koontzman

MyStart Incredibar

39 posts in this topic

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 7/7/2011 4:43:05 PM

System Uptime: 2/10/2012 6:04:24 PM (0 hours ago)

.

Motherboard: Acer | | EM61SM/EM61PM

Processor: AMD Sempron Processor 3200+ | Socket M2 | 1800/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 892.364 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP168: 2/5/2012 11:19:45 AM - Scheduled Checkpoint

RP169: 2/6/2012 11:52:40 AM - Scheduled Checkpoint

RP170: 2/7/2012 9:10:35 AM - Windows Update

RP171: 2/8/2012 8:29:07 AM - Windows Update

RP172: 2/9/2012 10:01:45 AM - Scheduled Checkpoint

RP173: 2/10/2012 7:22:17 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acer Assist

Acer eDataSecurity Management

Acer eMode Management

Acer Empowering Technology

Acer ePerformance Management

Acer Registration

Acer ScreenSaver

Acer Tour

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

avast! Free Antivirus

CCleaner

Conduit Engine

DealPly

Delftship

DivX Setup

Fallout

FVD Suite 2.7.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HTML TADS Player Kit

IncrediMail MediaBar 2 Toolbar

Java Auto Updater

Java 6 Update 29

LightScribe 1.4.124.1

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

NVIDIA Drivers

PowerProducer

QuickTime

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

swMSM

TADS 3 Author's Kit

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

US-122L / US-144 driver

VC80CRTRedist - 8.0.50727.6195

Veoh Giraffic Video Accelerator

Veoh Web Player

.

==== Event Viewer Messages From Past Week ========

.

2/5/2012 9:19:41 AM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

2/5/2012 9:04:06 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

2/5/2012 9:01:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

2/5/2012 9:01:56 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

2/5/2012 9:00:57 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/5/2012 9:00:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/5/2012 9:00:18 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/5/2012 9:00:11 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/5/2012 9:00:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/5/2012 8:59:59 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.

2/5/2012 8:58:44 AM, Error: EventLog [6008] - The previous system shutdown at 8:55:55 AM on 2/5/2012 was unexpected.

2/5/2012 10:49:30 AM, Error: EventLog [6008] - The previous system shutdown at 10:47:32 AM on 2/5/2012 was unexpected.

2/5/2012 10:47:31 AM, Error: EventLog [6008] - The previous system shutdown at 10:46:32 AM on 2/5/2012 was unexpected.

2/5/2012 10:24:27 AM, Error: EventLog [6008] - The previous system shutdown at 10:23:26 AM on 2/5/2012 was unexpected.

2/10/2012 6:06:25 PM, Error: Service Control Manager [7001] - The NVIDIA Display Driver Service service depends on the nvlddmkm service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/10/2012 6:04:47 PM, Error: ati2mtag [52225] -

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by owner at 18:28:46 on 2012-02-10

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2559.1506 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe

C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe

C:\Program Files\Giraffic\Veoh_Giraffic.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\mobsync.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mystart.incredimail.com

uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.us.acer.yahoo.com

mDefault_Page_URL = hxxp://en.us.acer.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll

BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [????r]

uRun: [?????????] ??????????????e

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Acer Tour]

mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe

mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup

mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [PCMService] "c:\acer\empowering technology\emode\pcm\PCMService.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{88BCB8FA-2CB2-48EB-A4E4-582C1B4DAD43} : DhcpNameServer = 192.168.2.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\oiobwq55.default\

FF - prefs.js: browser.search.selectedEngine - Google Custom Search

FF - prefs.js: browser.startup.homepage - chrome://fvd.toolbar/content/fvd_about_blank.html

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-25 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-25 314456]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-25 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-25 55128]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-25 44768]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-7-8 21504]

R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-10 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-10 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2011-9-16 360448]

S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-9-14 18944]

S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-9-16 33792]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-02-10 21:14:15 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2012-02-10 21:13:49 -------- d-----w- c:\programdata\Malwarebytes

2012-02-10 21:13:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-10 21:13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-10 12:24:00 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6095277c-4781-417d-9cba-caaae0b247f5}\mpengine.dll

2012-01-31 11:00:37 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-31 11:00:36 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-31 11:00:36 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-31 11:00:35 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-31 11:00:35 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-31 11:00:35 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-22 13:48:40 -------- d-----w- c:\users\owner\appdata\local\FVD Suite

2012-01-22 13:47:45 -------- d-----w- c:\users\owner\appdata\roaming\FVDToolbar

2012-01-22 13:47:22 -------- d-----w- c:\program files\FVD Suite

.

==================== Find3M ====================

.

2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-02 13:18:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll

.

============= FINISH: 18:31:10.83 ===============

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello koontzman and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your problem is MyStart Incredibar, right?

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Hi Maniac, and thank you for replying. For some reason the OTL link gives me a 'The connection was reset' and try again later. I'll try tomorrow, maybe something not working on that site.

Share this post


Link to post
Share on other sites

There is some problem with GeeksToGo. Please try again later.

Sorry about that!

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 2/11/2012 8:48:05 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 69.76% Memory free

5.22 Gb Paging File | 4.32 Gb Available in Paging File | 82.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 892.18 Gb Free Space | 95.78% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{12FBC88F-A9AE-4726-955F-DADFC6C88FD2}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{1D9BD88F-8A9E-4519-B4B4-E25AF69F5F71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{5AD2DC9A-27FC-4B91-9B82-18F21323B0CA}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"{5AD64379-9821-4F21-851A-155B5AA831EF}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |

"{5E55CC12-74F4-4C82-89A2-62A2F2503803}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |

"{741A5D68-5F5D-4265-B212-2210AC2A9252}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{793151F1-3898-4D04-BEC9-31BA327D9CEB}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |

"{8EE0C18E-79DD-4478-AA62-F7DB70C2300C}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |

"{992C509D-3DAD-44AA-B019-66EDF1D2C2D8}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |

"{998D640E-5E8F-4429-8BD8-23E9BE98BEA8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DAB326FC-3578-44CC-8D5D-4C0B201D8EAE}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |

"TCP Query User{4B1AAC99-2C0D-4DB3-9292-6F8AB01DC256}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

"UDP Query User{CF566EA6-9892-4C6B-B107-2C9C0F88893F}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.7.2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{DB7156C0-07D8-4555-A855-8322350E5C6E}" = Delftship

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner

"conduitEngine" = Conduit Engine

"DealPly" = DealPly

"DivX Setup" = DivX Setup

"Fallout" = Fallout

"Giraffic" = Veoh Giraffic Video Accelerator

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"htmltads.exe" = HTML TADS Player Kit

"htmltdb3.exe" = TADS 3 Author's Kit

"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"NVIDIA Drivers" = NVIDIA Drivers

"USB_AUDIO_DEusb-audio.deTascam" = US-122L / US-144 driver

"Veoh Web Player Beta" = Veoh Web Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/5/2012 10:00:56 AM | Computer Name = owner-PC | Source = ESENT | ID = 489

Description = Windows (2740) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"

for read only access failed with system error 5 (0x00000005): "Access is denied.

". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 2/5/2012 10:00:56 AM | Computer Name = owner-PC | Source = ESENT | ID = 455

Description = Windows (2740) Windows: Error -1032 (0xfffffbf8) occurred while opening

logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 2/5/2012 10:00:56 AM | Computer Name = owner-PC | Source = Windows Search Service | ID = 9000

Description =

Error - 2/5/2012 10:00:56 AM | Computer Name = owner-PC | Source = Windows Search Service | ID = 1006

Description =

Error - 2/5/2012 10:01:46 AM | Computer Name = owner-PC | Source = ESENT | ID = 489

Description = Windows (3032) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"

for read only access failed with system error 5 (0x00000005): "Access is denied.

". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 2/5/2012 10:01:46 AM | Computer Name = owner-PC | Source = ESENT | ID = 455

Description = Windows (3032) Windows: Error -1032 (0xfffffbf8) occurred while opening

logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 2/5/2012 10:01:56 AM | Computer Name = owner-PC | Source = ESENT | ID = 489

Description = Windows (3032) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log"

for read only access failed with system error 5 (0x00000005): "Access is denied.

". The open file operation will fail with error -1032 (0xfffffbf8).

Error - 2/5/2012 10:01:56 AM | Computer Name = owner-PC | Source = ESENT | ID = 455

Description = Windows (3032) Windows: Error -1032 (0xfffffbf8) occurred while opening

logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error - 2/5/2012 10:01:56 AM | Computer Name = owner-PC | Source = Windows Search Service | ID = 9000

Description =

Error - 2/5/2012 10:01:56 AM | Computer Name = owner-PC | Source = Windows Search Service | ID = 1006

Description =

[ System Events ]

Error - 9/14/2011 2:21:58 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/14/2011 2:21:58 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 9/14/2011 2:21:58 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/14/2011 2:21:58 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 9/14/2011 2:22:28 PM | Computer Name = owner-PC | Source = DCOM | ID = 10010

Description =

Error - 9/14/2011 4:03:41 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/14/2011 4:03:41 PM | Computer Name = owner-PC | Source = DCOM | ID = 10005

Description =

Error - 9/14/2011 4:03:41 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 9/14/2011 4:03:41 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/14/2011 4:03:41 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

OTL logfile created on: 2/11/2012 8:48:05 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 69.76% Memory free

5.22 Gb Paging File | 4.32 Gb Available in Paging File | 82.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 892.18 Gb Free Space | 95.78% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 08:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

PRC - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

PRC - [2012/01/22 09:15:16 | 003,735,680 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2006/11/25 00:58:28 | 000,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe

PRC - [2006/11/25 00:58:26 | 000,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe

PRC - [2006/11/25 00:57:52 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe

PRC - [2006/11/23 18:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2006/11/17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2006/11/12 20:35:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2006/11/08 21:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 12:21:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll

MOD - [2011/10/29 02:12:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011/10/29 02:11:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll

MOD - [2011/10/29 02:11:22 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/29 02:10:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/29 02:10:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011/10/29 02:10:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011/10/29 02:08:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/29 02:08:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2006/12/04 16:15:26 | 000,147,456 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\EmodeUI.dll

MOD - [2006/11/25 00:58:30 | 000,339,968 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLTinyDB.dll

MOD - [2006/11/25 00:58:12 | 000,237,662 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapEngine.dll

MOD - [2006/11/25 00:58:12 | 000,114,776 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSchMgr.dll

MOD - [2006/11/25 00:58:12 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvcps.dll

MOD - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe

MOD - [2006/11/23 18:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2006/11/23 18:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2006/11/16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll

MOD - [2006/11/16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll

MOD - [2006/11/16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2006/11/12 20:35:10 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll

MOD - [2006/11/12 20:34:46 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll

MOD - [2006/11/12 20:34:46 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll

MOD - [2006/11/12 20:34:46 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll

MOD - [2006/11/12 20:34:44 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll

MOD - [2006/11/12 20:34:44 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)

SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/11/25 00:58:28 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006/11/25 00:58:26 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2006/11/12 20:35:08 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008/06/19 23:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/12/18 00:17:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)

DRV - [2007/12/18 00:17:52 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)

DRV - [2007/12/18 00:17:50 | 000,360,448 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144)

DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2006/11/02 02:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"

FF - prefs.js..browser.startup.homepage: "chrome://fvd.toolbar/content/fvd_about_blank.html"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/03 11:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/25 19:07:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files\FVD Suite\addons\Firefox [2012/01/22 08:47:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 23:26:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 11:28:16 | 000,000,000 | ---D | M]

[2011/09/25 19:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

[2012/02/06 16:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions

[2012/02/03 15:51:40 | 000,000,000 | ---D | M] ("FVD Suite Addon") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}

[2011/12/08 13:04:53 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions\superstart@enjoyfreeware(139).org

[2011/12/27 23:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIOBWQ55.DEFAULT\EXTENSIONS\PAVEL.SHERBAKOV@GMAIL.COM.XPI

[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Acer Tour] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000..\Run: [捁牥吠畯r] File not found

O4 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BCB8FA-2CB2-48EB-A4E4-582C1B4DAD43}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe

O33 - MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\Shell\explore\command - "" = .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe

O33 - MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\Shell\Open\command - "" = .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 08:45:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/02/10 18:27:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/02/10 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes

[2012/02/10 16:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/10 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/10 16:13:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/02/10 16:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/02/10 16:02:45 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/09 19:55:41 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Resume

[2012/01/28 20:46:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Fish

[2012/01/22 08:48:40 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\FVD Suite

[2012/01/22 08:47:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FVDToolbar

[2012/01/22 08:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FVD Suite

[2012/01/22 08:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\FVD Suite

[2006/12/26 08:16:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/11 08:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/02/11 08:21:37 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/11 08:21:37 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/11 08:17:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/11 08:17:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/11 08:16:22 | 000,008,404 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

[2012/02/11 08:16:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/11 08:16:09 | 2683,887,616 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/10 18:27:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/02/10 16:13:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 16:02:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/10 15:48:01 | 000,600,088 | ---- | M] () -- C:\Users\owner\Desktop\bookmarks10Feb2012.html

[2012/01/28 20:00:05 | 000,024,576 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/28 17:27:31 | 289,073,677 | ---- | M] () -- C:\Users\owner\Documents\TheReunion.2.flv

[2012/01/22 11:40:04 | 1005,241,645 | ---- | M] () -- C:\Users\owner\Documents\movie.1.flv.converted.wmv

[2012/01/22 08:47:46 | 000,000,839 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FVD Suite.lnk

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 16:13:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 15:48:01 | 000,600,088 | ---- | C] () -- C:\Users\owner\Desktop\bookmarks10Feb2012.html

[2012/01/28 17:20:47 | 289,073,677 | ---- | C] () -- C:\Users\owner\Documents\TheReunion.2.flv

[2012/01/22 10:35:32 | 1005,241,645 | ---- | C] () -- C:\Users\owner\Documents\movie.1.flv.converted.wmv

[2012/01/22 08:47:46 | 000,000,839 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FVD Suite.lnk

[2011/09/25 16:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/09/25 15:57:46 | 000,000,552 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d8caps.dat

[2011/09/19 14:27:10 | 000,008,404 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

[2011/09/14 17:23:55 | 000,024,576 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/08 12:08:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/07/08 12:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/07/08 12:06:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/07/07 16:28:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2011/07/07 16:28:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2006/12/26 08:17:01 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe

[2006/12/26 08:16:59 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2006/12/26 08:12:36 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys

[2006/12/26 08:05:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe

[2006/12/26 07:36:38 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2006/12/26 06:41:20 | 000,000,700 | ---- | C] () -- C:\Windows\generic.ini

[2006/12/26 06:41:20 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini

[2006/11/16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2006/11/16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2006/11/16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2006/11/16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll

[2006/11/16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2006/11/16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2006/11/16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/11/16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,270,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/07/07 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Acer

[2012/01/22 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FVDToolbar

[2011/07/07 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech

[2012/02/11 01:05:20 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Please uninstall the following applications: Conduit Engine and IncrediMail MediaBar 2 Toolbar.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
    IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
    IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O33 - MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\Shell\explore\command - "" = .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe
    O33 - MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\Shell\Open\command - "" = .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe

    :files
    C:\Program Files\ConduitEngine
    C:\Program Files\IncrediMail_MediaBar_2

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

Service CLTNetCnService stopped successfully!

Service CLTNetCnService deleted successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll moved successfully.

HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1498357684-707858033-1297323047-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry value HKEY_USERS\S-1-5-21-1498357684-707858033-1297323047-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596f7199-a939-11e0-a938-001921549d24}\ not found.

File .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{596f7199-a939-11e0-a938-001921549d24}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596f7199-a939-11e0-a938-001921549d24}\ not found.

File .\RECYCLER\S-7-7-17-5472061545-4842084301-781355654-6501'Ý\ZUAsaEVG.exe not found.

========== FILES ==========

File\Folder C:\Program Files\ConduitEngine not found.

C:\Program Files\IncrediMail_MediaBar_2 folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: owner

->Temp folder emptied: 28477745 bytes

->Temporary Internet Files folder emptied: 10977626 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 1105250750 bytes

->Flash cache emptied: 63770 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 50606 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,092.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02112012_124040

Files\Folders moved on Reboot...

C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KP70BEEL\background-banner-middle-v9a[1].jpg moved successfully.

C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7HNRDJK\background_button_green_full[1].png moved successfully.

C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DD8DMJYY\background_banner_green_50_v9a[1].jpg moved successfully.

C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GWRS741\background-banner-right-v9a[1].jpg moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

when i do any search (Mozilla Firefox) using the top right search bar (supposed to be Google), the resulting search page is still from MyStart Incredibar.

Share this post


Link to post
Share on other sites

OTL logfile created on: 2/12/2012 6:35:35 AM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 70.06% Memory free

5.23 Gb Paging File | 4.31 Gb Available in Paging File | 82.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 892.76 Gb Free Space | 95.84% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 08:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

PRC - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

PRC - [2012/01/22 09:15:16 | 003,735,680 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2006/11/25 00:58:28 | 000,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe

PRC - [2006/11/25 00:58:26 | 000,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe

PRC - [2006/11/25 00:57:52 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe

PRC - [2006/11/23 18:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2006/11/17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2006/11/12 20:35:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2006/11/08 21:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 12:21:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll

MOD - [2011/10/29 02:12:58 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011/10/29 02:11:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll

MOD - [2011/10/29 02:11:22 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011/10/29 02:10:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011/10/29 02:10:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011/10/29 02:10:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011/10/29 02:08:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011/10/29 02:08:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2006/12/04 16:15:26 | 000,147,456 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\EmodeUI.dll

MOD - [2006/11/25 00:58:30 | 000,339,968 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLTinyDB.dll

MOD - [2006/11/25 00:58:12 | 000,237,662 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapEngine.dll

MOD - [2006/11/25 00:58:12 | 000,114,776 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSchMgr.dll

MOD - [2006/11/25 00:58:12 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvcps.dll

MOD - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe

MOD - [2006/11/23 18:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2006/11/23 18:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2006/11/16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll

MOD - [2006/11/16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll

MOD - [2006/11/16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2006/11/12 20:35:10 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll

MOD - [2006/11/12 20:34:46 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll

MOD - [2006/11/12 20:34:46 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll

MOD - [2006/11/12 20:34:46 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll

MOD - [2006/11/12 20:34:44 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll

MOD - [2006/11/12 20:34:44 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/11/25 00:58:28 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006/11/25 00:58:26 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2006/11/12 20:35:08 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008/06/19 23:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/12/18 00:17:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)

DRV - [2007/12/18 00:17:52 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)

DRV - [2007/12/18 00:17:50 | 000,360,448 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144)

DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2006/11/02 02:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"

FF - prefs.js..browser.startup.homepage: "chrome://fvd.toolbar/content/fvd_about_blank.html"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/03 11:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/25 19:07:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files\FVD Suite\addons\Firefox [2012/01/22 08:47:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 23:26:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 11:28:16 | 000,000,000 | ---D | M]

[2011/09/25 19:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

[2012/02/06 16:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions

[2012/02/03 15:51:40 | 000,000,000 | ---D | M] ("FVD Suite Addon") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}

[2011/12/08 13:04:53 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions\superstart@enjoyfreeware(139).org

[2011/12/27 23:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIOBWQ55.DEFAULT\EXTENSIONS\PAVEL.SHERBAKOV@GMAIL.COM.XPI

[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Acer Tour] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000..\Run: [捁牥吠畯r] File not found

O4 - HKU\S-1-5-21-1498357684-707858033-1297323047-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BCB8FA-2CB2-48EB-A4E4-582C1B4DAD43}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 19:50:52 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\owner\Desktop\HijackThis.exe

[2012/02/11 12:40:40 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/02/11 08:45:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/02/10 18:27:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/02/10 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes

[2012/02/10 16:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/10 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/10 16:13:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/02/10 16:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/02/10 16:02:45 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/09 19:55:41 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Resume

[2012/01/28 20:46:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Fish

[2012/01/22 08:48:40 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\FVD Suite

[2012/01/22 08:47:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FVDToolbar

[2012/01/22 08:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FVD Suite

[2012/01/22 08:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\FVD Suite

[2006/12/26 08:16:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2012/02/12 06:14:22 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/12 06:14:22 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/12 06:09:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/12 06:09:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/12 06:08:09 | 000,008,404 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

[2012/02/12 06:08:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/12 06:07:58 | 2683,887,616 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/11 19:50:56 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\owner\Desktop\HijackThis.exe

[2012/02/11 08:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/02/10 18:27:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/02/10 16:13:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 16:02:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/10 15:48:01 | 000,600,088 | ---- | M] () -- C:\Users\owner\Desktop\bookmarks10Feb2012.html

[2012/01/28 20:00:05 | 000,024,576 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/28 17:27:31 | 289,073,677 | ---- | M] () -- C:\Users\owner\Documents\TheReunion.2.flv

[2012/01/22 11:40:04 | 1005,241,645 | ---- | M] () -- C:\Users\owner\Documents\movie.1.flv.converted.wmv

[2012/01/22 08:47:46 | 000,000,839 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FVD Suite.lnk

========== Files Created - No Company Name ==========

[2012/02/10 16:13:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 15:48:01 | 000,600,088 | ---- | C] () -- C:\Users\owner\Desktop\bookmarks10Feb2012.html

[2012/01/28 17:20:47 | 289,073,677 | ---- | C] () -- C:\Users\owner\Documents\TheReunion.2.flv

[2012/01/22 10:35:32 | 1005,241,645 | ---- | C] () -- C:\Users\owner\Documents\movie.1.flv.converted.wmv

[2012/01/22 08:47:46 | 000,000,839 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FVD Suite.lnk

[2011/09/25 16:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/09/25 15:57:46 | 000,000,552 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d8caps.dat

[2011/09/19 14:27:10 | 000,008,404 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

[2011/09/14 17:23:55 | 000,024,576 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/08 12:08:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/07/08 12:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/07/08 12:06:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/07/07 16:28:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2011/07/07 16:28:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2006/12/26 08:17:01 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe

[2006/12/26 08:16:59 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2006/12/26 08:12:36 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys

[2006/12/26 08:05:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe

[2006/12/26 07:36:38 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2006/12/26 06:41:20 | 000,000,700 | ---- | C] () -- C:\Windows\generic.ini

[2006/12/26 06:41:20 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini

[2006/11/16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2006/11/16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2006/11/16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2006/11/16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll

[2006/11/16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2006/11/16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2006/11/16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/11/16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,270,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/07/07 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Acer

[2012/01/22 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FVDToolbar

[2011/07/07 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech

[2012/02/11 20:53:47 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Hi. I am emailing from another computer. I followed the instructions above. Downloaded, installed, ran ComboFix. I cannot post the log file because I can't use Firefox or Internet Explorer. The warning box pops up and says: "Illegal operation on a registry key marked for deletion." I also can't copy the file to a USB key, as when I try to open Notepad, the warning pop-up says the same thing. I can't open Microsoft Word as the file associations are gone. When I try to open Control Panel to re-establish the associations it says the same as for Firefox and IE: "Illegal operation on a registry key marked for deletion."

Share this post


Link to post
Share on other sites

ComboFix 12-02-13.01 - owner 02/14/2012 21:43:04.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2559.1732 [GMT -5:00]

Running from: c:\users\owner\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))

.

.

2012-02-15 02:54 . 2012-02-15 02:54 -------- d-----w- c:\users\owner\AppData\Local\temp

2012-02-15 02:54 . 2012-02-15 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-14 07:10 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0D71570-A380-4B4E-9017-3D50B29F489B}\mpengine.dll

2012-02-11 17:40 . 2012-02-11 17:40 -------- d-----w- C:\_OTL

2012-02-10 21:14 . 2012-02-10 21:14 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes

2012-02-10 21:13 . 2012-02-10 21:13 -------- d-----w- c:\programdata\Malwarebytes

2012-02-10 21:13 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-10 21:13 . 2012-02-10 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-31 11:00 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-31 11:00 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-31 11:00 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-31 11:00 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-31 11:00 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-31 11:00 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-22 13:48 . 2012-01-22 15:25 -------- d-----w- c:\users\owner\AppData\Local\FVD Suite

2012-01-22 13:47 . 2012-01-22 13:47 -------- d-----w- c:\users\owner\AppData\Roaming\FVDToolbar

2012-01-22 13:47 . 2012-01-22 13:47 -------- d-----w- c:\program files\FVD Suite

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 05:21 . 2011-07-08 01:45 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-02 13:18 . 2011-07-08 17:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-28 18:01 . 2011-09-26 00:46 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-09-26 00:46 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:53 . 2011-09-26 00:47 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-09-26 00:47 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-09-26 00:47 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-09-26 00:47 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-09-26 00:47 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-09-26 00:47 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-25 15:59 . 2012-01-11 06:19 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:37 . 2011-12-27 00:17 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 20:23 . 2012-01-11 06:19 1205064 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 17:47 . 2012-01-11 06:19 66560 ----a-w- c:\windows\system32\packager.dll

2011-12-21 07:24 . 2011-12-28 04:26 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"????r"="" [?]

"?????????"="??????????????e" [?]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]

"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]

"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]

"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 151552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Supplementary Scan -------

.

uStart Page =

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.us.acer.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\

FF - prefs.js: browser.search.selectedEngine - Google Custom Search

FF - prefs.js: browser.startup.homepage - chrome://fvd.toolbar/content/fvd_about_blank.html

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-14 21:54

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3748)

c:\windows\system32\MsnChatHook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\ShowErrMsg.dll

.

Completion time: 2012-02-14 22:01:48

ComboFix-quarantined-files.txt 2012-02-15 03:01

ComboFix2.txt 2012-02-13 22:37

.

Pre-Run: 949,302,886,400 bytes free

Post-Run: 949,254,414,336 bytes free

.

- - End Of File - - 7FCD8CA5034BF5D74171E865FDED7945

Share this post


Link to post
Share on other sites

Please post the content of:

C:\Qoobox\ComboFix-quarantined-files.txt

Share this post


Link to post
Share on other sites

2012-02-13 22:36:27 . 2012-02-13 22:36:27 336 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Acer Tour.reg.dat

2012-02-13 22:27:03 . 2012-02-15 02:50:34 4,119 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-02-13 22:15:06 . 2012-02-15 02:43:04 124 ----a-w- C:\Qoobox\Quarantine\catchme.log

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.05

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

owner :: OWNER-PC [administrator]

Protection: Enabled

2/16/2012 5:40:24 PM

mbam-log-2012-02-16 (17-40-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 167947

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *mystart*
    *Incredibar*

    :folderfind
    *mystart*
    *Incredibar*

    :regfind
    mystart
    Incredibar


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 18:56 on 17/02/2012 by owner

Administrator - Elevation successful

========== filefind ==========

Searching for "*mystart*"

C:\Users\owner\AppData\Local\IM\Identities\{93020F0F-3B80-48C7-9EDF-E2052D1AA3A1}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2\KeepMyStartHomepageDeffered[1].htm --a---- 2578 bytes [08:31 19/09/2011] [09:18 26/09/2011] C7F11DB6304627A50054CFF37D53241F

C:\Users\owner\AppData\Local\IM\Identities\{93020F0F-3B80-48C7-9EDF-E2052D1AA3A1}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\2\KeepMyStartHomepageImmidiate[1].htm --a---- 2554 bytes [08:31 19/09/2011] [09:18 26/09/2011] 61FF41EFAC24B57B49F85326B9EF0846

C:\Users\owner\AppData\Local\IM\Identities\{93020F0F-3B80-48C7-9EDF-E2052D1AA3A1}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3\KeepMyStartSearchDeffered[1].htm --a---- 2945 bytes [08:31 19/09/2011] [09:18 26/09/2011] 237AE8B78EDC9C8E6F8D9C21B7FDF5A4

C:\Users\owner\AppData\Local\IM\Identities\{93020F0F-3B80-48C7-9EDF-E2052D1AA3A1}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\3\KeepMyStartSearchImmidiate[1].htm --a---- 2955 bytes [08:31 19/09/2011] [09:18 26/09/2011] ACE8F80729A36BE7A3C64B8420529201

C:\Users\owner\AppData\Local\IM\Identities\{93020F0F-3B80-48C7-9EDF-E2052D1AA3A1}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\4\KeepMyStartHomepageDeffered[1].htm --a---- 2578 bytes [08:31 19/09/2011] [09:18 26/09/2011] C7F11DB6304627A50054CFF37D53241F

C:\Users\owner\AppData\Local\IM\Identities\{93020F0F-3B80-48C7-9EDF-E2052D1AA3A1}\IMSys\{B0D6E60D-68A5-41D0-8CA8-6046A5374126}\4\KeepMyStartHomepageImmidiate[1].htm --a---- 2554 bytes [08:31 19/09/2011] [09:18 26/09/2011] 61FF41EFAC24B57B49F85326B9EF0846

Searching for "*Incredibar*"

No files found.

========== folderfind ==========

Searching for "*mystart*"

No folders found.

Searching for "*Incredibar*"

No folders found.

========== regfind ==========

Searching for "mystart"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

"URL"="http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823009040180856"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

"DisplayName"="MyStart Search"

[HKEY_USERS\S-1-5-21-1498357684-707858033-1297323047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

"URL"="http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823009040180856"

[HKEY_USERS\S-1-5-21-1498357684-707858033-1297323047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

"DisplayName"="MyStart Search"

Searching for "Incredibar"

No data found.

-= EOF =-

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

    :Commands
    [reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Share this post


Link to post
Share on other sites

I wasn't sure where that logfile was, so I found this:

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 02182012_085904

I also ran a quick scan just in case that was the wrong one:

OTL logfile created on: 2/18/2012 9:05:19 AM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\owner\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 67.97% Memory free

5.21 Gb Paging File | 4.35 Gb Available in Paging File | 83.48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.51 Gb Total Space | 875.15 Gb Free Space | 93.95% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 08:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

PRC - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

PRC - [2012/01/22 09:15:16 | 003,735,680 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009/04/10 22:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2006/11/25 00:58:28 | 000,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe

PRC - [2006/11/25 00:58:26 | 000,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe

PRC - [2006/11/25 00:57:52 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe

PRC - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe

PRC - [2006/11/23 18:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2006/11/17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2006/11/12 20:35:08 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

PRC - [2006/11/08 21:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/17 18:11:29 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll

MOD - [2012/02/17 18:10:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll

MOD - [2012/02/17 18:09:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MOD - [2012/02/17 18:09:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012/02/17 18:07:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012/02/17 18:06:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MOD - [2012/02/17 18:06:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MOD - [2012/02/17 18:00:13 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2011/10/29 02:08:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2006/12/04 16:15:26 | 000,147,456 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\EmodeUI.dll

MOD - [2006/11/25 00:58:30 | 000,339,968 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLTinyDB.dll

MOD - [2006/11/25 00:58:12 | 000,237,662 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapEngine.dll

MOD - [2006/11/25 00:58:12 | 000,114,776 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSchMgr.dll

MOD - [2006/11/25 00:58:12 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvcps.dll

MOD - [2006/11/23 18:24:54 | 000,319,488 | ---- | M] () -- C:\Windows\System32\SysMonitor.exe

MOD - [2006/11/23 18:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2006/11/23 18:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2006/11/16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll

MOD - [2006/11/16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll

MOD - [2006/11/16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2006/11/12 20:35:10 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll

MOD - [2006/11/12 20:34:46 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll

MOD - [2006/11/12 20:34:46 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll

MOD - [2006/11/12 20:34:46 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll

MOD - [2006/11/12 20:34:44 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll

MOD - [2006/11/12 20:34:44 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/11/25 00:58:28 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006/11/25 00:58:26 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2006/11/12 20:35:08 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2008/06/19 23:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/12/18 00:17:52 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)

DRV - [2007/12/18 00:17:52 | 000,018,944 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)

DRV - [2007/12/18 00:17:50 | 000,360,448 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144)

DRV - [2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2006/11/02 02:36:43 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"

FF - prefs.js..browser.startup.homepage: "chrome://fvd.toolbar/content/fvd_about_blank.html"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/03 11:05:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/25 19:07:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files\FVD Suite\addons\Firefox [2012/01/22 08:47:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 23:26:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/13 11:28:16 | 000,000,000 | ---D | M]

[2011/09/25 19:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions

[2012/02/15 20:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions

[2012/02/03 15:51:40 | 000,000,000 | ---D | M] ("FVD Suite Addon") -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions\{9051303c-7e41-4311-a783-d6fe5ef2832d}

[2011/12/08 13:04:53 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\oiobwq55.default\extensions\superstart@enjoyfreeware(139).org

[2011/12/27 23:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OIOBWQ55.DEFAULT\EXTENSIONS\PAVEL.SHERBAKOV@GMAIL.COM.XPI

[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar\WebBrowser: (FVD Suite Toolbar) - {2B171655-A69C-5C18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [捁牥吠畯r] File not found

O4 - HKCU..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BCB8FA-2CB2-48EB-A4E4-582C1B4DAD43}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\owner\Pictures\TSN TRaDes.jpg

O24 - Desktop BackupWallPaper: C:\Users\owner\Pictures\TSN TRaDes.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 17:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/02/14 22:01:52 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\temp

[2012/02/14 21:55:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/02/13 17:15:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/02/13 17:15:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/02/13 17:15:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/02/13 17:15:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/02/13 17:14:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/13 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\how-to-use-combofix_files

[2012/02/13 17:10:40 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe

[2012/02/11 19:50:52 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\owner\Desktop\HijackThis.exe

[2012/02/11 12:40:40 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/02/11 08:45:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/02/10 18:27:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/02/10 16:14:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes

[2012/02/10 16:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/10 16:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/10 16:13:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/02/10 16:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/02/10 16:02:45 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/09 19:55:41 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Resume

[2012/01/28 20:46:25 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\Fish

[2012/01/22 08:48:40 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\FVD Suite

[2012/01/22 08:47:45 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FVDToolbar

[2012/01/22 08:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FVD Suite

[2012/01/22 08:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\FVD Suite

[2006/12/26 08:16:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2012/02/18 09:07:21 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/18 09:07:21 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/18 09:01:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/18 09:01:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/18 09:00:32 | 000,008,404 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

[2012/02/18 09:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/18 09:00:19 | 2683,887,616 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/17 18:56:27 | 000,139,264 | ---- | M] () -- C:\Users\owner\Desktop\SystemLook.exe

[2012/02/17 17:57:59 | 000,270,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/02/13 17:13:34 | 000,091,314 | ---- | M] () -- C:\Users\owner\Desktop\how-to-use-combofix.htm

[2012/02/13 17:10:52 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe

[2012/02/11 19:50:56 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\owner\Desktop\HijackThis.exe

[2012/02/11 08:46:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe

[2012/02/10 18:27:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.com

[2012/02/10 16:13:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 16:02:57 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/10 15:48:01 | 000,600,088 | ---- | M] () -- C:\Users\owner\Desktop\bookmarks10Feb2012.html

[2012/01/28 20:00:05 | 000,024,576 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/28 17:27:31 | 289,073,677 | ---- | M] () -- C:\Users\owner\Documents\TheReunion.2.flv

[2012/01/22 11:40:04 | 1005,241,645 | ---- | M] () -- C:\Users\owner\Documents\movie.1.flv.converted.wmv

[2012/01/22 08:47:46 | 000,000,839 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FVD Suite.lnk

========== Files Created - No Company Name ==========

[2012/02/17 18:56:24 | 000,139,264 | ---- | C] () -- C:\Users\owner\Desktop\SystemLook.exe

[2012/02/13 17:15:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/02/13 17:15:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/02/13 17:15:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/02/13 17:15:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/02/13 17:15:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/02/13 17:13:31 | 000,091,314 | ---- | C] () -- C:\Users\owner\Desktop\how-to-use-combofix.htm

[2012/02/10 16:13:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/10 15:48:01 | 000,600,088 | ---- | C] () -- C:\Users\owner\Desktop\bookmarks10Feb2012.html

[2012/01/28 17:20:47 | 289,073,677 | ---- | C] () -- C:\Users\owner\Documents\TheReunion.2.flv

[2012/01/22 10:35:32 | 1005,241,645 | ---- | C] () -- C:\Users\owner\Documents\movie.1.flv.converted.wmv

[2012/01/22 08:47:46 | 000,000,839 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FVD Suite.lnk

[2011/09/25 16:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/09/25 15:57:46 | 000,000,552 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d8caps.dat

[2011/09/19 14:27:10 | 000,008,404 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

[2011/09/14 17:23:55 | 000,024,576 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/08 12:08:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/07/08 12:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/07/08 12:06:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/07/07 16:28:14 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2011/07/07 16:28:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2006/12/26 08:17:01 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe

[2006/12/26 08:16:59 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll

[2006/12/26 08:12:36 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys

[2006/12/26 08:05:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe

[2006/12/26 07:36:38 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2006/12/26 06:41:20 | 000,000,700 | ---- | C] () -- C:\Windows\generic.ini

[2006/12/26 06:41:20 | 000,000,095 | ---- | C] () -- C:\Windows\Alaunch.ini

[2006/11/16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll

[2006/11/16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll

[2006/11/16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll

[2006/11/16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll

[2006/11/16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll

[2006/11/16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll

[2006/11/16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll

[2006/11/16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll

[2006/11/13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin

[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:44:53 | 000,270,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/07/07 16:38:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Acer

[2012/01/22 08:47:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FVDToolbar

[2011/07/07 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech

[2012/02/18 08:59:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.