
21:06:29.0718 3076 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
21:06:29.0734 3076 AmdPPM - ok
21:06:29.0750 3076 amsint - ok
21:06:29.0765 3076 asc - ok
21:06:29.0765 3076 asc3350p - ok
21:06:29.0781 3076 asc3550 - ok
21:06:29.0828 3076 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
21:06:29.0828 3076 ASPI ( UnsignedFile.Multi.Generic ) - warning
21:06:29.0828 3076 ASPI - detected UnsignedFile.Multi.Generic (1)
21:06:29.0859 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:06:29.0984 3076 AsyncMac - ok
21:06:30.0000 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:06:30.0125 3076 atapi - ok
21:06:30.0125 3076 Atdisk - ok
21:06:30.0171 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:06:30.0296 3076 Atmarpc - ok
21:06:30.0343 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:06:30.0484 3076 audstub - ok
21:06:30.0531 3076 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:06:30.0562 3076 AVGIDSDriver - ok
21:06:30.0593 3076 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:06:30.0593 3076 AVGIDSEH - ok
21:06:30.0640 3076 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:06:30.0640 3076 AVGIDSFilter - ok
21:06:30.0671 3076 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:06:30.0687 3076 AVGIDSShim - ok
21:06:30.0718 3076 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:06:30.0734 3076 Avgldx86 - ok
21:06:30.0734 3076 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:06:30.0750 3076 Avgmfx86 - ok
21:06:30.0750 3076 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:06:30.0765 3076 Avgrkx86 - ok
21:06:30.0796 3076 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:06:30.0812 3076 Avgtdix - ok
21:06:30.0859 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:06:31.0000 3076 Beep - ok
21:06:31.0046 3076 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
21:06:31.0062 3076 BrPar ( UnsignedFile.Multi.Generic ) - warning
21:06:31.0062 3076 BrPar - detected UnsignedFile.Multi.Generic (1)
21:06:31.0093 3076 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:06:31.0109 3076 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
21:06:31.0109 3076 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
21:06:31.0156 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:06:31.0296 3076 cbidf2k - ok
21:06:31.0312 3076 cd20xrnt - ok
21:06:31.0328 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:06:31.0484 3076 Cdaudio - ok
21:06:31.0515 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:06:31.0656 3076 Cdfs - ok
21:06:31.0671 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:06:31.0812 3076 Cdrom - ok
21:06:31.0859 3076 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
21:06:31.0984 3076 Changer - ok
21:06:32.0000 3076 CmdIde - ok
21:06:32.0031 3076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:06:32.0156 3076 Compbatt - ok
21:06:32.0171 3076 Cpqarray - ok
21:06:32.0187 3076 dac2w2k - ok
21:06:32.0203 3076 dac960nt - ok
21:06:32.0234 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:06:32.0359 3076 Disk - ok
21:06:32.0421 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:06:32.0593 3076 dmboot - ok
21:06:32.0625 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:06:32.0765 3076 dmio - ok
21:06:32.0781 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:06:32.0906 3076 dmload - ok
21:06:32.0937 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:06:33.0062 3076 DMusic - ok
21:06:33.0078 3076 dpti2o - ok
21:06:33.0093 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:06:33.0218 3076 drmkaud - ok
21:06:33.0234 3076 EagleNT - ok
21:06:33.0265 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:06:33.0390 3076 Fastfat - ok
21:06:33.0421 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:06:33.0562 3076 Fdc - ok
21:06:33.0578 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:06:33.0718 3076 Fips - ok
21:06:33.0734 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:06:33.0875 3076 Flpydisk - ok
21:06:33.0906 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:06:34.0031 3076 FltMgr - ok
21:06:34.0062 3076 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:06:34.0078 3076 fssfltr - ok
21:06:34.0109 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:06:34.0265 3076 Fs_Rec - ok
21:06:34.0281 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:06:34.0421 3076 Ftdisk - ok
21:06:34.0453 3076 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:06:34.0578 3076 gameenum - ok
21:06:34.0609 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:06:34.0625 3076 GEARAspiWDM - ok
21:06:34.0640 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:06:34.0765 3076 Gpc - ok
21:06:34.0796 3076 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
21:06:34.0828 3076 grmnusb - ok
21:06:34.0906 3076 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
21:06:34.0968 3076 Hardlock - ok
21:06:35.0015 3076 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
21:06:35.0156 3076 HidBatt - ok
21:06:35.0171 3076 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:06:35.0328 3076 hidusb - ok
21:06:35.0343 3076 hpn - ok
21:06:35.0375 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:06:35.0406 3076 HTTP - ok
21:06:35.0437 3076 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:06:35.0578 3076 i2omgmt - ok
21:06:35.0609 3076 i2omp - ok
21:06:35.0656 3076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:06:35.0796 3076 i8042prt - ok
21:06:35.0875 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:06:36.0000 3076 Imapi - ok
21:06:36.0031 3076 ini910u - ok
21:06:36.0031 3076 IntelIde - ok
21:06:36.0078 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:06:36.0203 3076 Ip6Fw - ok
21:06:36.0250 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:06:36.0390 3076 IpFilterDriver - ok
21:06:36.0437 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:06:36.0578 3076 IpInIp - ok
21:06:36.0609 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:06:36.0718 3076 IpNat - ok
21:06:36.0750 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:06:36.0890 3076 IPSec - ok
21:06:36.0906 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:06:37.0031 3076 IRENUM - ok
21:06:37.0046 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:06:37.0187 3076 isapnp - ok
21:06:37.0203 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:06:37.0343 3076 Kbdclass - ok
21:06:37.0359 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:06:37.0484 3076 kbdhid - ok
21:06:37.0515 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:06:37.0640 3076 kmixer - ok
21:06:37.0671 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:06:37.0718 3076 KSecDD - ok
21:06:37.0765 3076 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
21:06:37.0875 3076 lbrtfdc - ok
21:06:37.0921 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:06:38.0078 3076 mnmdd - ok
21:06:38.0109 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:06:38.0250 3076 Modem - ok
21:06:38.0281 3076 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
21:06:38.0312 3076 motmodem - ok
21:06:38.0343 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:06:38.0468 3076 Mouclass - ok
21:06:38.0515 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:06:38.0656 3076 mouhid - ok
21:06:38.0671 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:06:38.0812 3076 MountMgr - ok
21:06:38.0812 3076 mraid35x - ok
21:06:38.0828 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:06:38.0968 3076 MRxDAV - ok
21:06:39.0015 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:06:39.0031 3076 MRxSmb - ok
21:06:39.0078 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:06:39.0203 3076 Msfs - ok
21:06:39.0218 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:06:39.0343 3076 MSKSSRV - ok
21:06:39.0343 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:06:39.0484 3076 MSPCLOCK - ok
21:06:39.0484 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:06:39.0609 3076 MSPQM - ok
21:06:39.0640 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:06:39.0781 3076 mssmbios - ok
21:06:39.0812 3076 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
21:06:39.0968 3076 ms_mpu401 - ok
21:06:40.0000 3076 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:06:40.0015 3076 MTsensor - ok
21:06:40.0062 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:06:40.0078 3076 Mup - ok
21:06:40.0125 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:06:40.0250 3076 NDIS - ok
21:06:40.0281 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:06:40.0312 3076 NdisTapi - ok
21:06:40.0328 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:06:40.0484 3076 Ndisuio - ok
21:06:40.0515 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:06:40.0656 3076 NdisWan - ok
21:06:40.0687 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:06:40.0718 3076 NDProxy - ok
21:06:40.0750 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:06:40.0875 3076 NetBIOS - ok
21:06:40.0906 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:06:41.0015 3076 NetBT - ok
21:06:41.0046 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:06:41.0187 3076 Npfs - ok
21:06:41.0218 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:06:41.0375 3076 Ntfs - ok
21:06:41.0406 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:06:41.0562 3076 Null - ok
21:06:41.0953 3076 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:06:42.0359 3076 nv - ok
21:06:42.0390 3076 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:06:42.0406 3076 nvata - ok
21:06:42.0468 3076 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
21:06:42.0500 3076 nvax - ok
21:06:42.0531 3076 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:06:42.0546 3076 NVENETFD - ok
21:06:42.0562 3076 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:06:42.0593 3076 nvnetbus - ok
21:06:42.0625 3076 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
21:06:42.0656 3076 nvnforce - ok
21:06:42.0671 3076 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
21:06:42.0687 3076 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
21:06:42.0687 3076 NVR0Dev - detected UnsignedFile.Multi.Generic (1)
21:06:42.0734 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:06:42.0890 3076 NwlnkFlt - ok
21:06:42.0890 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:06:43.0031 3076 NwlnkFwd - ok
21:06:43.0078 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:06:43.0218 3076 Parport - ok
21:06:43.0234 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:06:43.0359 3076 PartMgr - ok
21:06:43.0406 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:06:43.0562 3076 ParVdm - ok
21:06:43.0578 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:06:43.0703 3076 PCI - ok
21:06:43.0718 3076 PCIDump - ok
21:06:43.0765 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:06:43.0906 3076 PCIIde - ok
21:06:43.0937 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:06:44.0046 3076 Pcmcia - ok
21:06:44.0078 3076 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:06:44.0078 3076 pcouffin ( UnsignedFile.Multi.Generic ) - warning
21:06:44.0078 3076 pcouffin - detected UnsignedFile.Multi.Generic (1)
21:06:44.0093 3076 PDCOMP - ok
21:06:44.0093 3076 PDFRAME - ok
21:06:44.0109 3076 PDRELI - ok
21:06:44.0125 3076 PDRFRAME - ok
21:06:44.0125 3076 perc2 - ok
21:06:44.0140 3076 perc2hib - ok
21:06:44.0187 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:06:44.0312 3076 PptpMiniport - ok
21:06:44.0359 3076 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys
21:06:44.0375 3076 PRISM_A02 - ok
21:06:44.0406 3076 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:06:44.0531 3076 Processor - ok
21:06:44.0546 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:06:44.0703 3076 Ptilink - ok
21:06:44.0718 3076 ql1080 - ok
21:06:44.0718 3076 Ql10wnt - ok
21:06:44.0734 3076 ql12160 - ok
21:06:44.0750 3076 ql1240 - ok
21:06:44.0750 3076 ql1280 - ok
21:06:44.0781 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:06:44.0937 3076 RasAcd - ok
21:06:44.0968 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:06:45.0093 3076 Rasl2tp - ok
21:06:45.0125 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:06:45.0250 3076 RasPppoe - ok
21:06:45.0265 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:06:45.0406 3076 Raspti - ok
21:06:45.0437 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:06:45.0593 3076 Rdbss - ok
21:06:45.0609 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:06:45.0765 3076 RDPCDD - ok
21:06:45.0796 3076 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:06:45.0828 3076 RDPWD - ok
21:06:45.0875 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:06:46.0015 3076 redbook - ok
21:06:46.0046 3076 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:06:46.0203 3076 ROOTMODEM - ok
21:06:46.0218 3076 SDDMI2 - ok
21:06:46.0265 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:06:46.0390 3076 Secdrv - ok
21:06:46.0421 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:06:46.0562 3076 serenum - ok
21:06:46.0578 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:06:46.0718 3076 Serial - ok
21:06:46.0750 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:06:46.0875 3076 Sfloppy - ok
21:06:46.0890 3076 Simbad - ok
21:06:46.0937 3076 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
21:06:46.0953 3076 snapman ( UnsignedFile.Multi.Generic ) - warning
21:06:46.0953 3076 snapman - detected UnsignedFile.Multi.Generic (1)
21:06:46.0968 3076 Sparrow - ok
21:06:46.0984 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:06:47.0093 3076 splitter - ok
21:06:47.0140 3076 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:06:47.0140 3076 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
21:06:47.0140 3076 sptd ( LockedFile.Multi.Generic ) - warning
21:06:47.0140 3076 sptd - detected LockedFile.Multi.Generic (1)
21:06:47.0156 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:06:47.0281 3076 sr - ok
21:06:47.0328 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:06:47.0359 3076 Srv - ok
21:06:47.0406 3076 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
21:06:47.0437 3076 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:06:47.0437 3076 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:06:47.0468 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:06:47.0562 3076 swenum - ok
21:06:47.0625 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:06:47.0750 3076 swmidi - ok
21:06:47.0765 3076 symc810 - ok
21:06:47.0765 3076 symc8xx - ok
21:06:47.0781 3076 SYMIDSCO - ok
21:06:47.0796 3076 sym_hi - ok
21:06:47.0796 3076 sym_u3 - ok
21:06:47.0828 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:06:47.0953 3076 sysaudio - ok
21:06:48.0000 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:06:48.0015 3076 Tcpip - ok
21:06:48.0046 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:06:48.0171 3076 TDPIPE - ok
21:06:48.0203 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:06:48.0328 3076 TDTCP - ok
21:06:48.0343 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:06:48.0484 3076 TermDD - ok
21:06:48.0531 3076 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:06:48.0531 3076 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
21:06:48.0546 3076 tifsfilter - detected UnsignedFile.Multi.Generic (1)
21:06:48.0562 3076 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
21:06:48.0609 3076 timounter ( UnsignedFile.Multi.Generic ) - warning
21:06:48.0609 3076 timounter - detected UnsignedFile.Multi.Generic (1)
21:06:48.0625 3076 TosIde - ok
21:06:48.0671 3076 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:06:48.0796 3076 tunmp - ok
21:06:48.0828 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:06:48.0953 3076 Udfs - ok
21:06:48.0953 3076 ultra - ok
21:06:48.0984 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:06:49.0125 3076 Update - ok
21:06:49.0171 3076 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:06:49.0187 3076 USBAAPL - ok
21:06:49.0218 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:06:49.0359 3076 usbccgp - ok
21:06:49.0406 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:06:49.0515 3076 usbehci - ok
21:06:49.0546 3076 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys
21:06:49.0578 3076 UsbFltr - ok
21:06:49.0609 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:06:49.0734 3076 usbhub - ok
21:06:49.0765 3076 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:06:49.0890 3076 usbohci - ok
21:06:49.0921 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:06:50.0062 3076 usbprint - ok
21:06:50.0093 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:06:50.0218 3076 usbscan - ok
21:06:50.0250 3076 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
21:06:50.0375 3076 usbser - ok
21:06:50.0406 3076 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:06:50.0531 3076 usbstor - ok
21:06:50.0546 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:06:50.0671 3076 VgaSave - ok
21:06:50.0687 3076 ViaIde - ok
21:06:50.0750 3076 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
21:06:50.0765 3076 vmm - ok
21:06:50.0812 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:06:50.0921 3076 VolSnap - ok
21:06:50.0984 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:06:51.0109 3076 Wanarp - ok
21:06:51.0156 3076 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:06:51.0187 3076 Wdf01000 - ok
21:06:51.0187 3076 WDICA - ok
21:06:51.0218 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:06:51.0343 3076 wdmaud - ok
21:06:51.0375 3076 WinDriver6 - ok
21:06:51.0437 3076 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:06:51.0468 3076 WpdUsb - ok
21:06:51.0515 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:06:51.0546 3076 WudfPf - ok
21:06:51.0562 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:06:51.0578 3076 WudfRd - ok
21:06:51.0625 3076 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
21:06:55.0593 3076 \Device\Harddisk0\DR0 - ok
21:06:55.0609 3076 MBR (0x1B8) (a17ff5c6092cc5fe1d7c1862c9edab97) \Device\Harddisk1\DR1
21:06:55.0750 3076 \Device\Harddisk1\DR1 - ok
21:06:55.0765 3076 Boot (0x1200) (840762bebb355162130de35f2fccda36) \Device\Harddisk0\DR0\Partition0
21:06:55.0765 3076 \Device\Harddisk0\DR0\Partition0 - ok
21:06:55.0765 3076 Boot (0x1200) (0206517a0de520faf75bcd7ed78d3ab1) \Device\Harddisk1\DR1\Partition0
21:06:55.0765 3076 \Device\Harddisk1\DR1\Partition0 - ok
21:06:55.0781 3076 Boot (0x1200) (babe80a7dae192a52f67c7240513b59b) \Device\Harddisk1\DR1\Partition1
21:06:55.0781 3076 \Device\Harddisk1\DR1\Partition1 - ok
21:06:55.0781 3076 ============================================================
21:06:55.0781 3076 Scan finished
21:06:55.0781 3076 ============================================================
21:06:55.0890 2472 Detected object count: 10
21:06:55.0890 2472 Actual detected object count: 10
21:06:59.0531 2472 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0531 2472 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0531 2472 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0531 2472 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0531 2472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0531 2472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0531 2472 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0531 2472 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0531 2472 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0531 2472 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0531 2472 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0531 2472 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0546 2472 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:06:59.0546 2472 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:06:59.0546 2472 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0546 2472 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0546 2472 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0546 2472 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:06:59.0546 2472 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:59.0546 2472 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:07:02.0656 3268 Deinitialize success

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 March 2012 - 07:11 AM

Were you able to run Toolbarcop as I asked in the beginning of this post:

http://forums.malwar...ndpost&p=532134

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 03 March 2012 - 08:51 PM

Sorry, I missed that.
Just ran it...here it is.


----------------------------------------
Blog This
Browser Extension
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}
C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
Enabled
All Users
----------------------------------------
Skype add-on for Internet Explorer
Browser Extension
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Enabled
All Users
----------------------------------------
Research
Browser Extension
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Enabled
All Users
----------------------------------------
n/a
Browser Extension
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Enabled
All Users
----------------------------------------
n/a
Browser Extension
{E2E2DD38-D088-4134-82B7-F2BA38496583}
%windir%\Network Diagnostic\xpnetdiag.exe
Enabled
All Users
----------------------------------------
Messenger
Browser Extension
{FB5F1910-F110-11D2-BB9E-00C04F795683}
C:\Program Files\Messenger\msmsgs.exe
Enabled
All Users
----------------------------------------
&Address
Toolbar
{01E04581-4EEE-11D0-BFE9-00AA005B4383}
%SystemRoot%\system32\browseui.dll
Enabled
Current User
----------------------------------------
&Links
Toolbar
{0E5CBF21-D15F-11D0-8301-00AA005B4383}
%SystemRoot%\system32\SHELL32.dll
Enabled
Current User
----------------------------------------
(Empty)
Toolbar
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
(empty)
Enabled
Current User
----------------------------------------
Google Toolbar
Toolbar
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Enabled
Current User
----------------------------------------
WBA F.C. Toolbar
Toolbar
{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}
C:\Program Files\WBA_F.C\prxtbWBA1.dll
Enabled
Current User
----------------------------------------
(Empty)
Toolbar
{D4027C7F-154A-4066-A1AD-4243D8127440}
(empty)
Enabled
Current User
----------------------------------------
(Empty)
Toolbar
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
(empty)
Enabled
Current User
----------------------------------------
(Empty)
Toolbar
{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
(empty)
Enabled
Current User
----------------------------------------
WBA F.C. Toolbar
Toolbar
{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}
C:\Program Files\WBA_F.C\prxtbWBA1.dll
Enabled
All Users
----------------------------------------
Bing Bar
Toolbar
{8DCB7100-DF86-4384-8842-8FA844297B3F}
"C:\Program Files\Microsoft\BingBar\BingExt.dll"
Enabled
All Users
----------------------------------------
AVG Security Toolbar
Toolbar
{95B7759C-8C7F-4BF1-B163-73684A933233}
C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
Enabled
All Users
----------------------------------------
StartNow Toolbar
Toolbar
{5911488E-9D1E-40EC-8CBB-06B231CC153F}
C:\Program Files\StartNow Toolbar\Toolbar32.dll
Enabled
All Users
----------------------------------------
Google Toolbar
Toolbar
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
(empty)
Enabled
All Users
----------------------------------------
Adobe PDF Link Helper
BHO
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Enabled
All Users
----------------------------------------
AVG Safe Search
BHO
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
C:\Program Files\AVG\AVG2012\avgssie.dll
Enabled
All Users
----------------------------------------
Spybot-S&D IE Protection
BHO
{53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Enabled
All Users
----------------------------------------
EpicPlay
BHO
{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}
(empty)
Enabled
All Users
----------------------------------------
WBA F.C. Toolbar
BHO
{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}
C:\Program Files\WBA_F.C\prxtbWBA1.dll
Enabled
All Users
----------------------------------------
StartNow Toolbar Helper
BHO
{6E13D095-45C3-4271-9475-F3B48227DD9F}
C:\Program Files\StartNow Toolbar\Toolbar32.dll
Enabled
All Users
----------------------------------------
Windows Live ID Sign-in Helper
BHO
{9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Enabled
All Users
----------------------------------------
AVG Security Toolbar
BHO
{95B7759C-8C7F-4BF1-B163-73684A933233}
C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
Enabled
All Users
----------------------------------------
Google Toolbar Helper
BHO
{AA58ED58-01DD-4D91-8333-CF10577473F7}
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Enabled
All Users
----------------------------------------
Skype add-on for Internet Explorer
BHO
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Enabled
All Users
----------------------------------------
Google Toolbar Notifier BHO
BHO
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
Enabled
All Users
----------------------------------------
Bing Bar Helper
BHO
{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
"C:\Program Files\Microsoft\BingBar\BingExt.dll"
Enabled
All Users
----------------------------------------
WeCareReminder Class
BHO
{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll
Enabled
All Users
----------------------------------------
Java™ Plug-In 2 SSV Helper
BHO
{DBC80044-A445-435B-BC74-9C25C1C588A9}
C:\Program Files\Java\jre6\bin\jp2ssv.dll
Enabled
All Users
----------------------------------------
JQSIEStartDetectorImpl Class
BHO
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Enabled
All Users
----------------------------------------
E&xport to Microsoft Excel
Menu Extension

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Enabled
Current User
----------------------------------------
Google Sidewiki...
Menu Extension

res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Enabled
Current User
----------------------------------------
swg
Run - Startup

"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Enabled
Current User
----------------------------------------
Google Update
Run - Startup

"C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Enabled
Current User
----------------------------------------
NvMediaCenter
Run - Startup

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Enabled
All Users
----------------------------------------
NvCplDaemon
Run - Startup

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Enabled
All Users
----------------------------------------
QuickTime Task
Run - Startup

"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
Enabled
All Users
----------------------------------------
iTunesHelper
Run - Startup

"C:\Program Files\iTunes\iTunesHelper.exe"
Enabled
All Users
----------------------------------------
AVG_TRAY
Run - Startup

"C:\Program Files\AVG\AVG2012\avgtray.exe"
Enabled
All Users
----------------------------------------
Adobe ARM
Run - Startup

"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Enabled
All Users
----------------------------------------
SunJavaUpdateSched
Run - Startup

"C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Enabled
All Users
----------------------------------------
vProt
Run - Startup

"C:\Program Files\AVG Secure Search\vprot.exe"
Enabled
All Users
----------------------------------------
ROC_roc_dec12
Run - Startup

"C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
Enabled
All Users
----------------------------------------
IE Search Band
Explorer Bar - Vertical
{30D02401-6A81-11D0-8274-00C04FD5AE38}
C:\WINDOWS\system32\ieframe.dll
Enabled
All Users
----------------------------------------
&Tip of the Day
Explorer Bar - Horizontal
{4D5C8C25-D075-11D0-B416-00C04FB90376}
%SystemRoot%\system32\shdocvw.dll
Enabled
All Users
----------------------------------------
&Discuss
Explorer Bar - Horizontal
{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
shdocvw.dll
Enabled
All Users
----------------------------------------
File Search Explorer Band
Explorer Bar - Vertical
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
%SystemRoot%\system32\SHELL32.dll
Enabled
All Users
----------------------------------------
Favorites Band
Explorer Bar - Vertical
{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
%SystemRoot%\system32\shdocvw.dll
Enabled
All Users
----------------------------------------
History Band
Explorer Bar - Vertical
{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
%SystemRoot%\system32\shdocvw.dll
Enabled
All Users
----------------------------------------
Explorer Band
Explorer Bar - Vertical
{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
%SystemRoot%\system32\shdocvw.dll
Enabled
All Users
----------------------------------------
&Research
Explorer Bar - Vertical
{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Enabled
All Users

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 March 2012 - 10:08 AM

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 04 March 2012 - 02:41 PM

ComboFix 12-03-04.01 - USER 03/04/2012 14:24:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1491 [GMT -5:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\USER\Application Data\inst.exe
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\searchplugins\bing-zugo.xml
c:\documents and settings\USER\Application Data\vso_ts_preview.xml
c:\documents and settings\USER\WINDOWS
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Shared
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
C:\Thumbs.db
c:\windows\desktop
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\0be03d606b8b1fa0.fb
c:\windows\system32\Cache\240a1c1a5ab80f73.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\826ee1bafdf9f937.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACTIVE_COMMON_SERVICE
-------\Legacy_IWIN_SERVICE
-------\Service_Active Common Service
-------\Service_IWin service
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 19:32 . 2012-03-04 19:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-04 19:32 . 2012-03-04 19:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-04 19:32 . 2012-03-04 19:32 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-03-04 19:32 . 2012-03-04 19:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-04 19:32 . 2012-03-04 19:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-04 19:32 . 2012-03-04 19:32 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-03-04 19:32 . 2012-03-04 19:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-04 19:32 . 2012-03-04 19:32 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-03-04 19:31 . 2012-03-04 19:31 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-03-04 19:31 . 2012-03-04 19:31 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-03-04 19:31 . 2012-03-04 19:31 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-03-04 19:31 . 2012-03-04 19:31 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-03-04 19:31 . 2012-03-04 19:31 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-04 19:31 . 2012-03-04 19:31 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-04 19:31 . 2012-03-04 19:31 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-03-04 19:31 . 2012-03-04 19:31 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-04 19:31 . 2012-03-04 19:31 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-02-14 21:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 20:55 . 2011-05-30 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-04 04:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 05:25 . 2008-07-24 13:51 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys
2011-12-22 05:25 . 2009-10-06 23:11 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-22 05:25 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-19 01:11 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-19 00:41 . 2010-06-19 00:54 138056 ----a-w- c:\documents and settings\USER\Application Data\PnkBstrK.sys
2011-12-19 00:40 . 2008-07-24 13:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-17 19:46 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-05-15 01:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WBA_F.C\prxtbWBA1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-18 12:14 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sendori Tray Icon.lnk - c:\program files\Sendori\SendoriTray.exe [2011-12-1 76096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-12-27 15:32 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 10:17 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-02 07:11 136176 ----atw- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade]
2008-11-03 00:44 495616 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 23:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-12-20 22:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 19:21 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-21 18:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-02-17 06:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=
"c:\\Documents and Settings\\USER\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29126:TCP"= 29126:TCP:Azureus
"57479:TCP"= 57479:TCP:bittorrent
"1886:TCP"= 1886:TCP:Genieo
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 7:32 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 Sendori;Sendori;c:\program files\Sendori\SendoriSvc.exe [12/1/2011 5:47 PM 98624]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/18/2012 7:15 AM 909152]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2008 4:23 PM 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [9/17/2008 4:47 PM 16512]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 12:56 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job
- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job
- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]
.
2012-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2012-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2006-05-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-17 14:04]
.
2012-03-04 c:\windows\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146
TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EDEFBE5-5DDF-F27B-7AB3-F2414FD2E5C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnjbionafodmmfjaoajpkhcbnknhhgoom"=hex:61,61,00,00
"bbnjbionafodmmfjaodimeiknepcfifdaeho"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\AVG\AVG2012\avgopensslx.dll
c:\program files\AVG\AVG2012\avgntopensslx.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-04 14:40:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-04 19:40
.
Pre-Run: 5,574,766,592 bytes free
Post-Run: 7,113,547,776 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 068B2B6E868F5B2C98A0E3137D2A4B98

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 March 2012 - 08:45 AM

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

DDS::
uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 05 March 2012 - 10:35 PM

ComboFix 12-03-04.01 - USER 03/05/2012 22:21:50.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1383 [GMT -5:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-04 21:24 . 2012-03-04 20:24 2304 ----a-w- c:\windows\system32\HtsysmNT.sys
2012-03-04 19:32 . 2012-03-04 19:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-04 19:32 . 2012-03-04 19:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-04 19:32 . 2012-03-04 19:32 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-03-04 19:32 . 2012-03-04 19:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-04 19:32 . 2012-03-04 19:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-04 19:32 . 2012-03-04 19:32 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-03-04 19:32 . 2012-03-04 19:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-04 19:32 . 2012-03-04 19:32 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-03-04 19:31 . 2012-03-04 19:31 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-03-04 19:31 . 2012-03-04 19:31 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-03-04 19:31 . 2012-03-04 19:31 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-03-04 19:31 . 2012-03-04 19:31 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-03-04 19:31 . 2012-03-04 19:31 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-04 19:31 . 2012-03-04 19:31 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-04 19:31 . 2012-03-04 19:31 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-03-04 19:31 . 2012-03-04 19:31 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-04 19:31 . 2012-03-04 19:31 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-02-14 21:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 21:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 20:55 . 2011-05-30 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-04 04:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 05:25 . 2008-07-24 13:51 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys
2011-12-22 05:25 . 2009-10-06 23:11 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-12-22 05:25 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-19 01:11 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-19 00:41 . 2010-06-19 00:54 138056 ----a-w- c:\documents and settings\USER\Application Data\PnkBstrK.sys
2011-12-19 00:40 . 2008-07-24 13:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-12-17 19:46 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-05-15 01:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WBA_F.C\prxtbWBA1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-18 12:14 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sendori Tray Icon.lnk - c:\program files\Sendori\SendoriTray.exe [2011-12-1 76096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-12-27 15:32 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 10:17 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-02 07:11 136176 ----atw- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade]
2008-11-03 00:44 495616 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 23:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
2004-12-20 22:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 19:21 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-21 18:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-02-17 06:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=
"c:\\Documents and Settings\\USER\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\pandorasaga\\SteamIntegrator.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29126:TCP"= 29126:TCP:Azureus
"57479:TCP"= 57479:TCP:bittorrent
"1886:TCP"= 1886:TCP:Genieo
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 7:32 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 Sendori;Sendori;c:\program files\Sendori\SendoriSvc.exe [12/1/2011 5:47 PM 98624]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/18/2012 7:15 AM 909152]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2008 4:23 PM 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [9/17/2008 4:47 PM 16512]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 12:56 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job
- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job
- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]
.
2012-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2012-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2006-05-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-17 14:04]
.
2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146
TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EDEFBE5-5DDF-F27B-7AB3-F2414FD2E5C4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnjbionafodmmfjaoajpkhcbnknhhgoom"=hex:61,61,00,00
"bbnjbionafodmmfjaodimeiknepcfifdaeho"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(952)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\AVG\AVG2012\avgopensslx.dll
c:\program files\AVG\AVG2012\avgntopensslx.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Completion time: 2012-03-05 22:32:57
ComboFix-quarantined-files.txt 2012-03-06 03:32
ComboFix2.txt 2012-03-04 19:40
.
Pre-Run: 5,384,318,976 bytes free
Post-Run: 5,359,378,432 bytes free
.
- - End Of File - - 4863E6C01580F00F119794C7ECAA5ACD

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 March 2012 - 10:04 AM

Use the Disk Cleanup Utility to clean out temp files on the system:

http://www.theelderg...nup_utility.htm

Then......

Please reset Internet Explorer back to defaults as outlined in the link below:


http://windows.micro...orer-8-settings


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 March 2012 - 06:36 PM

Thank you, This seems to have fixed IE. Is there a similar procedure for restoring chrome?

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 March 2012 - 06:40 PM

Yes......

Lets make sure you have the latest version of Chrome:
Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", click on it > if an update is available it will be installed.

Then click on the wrench again and chose Tools > Extensions, see if there's any suspicious items there.
Click on Clear Browser Data > clear it out.
Then to the left go through Basics, Personal Stuff, etc. see if there's any thing suspicious.

Let me know.....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 March 2012 - 08:40 PM

Chrome is up to date. I cleared browsing history, and looked for suspicious items. I did not see any.

I'm still being sent to isearch.whitesmoke.com when i search in chrome's address bar.

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 06 March 2012 - 08:59 PM

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 March 2012 - 09:45 PM

OTL logfile created on: 3/6/2012 9:36:04 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 15.97% Memory free
3.85 Gb Paging File | 1.73 Gb Available in Paging File | 45.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.78 Gb Total Space | 13.62 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 2.93 Gb Free Space | 58.56% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 30.00 Gb Free Space | 26.83% Space Free | Partition Type: NTFS
Drive F: | 546.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OPTERON | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 21:35:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2012/03/06 06:49:49 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/18 07:14:52 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/01 17:47:12 | 000,076,096 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriTray.exe
PRC - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriSvc.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 14:21:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/04 03:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2005/12/27 10:32:12 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 06:49:48 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll
MOD - [2012/03/06 06:49:46 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
MOD - [2012/03/06 06:48:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avutil-51.dll
MOD - [2012/03/06 06:48:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avformat-53.dll
MOD - [2012/03/06 06:48:19 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
MOD - [2012/02/28 16:00:47 | 014,415,144 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/02/28 16:00:37 | 000,857,896 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/02/28 16:00:36 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2012/02/28 16:00:36 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2012/02/28 16:00:36 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
MOD - [2012/01/18 07:14:52 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/19 06:42:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/24 04:33:11 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\lwjgl.dll
MOD - [2011/10/24 04:33:11 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\OpenAL32.dll
MOD - [2011/10/24 04:33:11 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\jinput-dx8.dll
MOD - [2011/10/24 04:33:11 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\jinput-raw.dll
MOD - [2010/03/31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/02/25 18:31:24 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Sendori)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/07 16:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/28 17:02:25 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/27 10:32:12 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WinDriver6)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alaahwxf)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/13 19:32:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/16 02:00:31 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009/01/21 12:03:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrpmpr5.sys -- (BVRPMPR5)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 13:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2007/09/04 18:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/18 14:16:59 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006/03/18 14:16:59 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006/03/18 14:16:57 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2005/11/02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\copperhd.sys -- (UsbFltr)
DRV - [2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/11/17 06:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/08/12 21:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/19 06:51:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wusbgxp.sys -- (PRISM_A02)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{7640701C-2E82-47F8-9AF5-756184174422}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{82936E37-1C9C-4612-91C6-3F465462D835}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{975CB869-B881-4DCB-BD60-A9FD6F8ED7AF}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{B40870B4-C7B8-4CDE-A660-CA1365BA0531}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...x-en-us&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.1.0.01
FF - prefs.js..keyword.URL: "http://websearch.ask...=YYYYYYYYUS&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 11:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\USER\Local Settings\Application Data\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/18 07:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 3\components [2012/01/18 08:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 3\plugins [2012/01/18 07:21:34 | 000,000,000 | ---D | M]

[2011/05/19 13:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2009/12/25 10:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/02/28 16:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions
[2010/03/07 11:36:57 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/01 19:21:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/14 15:54:56 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}
[2009/12/06 15:36:40 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/05/15 17:47:45 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2008/09/03 12:40:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/12/22 00:19:56 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\textlinks@epicplay.com
[2009/12/11 13:44:26 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\toolbar@shopathome.com
[2012/02/28 16:08:28 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\wecarereminder@bryan
[2011/02/01 16:21:37 | 000,005,282 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\searchplugins\Foxtab Web Search.xml
[2008/11/11 20:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/18 07:32:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7
[2012/02/04 11:52:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/07/04 12:29:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2008/01/07 19:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/01/28 11:12:30 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

========== Chrome ==========

CHR - default_search_provider: WhiteSmoke Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: GamePlayLabs Plugin (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\

O1 HOSTS File: ([2012/03/04 14:34:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (WBA F.C. Toolbar) - {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - C:\Program Files\WBA_F.C\prxtbWBA1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (WBA F.C. Toolbar) - {6DE481F0-7179-4AD6-A857-3DCBCFBB24D4} - C:\Program Files\WBA_F.C\prxtbWBA1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sendori Tray Icon.lnk = C:\Program Files\Sendori\SendoriTray.exe (Sendori, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigne...p/view22rte.cab (View22RTE Class)
O16 - DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} http://www.wildpocke...oader-15079.cab (Wild Pockets Loader Plugin Control Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...rl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: DhcpNameServer = 68.87.75.194 68.87.64.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/14 17:31:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/21 13:45:36 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/09/08 16:13:25 | 000,000,058 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 21:35:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2012/03/06 09:07:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/05 22:19:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/04 14:17:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/04 14:13:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/04 14:13:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/04 14:13:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/04 14:13:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/04 14:13:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/04 14:13:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/04 14:04:57 | 004,426,766 | R--- | C] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe
[2012/03/02 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\RK_Quarantine
[2012/03/02 07:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Infection II

========== Files - Modified Within 30 Days ==========

[2012/03/06 21:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/06 21:35:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2012/03/06 20:41:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job
[2012/03/06 19:42:53 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Google Chrome.lnk
[2012/03/06 19:42:53 | 000,002,260 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/06 18:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job
[2012/03/06 18:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 18:32:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job
[2012/03/06 18:26:23 | 000,498,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/06 18:26:23 | 000,087,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/06 17:47:11 | 090,970,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/04 17:46:12 | 000,384,099 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/04 15:24:27 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2012/03/04 14:35:15 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/04 14:34:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/04 14:34:26 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 14:34:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job
[2012/03/04 14:31:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 14:31:11 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/04 14:17:22 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012/03/04 14:05:02 | 004,426,766 | R--- | M] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe
[2012/03/02 09:16:47 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/03/01 18:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job
[2012/02/28 16:27:03 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\spoon.png
[2012/02/28 16:03:51 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Terraria.url
[2012/02/20 11:54:24 | 000,272,615 | ---- | M] () -- C:\WINDOWS\System32\Appendix B Macroinvertebrate Taxa of Spring Creek and Penns Creek.pdf
[2012/02/15 15:44:08 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 01:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/03/04 16:24:02 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2012/03/04 14:13:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/04 14:13:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/04 14:13:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/04 14:13:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/04 14:13:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/28 16:27:03 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\spoon.png
[2012/02/28 16:03:51 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\Terraria.url
[2012/02/20 11:54:22 | 000,272,615 | ---- | C] () -- C:\WINDOWS\System32\Appendix B Macroinvertebrate Taxa of Spring Creek and Penns Creek.pdf
[2012/02/14 16:01:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 16:01:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/05/26 18:37:22 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/05/19 13:58:34 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/30 19:39:27 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/06 07:57:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat
[2010/12/03 07:16:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/12 21:40:31 | 000,000,360 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2010/10/14 19:25:47 | 000,487,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 16:06:10 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/07/05 16:06:10 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/07/05 16:06:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/07/05 16:06:10 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/06/27 10:05:22 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/06/18 19:54:55 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PnkBstrK.sys
[2010/06/18 19:54:22 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/06/03 04:24:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/03 21:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2008/04/06 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayTune
[2006/03/17 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/01/18 07:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/16 18:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/14 18:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/10/24 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2008/10/11 21:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/08/23 10:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/15 21:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/06/16 11:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/10/14 21:38:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/13 19:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007/04/03 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/04/08 19:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/12/30 12:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linkury
[2012/03/06 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/10/03 20:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2007/10/20 09:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2007/02/12 20:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2011/12/22 00:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sendori
[2010/07/05 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/12/25 10:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/09/28 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2008/10/22 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/10/24 05:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/10/24 04:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/04/15 20:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware
[2009/03/21 09:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/11/19 10:28:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2010/07/04 13:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/05 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/10 11:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/05/13 10:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.BitTornado
[2012/02/28 16:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.minecraft
[2011/03/03 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Amazon
[2011/08/18 06:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG
[2011/10/13 13:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG Secure Search
[2011/10/13 13:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG2012
[2008/10/12 19:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Azureus
[2011/12/01 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BitTorrent
[2010/02/15 21:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canneverbe Limited
[2009/11/07 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canon
[2011/11/06 15:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Catalina Marketing Corp
[2007/07/15 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ChessBase
[2009/12/13 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools Lite
[2007/04/03 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DassaultSystemes
[2008/04/06 12:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DisplayTune
[2010/05/13 17:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DNA
[2006/05/15 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DWGeditor
[2010/07/28 16:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\E-centives
[2006/03/17 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Echo Software
[2009/04/27 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\eMusic
[2009/04/08 19:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GARMIN
[2009/03/06 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\gtk-2.0
[2010/03/19 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\KendallHunt
[2007/02/17 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech
[2009/04/08 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MotionBased
[2011/04/16 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\My Games
[2010/11/17 13:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Petroglyph
[2010/05/13 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Phex
[2007/10/23 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PureEdge
[2011/02/27 16:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\RegistryKeys
[2011/10/25 18:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Sammsoft
[2007/02/12 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\scar5
[2008/01/13 11:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Seven Zip
[2008/02/16 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ShredderChess
[2010/08/24 17:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\sldIM
[2011/10/13 09:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Spotify
[2006/03/14 20:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Thunderbird
[2009/12/25 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom
[2008/10/19 16:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Uniblue
[2009/09/28 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\VistaCodecs
[2010/12/28 11:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\vShare
[2011/04/17 11:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Vso
[2011/10/24 05:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\WeatherBug
[2012/03/06 18:32:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/03 21:53:36 | 000,000,158 | ---- | M] ()(C:\Documents and Settings\USER\Desktop\????????(Hydatophylax nigrovittatus McLachlan) ??? ???.url) -- C:\Documents and Settings\USER\Desktop\띠무늬우묵날도래(Hydatophylax nigrovittatus McLachlan) 네이버 블로그.url
[2010/12/03 21:53:36 | 000,000,158 | ---- | C] ()(C:\Documents and Settings\USER\Desktop\????????(Hydatophylax nigrovittatus McLachlan) ??? ???.url) -- C:\Documents and Settings\USER\Desktop\띠무늬우묵날도래(Hydatophylax nigrovittatus McLachlan) 네이버 블로그.url

< End of report >

#18 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 06 March 2012 - 09:46 PM

OTL Extras logfile created on: 3/6/2012 9:36:04 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 15.97% Memory free
3.85 Gb Paging File | 1.73 Gb Available in Paging File | 45.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.78 Gb Total Space | 13.62 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 2.93 Gb Free Space | 58.56% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 30.00 Gb Free Space | 26.83% Space Free | Partition Type: NTFS
Drive F: | 546.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OPTERON | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"29126:TCP" = 29126:TCP:*:Enabled:Azureus
"57479:TCP" = 57479:TCP:*:Enabled:bittorrent
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1886:TCP" = 1886:TCP:*:Enabled:Genieo

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe" = C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe" = C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe:*:Enabled:Terraria -- (Re-Logic)
"C:\Documents and Settings\USER\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\USER\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1314ED6A-FDAC-41BC-A7BA-3582FF883F3A}" = Community Smartbar
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari
"{30E10267-3B27-42CC-B727-681DEBD30C4D}" = Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4642B082-DBC9-44CA-87F3-7A0B997B9590}" = Brother HL-5250DN
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{491EAC1A-8ECB-45D5-97D1-0583D5676914}" = ProMash
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53C239F5-7E23-493D-8FB6-F8EEEA5C2154}" = Garmin Training Center
"{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}" = SolidWorks Explorer 2007 sp0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B5E816C-A761-4F5B-BF48-84B794556CAA}_is1" = Freelang Dictionary (wordlist)
"{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3
"{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8AC9520B-25F3-4B3C-B83A-2E4B51AF8DEC}" = Fritz8
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FCA50A-CF7D-457E-AF69-F058F8BC2844}" = SolidWorks 2007 SP0
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE2AFE1-617E-478F-9BE5-DABB63B4380A}" = COSMOSMotion 2007 SP0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A83C5D20-CA65-432E-B103-730664547FB5}" = Tina 9 - TI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E}" = COSMOSWorks 2007 SP0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E0000600-0600-0600-0600-000000000600}" = ICS Viewer 6.0
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.15 beta
"7-Zip 9.20" = 7-Zip 9.20
"Across Lite 2.0" = Across Lite 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BeerSmith 2" = BeerSmith 2
"BetterLinksChrome" = BetterLinks v1.0.7 (remove only)
"BitTorrent" = BitTorrent
"Canon CanoScan LiDE 200 User Registration" = Canon CanoScan LiDE 200 User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative NOMAD II Driver" = Creative NOMAD II Driver
"EpicPlay" = EpicPlay
"ESET Online Scanner" = ESET Online Scanner v3
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"Hugin_release_is1" = Hugin 2009.4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"InfraRecorder" = InfraRecorder
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"LVG332" = 3rd Grade
"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"oggcodecs" = oggcodecs 0.71.0946
"PrimoPDF2.0" = PrimoPDF
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 1.69
"R for Windows_is1" = R for Windows 2.5.1
"RealPlayer 12.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Sendori" = Sendori
"SopCast" = SopCast 3.2.9
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = Machinehead GearCalc Pro (32 bit)
"Steam App 105600" = Terraria
"Steam App 1250" = Killing Floor
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"WBA_F.C Toolbar" = WBA F.C. Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinAVR" = WinAVR 20060125 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Energy Blue Theme Pack" = Windows XP Energy Blue Theme Pack
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2012 4:16:31 PM | Computer Name = OPTERON | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2001141

Error - 3/4/2012 4:16:31 PM | Computer Name = OPTERON | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2001141

Error - 3/4/2012 4:33:57 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.260.3, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001245f.

Error - 3/4/2012 4:34:06 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001
Description = Fault bucket -1809748939.

Error - 3/6/2012 2:58:05 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.260.3, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001240b.

Error - 3/6/2012 2:58:09 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001
Description = Fault bucket -1814028883.

Error - 3/6/2012 3:05:28 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.260.3, faulting module
nvoglnt.dll, version 6.14.11.9745, fault address 0x00717a16.

Error - 3/6/2012 3:05:32 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001
Description = Fault bucket -1813797555.

Error - 3/6/2012 6:45:05 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.260.3, faulting module
nvoglnt.dll, version 6.14.11.9745, fault address 0x00717a39.

Error - 3/6/2012 6:45:09 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001
Description = Fault bucket -1813594957.

[ System Events ]
Error - 3/2/2012 8:35:19 AM | Computer Name = OPTERON | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.7 for the Network Card with network address
0015F2170C12 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a
DHCPNACK message).

Error - 3/2/2012 10:13:13 AM | Computer Name = OPTERON | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{F4688967-C48E-4E37-9106-7A7BF9CDB52F}. The
backup browser is stopping.

Error - 3/2/2012 6:40:25 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000
Description = The Active Common Service service failed to start due to the following
error: %%3

Error - 3/2/2012 6:40:25 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000
Description = The IWin service service failed to start due to the following error:
%%3

Error - 3/2/2012 6:43:44 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000
Description = The Active Common Service service failed to start due to the following
error: %%3

Error - 3/2/2012 6:43:44 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000
Description = The IWin service service failed to start due to the following error:
%%3

Error - 3/3/2012 7:46:28 AM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000
Description = The Active Common Service service failed to start due to the following
error: %%3

Error - 3/3/2012 7:46:28 AM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000
Description = The IWin service service failed to start due to the following error:
%%3

Error - 3/4/2012 3:23:55 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7034
Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/5/2012 11:14:51 PM | Computer Name = OPTERON | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.0.0.4 on the
Network
Card with network address 0015F2170C12.


< End of report >

#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,140 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 07 March 2012 - 12:14 AM

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    CHR - default_search_provider: WhiteSmoke Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860
    CHR - default_search_provider: suggest_url =
    IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860
    IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 Mantawa

Mantawa

    New Member

  • Members
  • Pip
  • 13 posts

Posted 07 March 2012 - 07:18 AM

========== OTL ==========
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!

OTL by OldTimer - Version 3.2.35.1 log created on 03072012_071528




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users