Mantawa

Whitesmoke ETC...

25 posts in this topic

Hello, searches have been redirected to whitesmoke. Please help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by USER at 19:34:26 on 2012-03-01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1100 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Sendori\SendoriSvc.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Sendori\SendoriTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com/

uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: EpicPlay: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - EpicPlay

BHO: WBA F.C. Toolbar: {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - c:\program files\wba_f.c\prxtbWBA1.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: WBA F.C. Toolbar: {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - c:\program files\wba_f.c\prxtbWBA1.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sendor~1.lnk - c:\program files\sendori\SendoriTray.exe

uPolicies-explorer: NoActiveDesktop = 00000000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab

DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer = 216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146

TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : DhcpNameServer = 68.87.75.194 68.87.64.146

TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer = 216.146.35.240,216.146.36.240,10.0.0.1

TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : DhcpNameServer = 10.0.0.1

Filter: text/html - {27637b8f-784d-485c-8505-aa7e77eceff5} -

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\mozilla firefox 3 beta 3\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox 3 beta 3\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll

FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\npOGPPlugin.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-1-13 54760]

R2 Sendori;Sendori;c:\program files\sendori\SendoriSvc.exe [2011-12-1 98624]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

S2 Active Common Service;Active Common Service; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104]

S2 IWin service;IWin service; [x]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [2008-9-17 16512]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-8 133104]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-02-14 21:01:46 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 21:01:46 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-02-28 20:55:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-22 05:25:35 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys

2011-12-22 05:25:10 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-12-22 05:25:10 281656 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-12-19 01:11:40 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-12-19 00:41:17 138056 ----a-w- c:\documents and settings\user\application data\PnkBstrK.sys

2011-12-19 00:40:52 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 19:35:40.15 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 3/14/2006 6:33:22 PM

System Uptime: 2/29/2012 3:41:44 PM (28 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | A8N-E

Processor: Dual Core AMD Opteron Processor 165 | Socket 939 | 1809/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 107 GiB total, 5.43 GiB free.

D: is FIXED (NTFS) - 5 GiB total, 2.929 GiB free.

E: is FIXED (NTFS) - 112 GiB total, 29.996 GiB free.

F: is CDROM (UDF)

H: is CDROM (UDF)

I: is Removable

J: is Removable

K: is Removable

L: is Removable

N: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Motorola USB Modem

Device ID: ROOT\MODEM\0001

Manufacturer: Motorola

Name: Motorola USB Modem #2

PNP Device ID: ROOT\MODEM\0001

Service: Modem

.

==== System Restore Points ===================

.

RP515: 2/17/2012 3:50:13 PM - System Checkpoint

RP516: 2/17/2012 6:04:22 PM - Software Distribution Service 3.0

RP517: 2/18/2012 8:38:16 PM - System Checkpoint

RP518: 2/18/2012 9:27:43 PM - Software Distribution Service 3.0

RP519: 2/20/2012 1:20:46 PM - System Checkpoint

RP520: 2/24/2012 4:14:45 PM - System Checkpoint

RP521: 2/27/2012 4:19:50 PM - System Checkpoint

RP522: 2/28/2012 6:32:31 PM - System Checkpoint

RP523: 2/29/2012 6:47:05 PM - System Checkpoint

RP524: 3/1/2012 6:54:29 PM - System Checkpoint

.

==== Installed Programs ======================

.

3rd Grade

7-Zip 9.15 beta

7-Zip 9.20

Acrobat.com

Acronis True Image

Across Lite 2.0

Adobe Acrobat Connect Add-in

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11

Alliance of Valiant Arms

Amazon MP3 Downloader 1.0.10

AMD Processor Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Panorama Maker 5

AsusUpdate

Audacity 1.2.6

AVG 2012

AVG PC Tuneup 2011

AVG Security Toolbar

AVS Video Converter 6

AVS4YOU Software Navigator 1.2

Battlefield: Bad Company™ 2

BeerSmith 2

BetterLinks v1.0.7 (remove only)

Bing Bar

BitPim 1.0.5

BitTorrent

Bonjour

Brother HL-5250DN

Canon CanoScan LiDE 200 User Registration

Canon MP Navigator EX 2.0

Canon Utilities Solution Menu

CanoScan LiDE 200 Scanner Driver

CCleaner (remove only)

CDBurnerXP

Chinese Traditional Fonts Support For Adobe Reader 9

Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2

Community Smartbar

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 2.2.3.258

ConvertXtoDVD 3.2.1.55b

COSMOSMotion 2007 SP0

COSMOSWorks 2007 SP0

Coupon Printer for Windows

Creative NOMAD II Driver

Data Lifeguard Tools

DivX User Guide

DNA

DWGeditor

EA Download Manager

eDrawings 2007

EpicPlay

ESET Online Scanner v3

EVGA Display Driver

Freelang Dictionary (wordlist)

Fritz8

Garmin Communicator Plugin

Garmin Training Center

Garmin USB Drivers

Garmin WebUpdater

getPlus® for Adobe

GIMP 2.6.5

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

HammerHead Rhythm Station

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hugin 2009.4.0

ICS Viewer 6.0

iLivid

InfraRecorder

InstallIQ Updater

ISO Recorder

Itibiti RTC

iTunes

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 26

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Junk Mail filter update

Killing Floor

Korean Fonts Support For Adobe Reader 9

LAME v3.98.2 for Audacity

LiveUpdate 1.80 (Symantec Corporation)

Machinehead GearCalc Pro (32 bit)

Magic ISO Maker v5.3 (build 0221)

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE Redistributable

Microsoft Image Composite Editor

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.3

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher 2007

Microsoft Office Publisher 2007 Trial

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Virtual PC 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

mobile PhoneTools

MotionBased Agent

Motorola Driver Installation 3.4.0

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser (KB933579)

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA nTune

NVIDIA nView Desktop Manager

NVIDIA PhysX

NvMixer

oggcodecs 0.71.0946

OpenOffice.org Installer 1.0

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

PrimoPDF

ProMash

PunkBuster Services

QuickTime

QuickTime Alternative 1.69

R for Windows 2.5.1

RD 2.12

RealPlayer

RealUpgrade 1.0

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Segoe UI

Sendori

Skype Toolbars

Skype™ 4.2

SolidWorks 2007 SP0

SolidWorks Explorer 2007 sp0

SolidWorks Installation Manager

SopCast 3.2.9

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Spybot - Search & Destroy

SpywareBlaster 4.2

StartNow Toolbar

Steam

Terraria

Tina 9 - TI

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Type to Learn 3

Uniblue RegistryBooster 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2007 System (KB2539530)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Veetle TV 0.9.18

Vista Codec Package

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

vShare Plugin

WBA F.C. Toolbar

WebFldrs XP

WinAVR 20060125 (remove only)

Windows Defender

Windows Defender Signatures

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Energy Blue Theme Pack

Windows XP Service Pack 3

WinRAR archiver

Xfire (remove only)

XP Codec Pack

Xvid 1.2.2 final uninstall

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

2/29/2012 3:48:36 PM, error: Dhcp [1002] - The IP address lease 10.0.0.7 for the Network Card with network address 0015F2170C12 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

2/24/2012 3:47:53 PM, error: Service Control Manager [7000] - The IWin service service failed to start due to the following error: The system cannot find the path specified.

2/24/2012 3:47:53 PM, error: Service Control Manager [7000] - The Active Common Service service failed to start due to the following error: The system cannot find the path specified.

.

==== End Of File ===========================

attach.txt

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

RogueKiller V7.2.1 [02/29/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: USER [Admin rights]

Mode: Scan -- Date: 03/02/2012 07:38:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer (216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer (216.146.35.240,216.146.36.240,10.0.0.1) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B} : NameServer (216.146.35.240,216.146.36.240,68.87.75.194,68.87.64.146) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F} : NameServer (216.146.35.240,216.146.36.240,10.0.0.1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 q4master.idsoftware.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200JB-00GVC0 +++++

--- User ---

[MBR] 97963ef3f656d259546cad511a0a4a93

[bSP] 6690b7f2349dcd31654070523c6ae2cb : Standard MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: ST3120813AS +++++

--- User ---

[MBR] e07f402554cacc36ec55344db85a7095

[bSP] a28e25268ab44ce7c41c5bf9272a0ab5 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 109348 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 223946100 | Size: 5122 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

I would like to see if this program detects WhiteSmoke as a test.

Please do this for me:

Download and unzip to a folder > Toolbarcop from the link below:

http://www.snapfiles.com/php/download.php?id=107693&a=7121782&tag=601108&loc=10

Double click on the Toolbarcop icon to run it.

Go to Tools > click Scan for search bars

After the scan is done > click Main > Select All > Copy to clipboard

Paste it into notepad and attach it to your next reply.

--------------------------

I want to check for any rootkits.......

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

21:06:21.0875 2672 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

21:06:22.0171 2672 ============================================================

21:06:22.0171 2672 Current date / time: 2012/03/02 21:06:22.0171

21:06:22.0171 2672 SystemInfo:

21:06:22.0171 2672

21:06:22.0171 2672 OS Version: 5.1.2600 ServicePack: 3.0

21:06:22.0171 2672 Product type: Workstation

21:06:22.0171 2672 ComputerName: OPTERON

21:06:22.0171 2672 UserName: USER

21:06:22.0171 2672 Windows directory: C:\WINDOWS

21:06:22.0171 2672 System windows directory: C:\WINDOWS

21:06:22.0171 2672 Processor architecture: Intel x86

21:06:22.0171 2672 Number of processors: 2

21:06:22.0171 2672 Page size: 0x1000

21:06:22.0171 2672 Boot type: Normal boot

21:06:22.0171 2672 ============================================================

21:06:22.0843 2672 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:06:22.0875 2672 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:06:22.0921 2672 \Device\Harddisk0\DR0:

21:06:22.0921 2672 MBR used

21:06:22.0921 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782

21:06:22.0921 2672 \Device\Harddisk1\DR1:

21:06:22.0921 2672 MBR used

21:06:22.0921 2672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD592535

21:06:22.0937 2672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xD592574, BlocksNum 0xA0124D

21:06:23.0093 2672 Initialize success

21:06:23.0093 2672 ============================================================

21:06:28.0250 3076 ============================================================

21:06:28.0250 3076 Scan started

21:06:28.0250 3076 Mode: Manual; SigCheck; TDLFS;

21:06:28.0250 3076 ============================================================

21:06:28.0406 3076 Abiosdsk - ok

21:06:28.0421 3076 abp480n5 - ok

21:06:28.0453 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:06:28.0812 3076 ACPI - ok

21:06:28.0921 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:06:29.0062 3076 ACPIEC - ok

21:06:29.0078 3076 adpu160m - ok

21:06:29.0109 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:06:29.0250 3076 aec - ok

21:06:29.0281 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:06:29.0328 3076 AFD - ok

21:06:29.0328 3076 Aha154x - ok

21:06:29.0343 3076 aic78u2 - ok

21:06:29.0343 3076 aic78xx - ok

21:06:29.0468 3076 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

21:06:29.0609 3076 ALCXWDM - ok

21:06:29.0625 3076 AliIde - ok

21:06:29.0656 3076 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

21:06:29.0687 3076 AmdK8 - ok

21:06:29.0718 3076 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

21:06:29.0734 3076 AmdPPM - ok

21:06:29.0750 3076 amsint - ok

21:06:29.0765 3076 asc - ok

21:06:29.0765 3076 asc3350p - ok

21:06:29.0781 3076 asc3550 - ok

21:06:29.0828 3076 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys

21:06:29.0828 3076 ASPI ( UnsignedFile.Multi.Generic ) - warning

21:06:29.0828 3076 ASPI - detected UnsignedFile.Multi.Generic (1)

21:06:29.0859 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:06:29.0984 3076 AsyncMac - ok

21:06:30.0000 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:06:30.0125 3076 atapi - ok

21:06:30.0125 3076 Atdisk - ok

21:06:30.0171 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:06:30.0296 3076 Atmarpc - ok

21:06:30.0343 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:06:30.0484 3076 audstub - ok

21:06:30.0531 3076 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

21:06:30.0562 3076 AVGIDSDriver - ok

21:06:30.0593 3076 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

21:06:30.0593 3076 AVGIDSEH - ok

21:06:30.0640 3076 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

21:06:30.0640 3076 AVGIDSFilter - ok

21:06:30.0671 3076 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

21:06:30.0687 3076 AVGIDSShim - ok

21:06:30.0718 3076 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

21:06:30.0734 3076 Avgldx86 - ok

21:06:30.0734 3076 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

21:06:30.0750 3076 Avgmfx86 - ok

21:06:30.0750 3076 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

21:06:30.0765 3076 Avgrkx86 - ok

21:06:30.0796 3076 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

21:06:30.0812 3076 Avgtdix - ok

21:06:30.0859 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:06:31.0000 3076 Beep - ok

21:06:31.0046 3076 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

21:06:31.0062 3076 BrPar ( UnsignedFile.Multi.Generic ) - warning

21:06:31.0062 3076 BrPar - detected UnsignedFile.Multi.Generic (1)

21:06:31.0093 3076 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

21:06:31.0109 3076 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

21:06:31.0109 3076 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)

21:06:31.0156 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:06:31.0296 3076 cbidf2k - ok

21:06:31.0312 3076 cd20xrnt - ok

21:06:31.0328 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:06:31.0484 3076 Cdaudio - ok

21:06:31.0515 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:06:31.0656 3076 Cdfs - ok

21:06:31.0671 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:06:31.0812 3076 Cdrom - ok

21:06:31.0859 3076 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys

21:06:31.0984 3076 Changer - ok

21:06:32.0000 3076 CmdIde - ok

21:06:32.0031 3076 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

21:06:32.0156 3076 Compbatt - ok

21:06:32.0171 3076 Cpqarray - ok

21:06:32.0187 3076 dac2w2k - ok

21:06:32.0203 3076 dac960nt - ok

21:06:32.0234 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:06:32.0359 3076 Disk - ok

21:06:32.0421 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:06:32.0593 3076 dmboot - ok

21:06:32.0625 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:06:32.0765 3076 dmio - ok

21:06:32.0781 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:06:32.0906 3076 dmload - ok

21:06:32.0937 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:06:33.0062 3076 DMusic - ok

21:06:33.0078 3076 dpti2o - ok

21:06:33.0093 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:06:33.0218 3076 drmkaud - ok

21:06:33.0234 3076 EagleNT - ok

21:06:33.0265 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:06:33.0390 3076 Fastfat - ok

21:06:33.0421 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:06:33.0562 3076 Fdc - ok

21:06:33.0578 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:06:33.0718 3076 Fips - ok

21:06:33.0734 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:06:33.0875 3076 Flpydisk - ok

21:06:33.0906 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:06:34.0031 3076 FltMgr - ok

21:06:34.0062 3076 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

21:06:34.0078 3076 fssfltr - ok

21:06:34.0109 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:06:34.0265 3076 Fs_Rec - ok

21:06:34.0281 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:06:34.0421 3076 Ftdisk - ok

21:06:34.0453 3076 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

21:06:34.0578 3076 gameenum - ok

21:06:34.0609 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:06:34.0625 3076 GEARAspiWDM - ok

21:06:34.0640 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:06:34.0765 3076 Gpc - ok

21:06:34.0796 3076 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

21:06:34.0828 3076 grmnusb - ok

21:06:34.0906 3076 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys

21:06:34.0968 3076 Hardlock - ok

21:06:35.0015 3076 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys

21:06:35.0156 3076 HidBatt - ok

21:06:35.0171 3076 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:06:35.0328 3076 hidusb - ok

21:06:35.0343 3076 hpn - ok

21:06:35.0375 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:06:35.0406 3076 HTTP - ok

21:06:35.0437 3076 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

21:06:35.0578 3076 i2omgmt - ok

21:06:35.0609 3076 i2omp - ok

21:06:35.0656 3076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:06:35.0796 3076 i8042prt - ok

21:06:35.0875 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:06:36.0000 3076 Imapi - ok

21:06:36.0031 3076 ini910u - ok

21:06:36.0031 3076 IntelIde - ok

21:06:36.0078 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:06:36.0203 3076 Ip6Fw - ok

21:06:36.0250 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:06:36.0390 3076 IpFilterDriver - ok

21:06:36.0437 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:06:36.0578 3076 IpInIp - ok

21:06:36.0609 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:06:36.0718 3076 IpNat - ok

21:06:36.0750 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:06:36.0890 3076 IPSec - ok

21:06:36.0906 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:06:37.0031 3076 IRENUM - ok

21:06:37.0046 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:06:37.0187 3076 isapnp - ok

21:06:37.0203 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:06:37.0343 3076 Kbdclass - ok

21:06:37.0359 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:06:37.0484 3076 kbdhid - ok

21:06:37.0515 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:06:37.0640 3076 kmixer - ok

21:06:37.0671 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:06:37.0718 3076 KSecDD - ok

21:06:37.0765 3076 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys

21:06:37.0875 3076 lbrtfdc - ok

21:06:37.0921 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:06:38.0078 3076 mnmdd - ok

21:06:38.0109 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:06:38.0250 3076 Modem - ok

21:06:38.0281 3076 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

21:06:38.0312 3076 motmodem - ok

21:06:38.0343 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:06:38.0468 3076 Mouclass - ok

21:06:38.0515 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:06:38.0656 3076 mouhid - ok

21:06:38.0671 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:06:38.0812 3076 MountMgr - ok

21:06:38.0812 3076 mraid35x - ok

21:06:38.0828 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:06:38.0968 3076 MRxDAV - ok

21:06:39.0015 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:06:39.0031 3076 MRxSmb - ok

21:06:39.0078 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:06:39.0203 3076 Msfs - ok

21:06:39.0218 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:06:39.0343 3076 MSKSSRV - ok

21:06:39.0343 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:06:39.0484 3076 MSPCLOCK - ok

21:06:39.0484 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:06:39.0609 3076 MSPQM - ok

21:06:39.0640 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:06:39.0781 3076 mssmbios - ok

21:06:39.0812 3076 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

21:06:39.0968 3076 ms_mpu401 - ok

21:06:40.0000 3076 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

21:06:40.0015 3076 MTsensor - ok

21:06:40.0062 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:06:40.0078 3076 Mup - ok

21:06:40.0125 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:06:40.0250 3076 NDIS - ok

21:06:40.0281 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:06:40.0312 3076 NdisTapi - ok

21:06:40.0328 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:06:40.0484 3076 Ndisuio - ok

21:06:40.0515 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:06:40.0656 3076 NdisWan - ok

21:06:40.0687 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:06:40.0718 3076 NDProxy - ok

21:06:40.0750 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:06:40.0875 3076 NetBIOS - ok

21:06:40.0906 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:06:41.0015 3076 NetBT - ok

21:06:41.0046 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:06:41.0187 3076 Npfs - ok

21:06:41.0218 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:06:41.0375 3076 Ntfs - ok

21:06:41.0406 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:06:41.0562 3076 Null - ok

21:06:41.0953 3076 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:06:42.0359 3076 nv - ok

21:06:42.0390 3076 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys

21:06:42.0406 3076 nvata - ok

21:06:42.0468 3076 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys

21:06:42.0500 3076 nvax - ok

21:06:42.0531 3076 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

21:06:42.0546 3076 NVENETFD - ok

21:06:42.0562 3076 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

21:06:42.0593 3076 nvnetbus - ok

21:06:42.0625 3076 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys

21:06:42.0656 3076 nvnforce - ok

21:06:42.0671 3076 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys

21:06:42.0687 3076 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning

21:06:42.0687 3076 NVR0Dev - detected UnsignedFile.Multi.Generic (1)

21:06:42.0734 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:06:42.0890 3076 NwlnkFlt - ok

21:06:42.0890 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:06:43.0031 3076 NwlnkFwd - ok

21:06:43.0078 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:06:43.0218 3076 Parport - ok

21:06:43.0234 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:06:43.0359 3076 PartMgr - ok

21:06:43.0406 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:06:43.0562 3076 ParVdm - ok

21:06:43.0578 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:06:43.0703 3076 PCI - ok

21:06:43.0718 3076 PCIDump - ok

21:06:43.0765 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

21:06:43.0906 3076 PCIIde - ok

21:06:43.0937 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:06:44.0046 3076 Pcmcia - ok

21:06:44.0078 3076 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

21:06:44.0078 3076 pcouffin ( UnsignedFile.Multi.Generic ) - warning

21:06:44.0078 3076 pcouffin - detected UnsignedFile.Multi.Generic (1)

21:06:44.0093 3076 PDCOMP - ok

21:06:44.0093 3076 PDFRAME - ok

21:06:44.0109 3076 PDRELI - ok

21:06:44.0125 3076 PDRFRAME - ok

21:06:44.0125 3076 perc2 - ok

21:06:44.0140 3076 perc2hib - ok

21:06:44.0187 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:06:44.0312 3076 PptpMiniport - ok

21:06:44.0359 3076 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys

21:06:44.0375 3076 PRISM_A02 - ok

21:06:44.0406 3076 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

21:06:44.0531 3076 Processor - ok

21:06:44.0546 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:06:44.0703 3076 Ptilink - ok

21:06:44.0718 3076 ql1080 - ok

21:06:44.0718 3076 Ql10wnt - ok

21:06:44.0734 3076 ql12160 - ok

21:06:44.0750 3076 ql1240 - ok

21:06:44.0750 3076 ql1280 - ok

21:06:44.0781 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:06:44.0937 3076 RasAcd - ok

21:06:44.0968 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:06:45.0093 3076 Rasl2tp - ok

21:06:45.0125 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:06:45.0250 3076 RasPppoe - ok

21:06:45.0265 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:06:45.0406 3076 Raspti - ok

21:06:45.0437 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:06:45.0593 3076 Rdbss - ok

21:06:45.0609 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:06:45.0765 3076 RDPCDD - ok

21:06:45.0796 3076 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:06:45.0828 3076 RDPWD - ok

21:06:45.0875 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:06:46.0015 3076 redbook - ok

21:06:46.0046 3076 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

21:06:46.0203 3076 ROOTMODEM - ok

21:06:46.0218 3076 SDDMI2 - ok

21:06:46.0265 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:06:46.0390 3076 Secdrv - ok

21:06:46.0421 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:06:46.0562 3076 serenum - ok

21:06:46.0578 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:06:46.0718 3076 Serial - ok

21:06:46.0750 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:06:46.0875 3076 Sfloppy - ok

21:06:46.0890 3076 Simbad - ok

21:06:46.0937 3076 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys

21:06:46.0953 3076 snapman ( UnsignedFile.Multi.Generic ) - warning

21:06:46.0953 3076 snapman - detected UnsignedFile.Multi.Generic (1)

21:06:46.0968 3076 Sparrow - ok

21:06:46.0984 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:06:47.0093 3076 splitter - ok

21:06:47.0140 3076 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

21:06:47.0140 3076 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

21:06:47.0140 3076 sptd ( LockedFile.Multi.Generic ) - warning

21:06:47.0140 3076 sptd - detected LockedFile.Multi.Generic (1)

21:06:47.0156 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:06:47.0281 3076 sr - ok

21:06:47.0328 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:06:47.0359 3076 Srv - ok

21:06:47.0406 3076 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys

21:06:47.0437 3076 StarOpen ( UnsignedFile.Multi.Generic ) - warning

21:06:47.0437 3076 StarOpen - detected UnsignedFile.Multi.Generic (1)

21:06:47.0468 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:06:47.0562 3076 swenum - ok

21:06:47.0625 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:06:47.0750 3076 swmidi - ok

21:06:47.0765 3076 symc810 - ok

21:06:47.0765 3076 symc8xx - ok

21:06:47.0781 3076 SYMIDSCO - ok

21:06:47.0796 3076 sym_hi - ok

21:06:47.0796 3076 sym_u3 - ok

21:06:47.0828 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:06:47.0953 3076 sysaudio - ok

21:06:48.0000 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:06:48.0015 3076 Tcpip - ok

21:06:48.0046 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:06:48.0171 3076 TDPIPE - ok

21:06:48.0203 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:06:48.0328 3076 TDTCP - ok

21:06:48.0343 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:06:48.0484 3076 TermDD - ok

21:06:48.0531 3076 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

21:06:48.0531 3076 tifsfilter ( UnsignedFile.Multi.Generic ) - warning

21:06:48.0546 3076 tifsfilter - detected UnsignedFile.Multi.Generic (1)

21:06:48.0562 3076 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys

21:06:48.0609 3076 timounter ( UnsignedFile.Multi.Generic ) - warning

21:06:48.0609 3076 timounter - detected UnsignedFile.Multi.Generic (1)

21:06:48.0625 3076 TosIde - ok

21:06:48.0671 3076 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

21:06:48.0796 3076 tunmp - ok

21:06:48.0828 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:06:48.0953 3076 Udfs - ok

21:06:48.0953 3076 ultra - ok

21:06:48.0984 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:06:49.0125 3076 Update - ok

21:06:49.0171 3076 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:06:49.0187 3076 USBAAPL - ok

21:06:49.0218 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:06:49.0359 3076 usbccgp - ok

21:06:49.0406 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:06:49.0515 3076 usbehci - ok

21:06:49.0546 3076 UsbFltr (ca349e24ecde0e0005dac5a2dc9931a2) C:\WINDOWS\system32\drivers\copperhd.sys

21:06:49.0578 3076 UsbFltr - ok

21:06:49.0609 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:06:49.0734 3076 usbhub - ok

21:06:49.0765 3076 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

21:06:49.0890 3076 usbohci - ok

21:06:49.0921 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:06:50.0062 3076 usbprint - ok

21:06:50.0093 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:06:50.0218 3076 usbscan - ok

21:06:50.0250 3076 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

21:06:50.0375 3076 usbser - ok

21:06:50.0406 3076 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:06:50.0531 3076 usbstor - ok

21:06:50.0546 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:06:50.0671 3076 VgaSave - ok

21:06:50.0687 3076 ViaIde - ok

21:06:50.0750 3076 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys

21:06:50.0765 3076 vmm - ok

21:06:50.0812 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:06:50.0921 3076 VolSnap - ok

21:06:50.0984 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:06:51.0109 3076 Wanarp - ok

21:06:51.0156 3076 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:06:51.0187 3076 Wdf01000 - ok

21:06:51.0187 3076 WDICA - ok

21:06:51.0218 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:06:51.0343 3076 wdmaud - ok

21:06:51.0375 3076 WinDriver6 - ok

21:06:51.0437 3076 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:06:51.0468 3076 WpdUsb - ok

21:06:51.0515 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:06:51.0546 3076 WudfPf - ok

21:06:51.0562 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:06:51.0578 3076 WudfRd - ok

21:06:51.0625 3076 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0

21:06:55.0593 3076 \Device\Harddisk0\DR0 - ok

21:06:55.0609 3076 MBR (0x1B8) (a17ff5c6092cc5fe1d7c1862c9edab97) \Device\Harddisk1\DR1

21:06:55.0750 3076 \Device\Harddisk1\DR1 - ok

21:06:55.0765 3076 Boot (0x1200) (840762bebb355162130de35f2fccda36) \Device\Harddisk0\DR0\Partition0

21:06:55.0765 3076 \Device\Harddisk0\DR0\Partition0 - ok

21:06:55.0765 3076 Boot (0x1200) (0206517a0de520faf75bcd7ed78d3ab1) \Device\Harddisk1\DR1\Partition0

21:06:55.0765 3076 \Device\Harddisk1\DR1\Partition0 - ok

21:06:55.0781 3076 Boot (0x1200) (babe80a7dae192a52f67c7240513b59b) \Device\Harddisk1\DR1\Partition1

21:06:55.0781 3076 \Device\Harddisk1\DR1\Partition1 - ok

21:06:55.0781 3076 ============================================================

21:06:55.0781 3076 Scan finished

21:06:55.0781 3076 ============================================================

21:06:55.0890 2472 Detected object count: 10

21:06:55.0890 2472 Actual detected object count: 10

21:06:59.0531 2472 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0531 2472 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0531 2472 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0531 2472 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0531 2472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0531 2472 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0531 2472 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0531 2472 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0531 2472 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0531 2472 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0531 2472 snapman ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0531 2472 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0546 2472 sptd ( LockedFile.Multi.Generic ) - skipped by user

21:06:59.0546 2472 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

21:06:59.0546 2472 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0546 2472 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0546 2472 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0546 2472 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:06:59.0546 2472 timounter ( UnsignedFile.Multi.Generic ) - skipped by user

21:06:59.0546 2472 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:07:02.0656 3268 Deinitialize success

Share this post


Link to post
Share on other sites

Sorry, I missed that.

Just ran it...here it is.

----------------------------------------

Blog This

Browser Extension

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

Enabled

All Users

----------------------------------------

Skype add-on for Internet Explorer

Browser Extension

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Enabled

All Users

----------------------------------------

Research

Browser Extension

{92780B25-18CC-41C8-B9BE-3C9C571A8263}

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

Enabled

All Users

----------------------------------------

n/a

Browser Extension

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Enabled

All Users

----------------------------------------

n/a

Browser Extension

{E2E2DD38-D088-4134-82B7-F2BA38496583}

%windir%\Network Diagnostic\xpnetdiag.exe

Enabled

All Users

----------------------------------------

Messenger

Browser Extension

{FB5F1910-F110-11D2-BB9E-00C04F795683}

C:\Program Files\Messenger\msmsgs.exe

Enabled

All Users

----------------------------------------

&Address

Toolbar

{01E04581-4EEE-11D0-BFE9-00AA005B4383}

%SystemRoot%\system32\browseui.dll

Enabled

Current User

----------------------------------------

&Links

Toolbar

{0E5CBF21-D15F-11D0-8301-00AA005B4383}

%SystemRoot%\system32\SHELL32.dll

Enabled

Current User

----------------------------------------

(Empty)

Toolbar

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

(empty)

Enabled

Current User

----------------------------------------

Google Toolbar

Toolbar

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Enabled

Current User

----------------------------------------

WBA F.C. Toolbar

Toolbar

{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}

C:\Program Files\WBA_F.C\prxtbWBA1.dll

Enabled

Current User

----------------------------------------

(Empty)

Toolbar

{D4027C7F-154A-4066-A1AD-4243D8127440}

(empty)

Enabled

Current User

----------------------------------------

(Empty)

Toolbar

{21FA44EF-376D-4D53-9B0F-8A89D3229068}

(empty)

Enabled

Current User

----------------------------------------

(Empty)

Toolbar

{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

(empty)

Enabled

Current User

----------------------------------------

WBA F.C. Toolbar

Toolbar

{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}

C:\Program Files\WBA_F.C\prxtbWBA1.dll

Enabled

All Users

----------------------------------------

Bing Bar

Toolbar

{8DCB7100-DF86-4384-8842-8FA844297B3F}

"C:\Program Files\Microsoft\BingBar\BingExt.dll"

Enabled

All Users

----------------------------------------

AVG Security Toolbar

Toolbar

{95B7759C-8C7F-4BF1-B163-73684A933233}

C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

Enabled

All Users

----------------------------------------

StartNow Toolbar

Toolbar

{5911488E-9D1E-40EC-8CBB-06B231CC153F}

C:\Program Files\StartNow Toolbar\Toolbar32.dll

Enabled

All Users

----------------------------------------

Google Toolbar

Toolbar

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Enabled

All Users

----------------------------------------

(Empty)

BHO

{02478D38-C3F9-4EFB-9B51-7695ECA05670}

(empty)

Enabled

All Users

----------------------------------------

Adobe PDF Link Helper

BHO

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Enabled

All Users

----------------------------------------

AVG Safe Search

BHO

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

C:\Program Files\AVG\AVG2012\avgssie.dll

Enabled

All Users

----------------------------------------

Spybot-S&D IE Protection

BHO

{53707962-6F74-2D53-2644-206D7942484F}

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Enabled

All Users

----------------------------------------

EpicPlay

BHO

{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}

(empty)

Enabled

All Users

----------------------------------------

WBA F.C. Toolbar

BHO

{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}

C:\Program Files\WBA_F.C\prxtbWBA1.dll

Enabled

All Users

----------------------------------------

StartNow Toolbar Helper

BHO

{6E13D095-45C3-4271-9475-F3B48227DD9F}

C:\Program Files\StartNow Toolbar\Toolbar32.dll

Enabled

All Users

----------------------------------------

Windows Live ID Sign-in Helper

BHO

{9030D464-4C02-4ABF-8ECC-5164760863C6}

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Enabled

All Users

----------------------------------------

AVG Security Toolbar

BHO

{95B7759C-8C7F-4BF1-B163-73684A933233}

C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

Enabled

All Users

----------------------------------------

Google Toolbar Helper

BHO

{AA58ED58-01DD-4D91-8333-CF10577473F7}

C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Enabled

All Users

----------------------------------------

Skype add-on for Internet Explorer

BHO

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Enabled

All Users

----------------------------------------

Google Toolbar Notifier BHO

BHO

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

Enabled

All Users

----------------------------------------

Bing Bar Helper

BHO

{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

"C:\Program Files\Microsoft\BingBar\BingExt.dll"

Enabled

All Users

----------------------------------------

WeCareReminder Class

BHO

{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll

Enabled

All Users

----------------------------------------

Java Plug-In 2 SSV Helper

BHO

{DBC80044-A445-435B-BC74-9C25C1C588A9}

C:\Program Files\Java\jre6\bin\jp2ssv.dll

Enabled

All Users

----------------------------------------

JQSIEStartDetectorImpl Class

BHO

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Enabled

All Users

----------------------------------------

E&xport to Microsoft Excel

Menu Extension

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Enabled

Current User

----------------------------------------

Google Sidewiki...

Menu Extension

res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Enabled

Current User

----------------------------------------

swg

Run - Startup

"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Enabled

Current User

----------------------------------------

Google Update

Run - Startup

"C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

Enabled

Current User

----------------------------------------

NvMediaCenter

Run - Startup

RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Enabled

All Users

----------------------------------------

NvCplDaemon

Run - Startup

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Enabled

All Users

----------------------------------------

QuickTime Task

Run - Startup

"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

Enabled

All Users

----------------------------------------

iTunesHelper

Run - Startup

"C:\Program Files\iTunes\iTunesHelper.exe"

Enabled

All Users

----------------------------------------

AVG_TRAY

Run - Startup

"C:\Program Files\AVG\AVG2012\avgtray.exe"

Enabled

All Users

----------------------------------------

Adobe ARM

Run - Startup

"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Enabled

All Users

----------------------------------------

SunJavaUpdateSched

Run - Startup

"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Enabled

All Users

----------------------------------------

vProt

Run - Startup

"C:\Program Files\AVG Secure Search\vprot.exe"

Enabled

All Users

----------------------------------------

ROC_roc_dec12

Run - Startup

"C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

Enabled

All Users

----------------------------------------

IE Search Band

Explorer Bar - Vertical

{30D02401-6A81-11D0-8274-00C04FD5AE38}

C:\WINDOWS\system32\ieframe.dll

Enabled

All Users

----------------------------------------

&Tip of the Day

Explorer Bar - Horizontal

{4D5C8C25-D075-11D0-B416-00C04FB90376}

%SystemRoot%\system32\shdocvw.dll

Enabled

All Users

----------------------------------------

&Discuss

Explorer Bar - Horizontal

{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}

shdocvw.dll

Enabled

All Users

----------------------------------------

File Search Explorer Band

Explorer Bar - Vertical

{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

%SystemRoot%\system32\SHELL32.dll

Enabled

All Users

----------------------------------------

Favorites Band

Explorer Bar - Vertical

{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

%SystemRoot%\system32\shdocvw.dll

Enabled

All Users

----------------------------------------

History Band

Explorer Bar - Vertical

{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

%SystemRoot%\system32\shdocvw.dll

Enabled

All Users

----------------------------------------

Explorer Band

Explorer Bar - Vertical

{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

%SystemRoot%\system32\shdocvw.dll

Enabled

All Users

----------------------------------------

&Research

Explorer Bar - Vertical

{FF059E31-CC5A-4E2E-BF3B-96E929D65503}

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

Enabled

All Users

Share this post


Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-03-04.01 - USER 03/04/2012 14:24:07.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1491 [GMT -5:00]

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\USER\Application Data\inst.exe

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\searchplugins\bing-zugo.xml

c:\documents and settings\USER\Application Data\vso_ts_preview.xml

c:\documents and settings\USER\WINDOWS

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\program files\Shared

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\ReactivateFF.exe

c:\program files\StartNow Toolbar\ReactivateIE.exe

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files\StartNow Toolbar\Toolbar32.dll

c:\program files\StartNow Toolbar\ToolbarBroker.exe

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files\StartNow Toolbar\uninstall.dat

C:\Thumbs.db

c:\windows\desktop

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\Cache

c:\windows\system32\Cache\0be03d606b8b1fa0.fb

c:\windows\system32\Cache\240a1c1a5ab80f73.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\826ee1bafdf9f937.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ACTIVE_COMMON_SERVICE

-------\Legacy_IWIN_SERVICE

-------\Service_Active Common Service

-------\Service_IWin service

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))

.

.

2012-03-04 19:32 . 2012-03-04 19:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-03-04 19:32 . 2012-03-04 19:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-03-04 19:32 . 2012-03-04 19:32 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-03-04 19:32 . 2012-03-04 19:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-03-04 19:32 . 2012-03-04 19:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-03-04 19:32 . 2012-03-04 19:32 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-03-04 19:32 . 2012-03-04 19:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-03-04 19:32 . 2012-03-04 19:32 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-03-04 19:31 . 2012-03-04 19:31 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-03-04 19:31 . 2012-03-04 19:31 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-03-04 19:31 . 2012-03-04 19:31 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-03-04 19:31 . 2012-03-04 19:31 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-03-04 19:31 . 2012-03-04 19:31 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-03-04 19:31 . 2012-03-04 19:31 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-03-04 19:31 . 2012-03-04 19:31 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-03-04 19:31 . 2012-03-04 19:31 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-03-04 19:31 . 2012-03-04 19:31 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2012-02-14 21:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 21:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-28 20:55 . 2011-05-30 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53 . 2004-08-04 04:17 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-22 05:25 . 2008-07-24 13:51 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys

2011-12-22 05:25 . 2009-10-06 23:11 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-12-22 05:25 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-12-19 01:11 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-12-19 00:41 . 2010-06-19 00:54 138056 ----a-w- c:\documents and settings\USER\Application Data\PnkBstrK.sys

2011-12-19 00:40 . 2008-07-24 13:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-12-17 19:46 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-17 19:46 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-16 12:22 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 20:24 . 2010-05-15 01:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]

2011-05-09 09:49 176936 ----a-w- c:\program files\WBA_F.C\prxtbWBA1.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-18 12:14 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Sendori Tray Icon.lnk - c:\program files\Sendori\SendoriTray.exe [2011-12-1 76096]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2005-12-27 15:32 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-10-07 10:17 323392 ----a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-02 07:11 136176 ----atw- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade]

2008-11-03 00:44 495616 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]

2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 23:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]

2004-12-20 22:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-02 19:21 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-10-21 18:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2010-02-17 06:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=

"c:\\Documents and Settings\\USER\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"29126:TCP"= 29126:TCP:Azureus

"57479:TCP"= 57479:TCP:bittorrent

"1886:TCP"= 1886:TCP:Genieo

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 7:32 PM 691696]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]

R2 Sendori;Sendori;c:\program files\Sendori\SendoriSvc.exe [12/1/2011 5:47 PM 98624]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/18/2012 7:15 AM 909152]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2008 4:23 PM 47360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [9/17/2008 4:47 PM 16512]

S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 12:56 AM 14336]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job

- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job

- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]

.

2012-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

2012-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

2006-05-13 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-17 14:04]

.

2012-03-04 c:\windows\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146

TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab

FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-04 14:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EDEFBE5-5DDF-F27B-7AB3-F2414FD2E5C4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abnjbionafodmmfjaoajpkhcbnknhhgoom"=hex:61,61,00,00

"bbnjbionafodmmfjaodimeiknepcfifdaeho"=hex:61,61,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(960)

c:\windows\system32\relog_ap.dll

.

- - - - - - - > 'explorer.exe'(3736)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Microsoft Virtual PC\VPCShExH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\AVG\AVG2012\avgsysx.dll

c:\program files\AVG\AVG2012\avgopensslx.dll

c:\program files\AVG\AVG2012\avgntopensslx.dll

c:\progra~1\SPYBOT~1\SDHelper.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-03-04 14:40:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-04 19:40

.

Pre-Run: 5,574,766,592 bytes free

Post-Run: 7,113,547,776 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 068B2B6E868F5B2C98A0E3137D2A4B98

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

uSearch Bar = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-03-04.01 - USER 03/05/2012 22:21:50.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1383 [GMT -5:00]

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))

.

.

2012-03-04 21:24 . 2012-03-04 20:24 2304 ----a-w- c:\windows\system32\HtsysmNT.sys

2012-03-04 19:32 . 2012-03-04 19:32 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2012-03-04 19:32 . 2012-03-04 19:32 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2012-03-04 19:32 . 2012-03-04 19:32 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2012-03-04 19:32 . 2012-03-04 19:32 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2012-03-04 19:32 . 2012-03-04 19:32 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2012-03-04 19:32 . 2012-03-04 19:32 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2012-03-04 19:32 . 2012-03-04 19:32 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2012-03-04 19:32 . 2012-03-04 19:32 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2012-03-04 19:31 . 2012-03-04 19:31 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2012-03-04 19:31 . 2012-03-04 19:31 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2012-03-04 19:31 . 2012-03-04 19:31 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2012-03-04 19:31 . 2012-03-04 19:31 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2012-03-04 19:31 . 2012-03-04 19:31 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2012-03-04 19:31 . 2012-03-04 19:31 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2012-03-04 19:31 . 2012-03-04 19:31 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2012-03-04 19:31 . 2012-03-04 19:31 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2012-03-04 19:31 . 2012-03-04 19:31 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2012-02-14 21:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-14 21:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-28 20:55 . 2011-05-30 01:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53 . 2004-08-04 04:17 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-22 05:25 . 2008-07-24 13:51 141200 ----a-w- c:\windows\system32\drivers\pnkbstrk.sys

2011-12-22 05:25 . 2009-10-06 23:11 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-12-22 05:25 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-12-19 01:11 . 2008-07-24 13:51 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-12-19 00:41 . 2010-06-19 00:54 138056 ----a-w- c:\documents and settings\USER\Application Data\PnkBstrK.sys

2011-12-19 00:40 . 2008-07-24 13:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-12-17 19:46 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-17 19:46 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-16 12:22 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec

2011-12-10 20:24 . 2010-05-15 01:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]

2011-05-09 09:49 176936 ----a-w- c:\program files\WBA_F.C\prxtbWBA1.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-18 12:14 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{6DE481F0-7179-4AD6-A857-3DCBCFBB24D4}"= "c:\program files\WBA_F.C\prxtbWBA1.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{6de481f0-7179-4ad6-a857-3dcbcfbb24d4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]

"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Sendori Tray Icon.lnk - c:\program files\Sendori\SendoriTray.exe [2011-12-1 76096]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2005-12-27 15:32 118784 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-10-07 10:17 323392 ----a-w- c:\program files\DNA\btdna.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-06-02 07:11 136176 ----atw- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodVideoConverter_upgrade]

2008-11-03 00:44 495616 ----a-w- c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]

2003-12-03 16:43 1052672 ----a-w- c:\program files\PureEdge\Viewer 6.0\masqform.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 23:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]

2004-12-20 22:12 131072 ----a-w- c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-08-02 19:21 1242448 ----a-w- c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-10-21 18:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2005-12-27 15:32 988736 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2010-02-17 06:30 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Mozilla Firefox 3 Beta 3\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=

"c:\\Documents and Settings\\USER\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\ava\\REACTOR.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\pandorasaga\\SteamIntegrator.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"29126:TCP"= 29126:TCP:Azureus

"57479:TCP"= 57479:TCP:bittorrent

"1886:TCP"= 1886:TCP:Genieo

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2009 7:32 PM 691696]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]

R2 Sendori;Sendori;c:\program files\Sendori\SendoriSvc.exe [12/1/2011 5:47 PM 98624]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/18/2012 7:15 AM 909152]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/19/2008 4:23 PM 47360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate1c9b8aaa8d7d33c;Google Update Service (gupdate1c9b8aaa8d7d33c);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\aspi32.sys [9/17/2008 4:47 PM 16512]

S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/8/2009 7:32 PM 133104]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 12:56 AM 14336]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [11/2/2005 10:54 AM 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 00:32]

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job

- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job

- c:\documents and settings\USER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 07:11]

.

2012-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

2012-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

2006-05-13 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-17 14:04]

.

2012-03-06 c:\windows\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://search.foxtab.com/?s=0&chnl=irn&d=tD2RtDtDtCyD0FtBtCyBtD0CtCtB2R2RtCtCtCtCyBtCtBtCzytB

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146

TCP: Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab

FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-05 22:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9EDEFBE5-5DDF-F27B-7AB3-F2414FD2E5C4}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"abnjbionafodmmfjaoajpkhcbnknhhgoom"=hex:61,61,00,00

"bbnjbionafodmmfjaodimeiknepcfifdaeho"=hex:61,61,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(960)

c:\windows\system32\relog_ap.dll

.

- - - - - - - > 'explorer.exe'(952)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\AVG\AVG2012\avgsysx.dll

c:\program files\AVG\AVG2012\avgopensslx.dll

c:\program files\AVG\AVG2012\avgntopensslx.dll

c:\progra~1\SPYBOT~1\SDHelper.dll

.

Completion time: 2012-03-05 22:32:57

ComboFix-quarantined-files.txt 2012-03-06 03:32

ComboFix2.txt 2012-03-04 19:40

.

Pre-Run: 5,384,318,976 bytes free

Post-Run: 5,359,378,432 bytes free

.

- - End Of File - - 4863E6C01580F00F119794C7ECAA5ACD

Share this post


Link to post
Share on other sites

Thank you, This seems to have fixed IE. Is there a similar procedure for restoring chrome?

Share this post


Link to post
Share on other sites

Yes......

Lets make sure you have the latest version of Chrome:

Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", click on it > if an update is available it will be installed.

Then click on the wrench again and chose Tools > Extensions, see if there's any suspicious items there.

Click on Clear Browser Data > clear it out.

Then to the left go through Basics, Personal Stuff, etc. see if there's any thing suspicious.

Let me know.....MrC

Share this post


Link to post
Share on other sites

Chrome is up to date. I cleared browsing history, and looked for suspicious items. I did not see any.

I'm still being sent to isearch.whitesmoke.com when i search in chrome's address bar.

Share this post


Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

OTL logfile created on: 3/6/2012 9:36:04 PM - Run 1

OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\USER\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 15.97% Memory free

3.85 Gb Paging File | 1.73 Gb Available in Paging File | 45.04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 106.78 Gb Total Space | 13.62 Gb Free Space | 12.76% Space Free | Partition Type: NTFS

Drive D: | 5.00 Gb Total Space | 2.93 Gb Free Space | 58.56% Space Free | Partition Type: NTFS

Drive E: | 111.79 Gb Total Space | 30.00 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Drive F: | 546.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive H: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OPTERON | User Name: USER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 21:35:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

PRC - [2012/03/06 06:49:49 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

PRC - [2012/01/18 07:14:52 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2011/12/01 17:47:12 | 000,076,096 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriTray.exe

PRC - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) -- C:\Program Files\Sendori\SendoriSvc.exe

PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe

PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 14:21:33 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/05/04 03:52:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe

PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

PRC - [2005/12/27 10:32:12 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/06 06:49:48 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll

MOD - [2012/03/06 06:49:46 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll

MOD - [2012/03/06 06:48:22 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avutil-51.dll

MOD - [2012/03/06 06:48:20 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avformat-53.dll

MOD - [2012/03/06 06:48:19 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\avcodec-53.dll

MOD - [2012/02/28 16:00:47 | 014,415,144 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/02/28 16:00:37 | 000,857,896 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/02/28 16:00:36 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll

MOD - [2012/02/28 16:00:36 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll

MOD - [2012/02/28 16:00:36 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll

MOD - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

MOD - [2012/01/18 07:14:52 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2011/11/19 06:42:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2011/10/24 04:33:11 | 000,193,024 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\lwjgl.dll

MOD - [2011/10/24 04:33:11 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\OpenAL32.dll

MOD - [2011/10/24 04:33:11 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\jinput-dx8.dll

MOD - [2011/10/24 04:33:11 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\.minecraft\bin\natives\jinput-raw.dll

MOD - [2010/03/31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll

MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2004/02/25 18:31:24 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2012/01/18 07:15:16 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011/12/01 17:47:10 | 000,098,624 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files\Sendori\SendoriSvc.exe -- (Sendori)

SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/07 16:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/09/04 18:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/10/28 17:02:25 | 000,072,704 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

SRV - [2005/12/27 10:32:12 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WinDriver6)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDSCO)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SDDMI2)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alaahwxf)

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/12/13 19:32:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009/07/16 02:00:31 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2009/01/21 12:03:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrpmpr5.sys -- (BVRPMPR5)

DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)

DRV - [2008/04/13 13:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2007/09/04 18:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)

DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\amdppm.sys -- (AmdPPM)

DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/03/18 14:16:59 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2006/03/18 14:16:59 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2006/03/18 14:16:57 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2005/11/02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\copperhd.sys -- (UsbFltr)

DRV - [2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce

DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce

DRV - [2004/11/17 06:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/11/05 10:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

DRV - [2004/08/12 21:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/05/19 06:51:00 | 000,374,752 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wusbgxp.sys -- (PRISM_A02)

DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI)

DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{7640701C-2E82-47F8-9AF5-756184174422}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{82936E37-1C9C-4612-91C6-3F465462D835}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{975CB869-B881-4DCB-BD60-A9FD6F8ED7AF}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\SearchScopes\{B40870B4-C7B8-4CDE-A660-CA1365BA0531}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.1.0.01

FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_US&apn_uid=3C9FA688-DC66-4106-8EA6-15993C699AC0&apn_ptnrs=PW&apn_sauid=00DD1290-DE85-497B-99B2-217463A2A960&apn_dtid=YYYYYYYYUS&q="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 11:52:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\USER\Local Settings\Application Data\RewardsArcade\498\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/18 07:32:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 3\components [2012/01/18 08:03:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 3\plugins [2012/01/18 07:21:34 | 000,000,000 | ---D | M]

[2011/05/19 13:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions

[2009/12/25 10:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com

[2012/02/28 16:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions

[2010/03/07 11:36:57 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010/07/01 19:21:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/02/14 15:54:56 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

[2009/12/06 15:36:40 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2011/05/15 17:47:45 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2008/09/03 12:40:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2011/12/22 00:19:56 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\textlinks@epicplay.com

[2009/12/11 13:44:26 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\toolbar@shopathome.com

[2012/02/28 16:08:28 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\extensions\wecarereminder@bryan

[2011/02/01 16:21:37 | 000,005,282 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\mbil75g1.default\searchplugins\Foxtab Web Search.xml

[2008/11/11 20:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/01/18 07:32:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7

[2012/02/04 11:52:36 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4

[2010/07/04 12:29:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll

[2008/01/07 19:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2007/01/28 11:12:30 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

========== Chrome ==========

CHR - default_search_provider: WhiteSmoke Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\17.0.963.66\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll

CHR - plugin: GamePlayLabs Plugin (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll

CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\plugins\NPcol400.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np-mswmp.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npMozCouponPrinter.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: OGPlanet Game Plugin (Enabled) = C:\WINDOWS\system32\npOGPPlugin.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AVG Safe Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Weather Underground = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\

O1 HOSTS File: ([2012/03/04 14:34:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (WBA F.C. Toolbar) - {6de481f0-7179-4ad6-a857-3dcbcfbb24d4} - C:\Program Files\WBA_F.C\prxtbWBA1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (WBA F.C. Toolbar) - {6DE481F0-7179-4AD6-A857-3DCBCFBB24D4} - C:\Program Files\WBA_F.C\prxtbWBA1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sendori Tray Icon.lnk = C:\Program Files\Sendori\SendoriTray.exe (Sendori, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)

O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)

O16 - DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} http://www.wildpockets.com/common/WildPocketsLoader-15079.cab (Wild Pockets Loader Plugin Control Class)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: DhcpNameServer = 68.87.75.194 68.87.64.146

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37C0C49E-B08B-47C5-A0C9-DA4F76FA206B}: NameServer = 68.87.75.194,68.87.64.146

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688967-C48E-4E37-9106-7A7BF9CDB52F}: NameServer = 10.0.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/14 17:31:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/08/21 13:45:36 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2008/09/08 16:13:25 | 000,000,058 | R--- | M] () - H:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 21:35:20 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

[2012/03/06 09:07:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/03/05 22:19:59 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/03/04 14:17:16 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/03/04 14:13:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/03/04 14:13:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/03/04 14:13:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/03/04 14:13:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/03/04 14:13:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/03/04 14:13:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/03/04 14:04:57 | 004,426,766 | R--- | C] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe

[2012/03/02 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\RK_Quarantine

[2012/03/02 07:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Infection II

========== Files - Modified Within 30 Days ==========

[2012/03/06 21:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/06 21:35:23 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

[2012/03/06 20:41:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004UA.job

[2012/03/06 19:42:53 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Google Chrome.lnk

[2012/03/06 19:42:53 | 000,002,260 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/03/06 18:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1336601894-839522115-1004Core.job

[2012/03/06 18:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/06 18:32:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job

[2012/03/06 18:26:23 | 000,498,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/06 18:26:23 | 000,087,168 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/06 17:47:11 | 090,970,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/03/04 17:46:12 | 000,384,099 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/03/04 15:24:27 | 000,002,304 | ---- | M] () -- C:\WINDOWS\System32\HtsysmNT.sys

[2012/03/04 14:35:15 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2012/03/04 14:34:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/03/04 14:34:26 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/04 14:34:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1336601894-839522115-1004.job

[2012/03/04 14:31:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/04 14:31:11 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/04 14:17:22 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2012/03/04 14:05:02 | 004,426,766 | R--- | M] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe

[2012/03/02 09:16:47 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI

[2012/03/01 18:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1336601894-839522115-1004.job

[2012/02/28 16:27:03 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\spoon.png

[2012/02/28 16:03:51 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Terraria.url

[2012/02/20 11:54:24 | 000,272,615 | ---- | M] () -- C:\WINDOWS\System32\Appendix B Macroinvertebrate Taxa of Spring Creek and Penns Creek.pdf

[2012/02/15 15:44:08 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/02/15 01:05:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/03/04 16:24:02 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys

[2012/03/04 14:13:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/03/04 14:13:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/03/04 14:13:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/03/04 14:13:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/03/04 14:13:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/02/28 16:27:03 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\spoon.png

[2012/02/28 16:03:51 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\Terraria.url

[2012/02/20 11:54:22 | 000,272,615 | ---- | C] () -- C:\WINDOWS\System32\Appendix B Macroinvertebrate Taxa of Spring Creek and Penns Creek.pdf

[2012/02/14 16:01:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 16:01:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2011/05/26 18:37:22 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2011/05/19 13:58:34 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/01/30 19:39:27 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/12/06 07:57:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat

[2010/12/03 07:16:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/12 21:40:31 | 000,000,360 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat

[2010/10/14 19:25:47 | 000,487,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/07/05 16:06:10 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2010/07/05 16:06:10 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2010/07/05 16:06:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2010/07/05 16:06:10 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2010/06/27 10:05:22 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/06/18 19:54:55 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PnkBstrK.sys

[2010/06/18 19:54:22 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010/06/03 04:24:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/04/03 21:55:32 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2008/04/06 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayTune

[2006/03/17 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2012/01/18 07:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/10/16 18:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/10/14 18:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/10/24 21:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner

[2008/10/11 21:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2009/08/23 10:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/02/15 21:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2009/06/16 11:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2010/10/14 21:38:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/12/13 19:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2007/04/03 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes

[2009/04/08 19:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN

[2011/12/30 12:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linkury

[2012/03/06 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2008/10/03 20:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2007/10/20 09:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge

[2007/02/12 20:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5

[2011/12/22 00:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sendori

[2010/07/05 16:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software

[2009/12/25 10:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/09/28 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs

[2008/10/22 17:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011/10/24 05:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i

[2011/10/24 04:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

[2009/04/15 20:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware

[2009/03/21 09:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2011/11/19 10:28:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}

[2010/07/04 13:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/05 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/08/10 11:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2006/05/13 10:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.BitTornado

[2012/02/28 16:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\.minecraft

[2011/03/03 08:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Amazon

[2011/08/18 06:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG

[2011/10/13 13:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG Secure Search

[2011/10/13 13:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG2012

[2008/10/12 19:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Azureus

[2011/12/01 21:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BitTorrent

[2010/02/15 21:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canneverbe Limited

[2009/11/07 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canon

[2011/11/06 15:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Catalina Marketing Corp

[2007/07/15 20:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ChessBase

[2009/12/13 19:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DAEMON Tools Lite

[2007/04/03 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DassaultSystemes

[2008/04/06 12:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DisplayTune

[2010/05/13 17:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DNA

[2006/05/15 17:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DWGeditor

[2010/07/28 16:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\E-centives

[2006/03/17 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Echo Software

[2009/04/27 11:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\eMusic

[2009/04/08 19:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GARMIN

[2009/03/06 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\gtk-2.0

[2010/03/19 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\KendallHunt

[2007/02/17 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech

[2009/04/08 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MotionBased

[2011/04/16 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\My Games

[2010/11/17 13:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Petroglyph

[2010/05/13 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Phex

[2007/10/23 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PureEdge

[2011/02/27 16:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\RegistryKeys

[2011/10/25 18:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Sammsoft

[2007/02/12 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\scar5

[2008/01/13 11:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Seven Zip

[2008/02/16 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ShredderChess

[2010/08/24 17:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\sldIM

[2011/10/13 09:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Spotify

[2006/03/14 20:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Thunderbird

[2009/12/25 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom

[2008/10/19 16:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Uniblue

[2009/09/28 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\VistaCodecs

[2010/12/28 11:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\vShare

[2011/04/17 11:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Vso

[2011/10/24 05:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\WeatherBug

[2012/03/06 18:32:53 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DA49B636-0ED2-4F7B-8CFD-DF1BEB81F03C}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2010/12/03 21:53:36 | 000,000,158 | ---- | M] ()(C:\Documents and Settings\USER\Desktop\????????(Hydatophylax nigrovittatus McLachlan) ??? ???.url) -- C:\Documents and Settings\USER\Desktop\띠무늬우묵날도래(Hydatophylax nigrovittatus McLachlan) 네이버 블로그.url

[2010/12/03 21:53:36 | 000,000,158 | ---- | C] ()(C:\Documents and Settings\USER\Desktop\????????(Hydatophylax nigrovittatus McLachlan) ??? ???.url) -- C:\Documents and Settings\USER\Desktop\띠무늬우묵날도래(Hydatophylax nigrovittatus McLachlan) 네이버 블로그.url

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 3/6/2012 9:36:04 PM - Run 1

OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\USER\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.32 Gb Available Physical Memory | 15.97% Memory free

3.85 Gb Paging File | 1.73 Gb Available in Paging File | 45.04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 106.78 Gb Total Space | 13.62 Gb Free Space | 12.76% Space Free | Partition Type: NTFS

Drive D: | 5.00 Gb Total Space | 2.93 Gb Free Space | 58.56% Space Free | Partition Type: NTFS

Drive E: | 111.79 Gb Total Space | 30.00 Gb Free Space | 26.83% Space Free | Partition Type: NTFS

Drive F: | 546.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive H: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OPTERON | User Name: USER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = ComFile] -- Reg Error: Key error. File not found

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"29126:TCP" = 29126:TCP:*:Enabled:Azureus

"57479:TCP" = 57479:TCP:*:Enabled:bittorrent

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1886:TCP" = 1886:TCP:*:Enabled:Genieo

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe" = C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe" = C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe:*:Enabled:Terraria -- (Re-Logic)

"C:\Documents and Settings\USER\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\USER\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{1314ED6A-FDAC-41BC-A7BA-3582FF883F3A}" = Community Smartbar

"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools

"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari

"{30E10267-3B27-42CC-B727-681DEBD30C4D}" = Clean Water Action TriMini Reminder by We-Care.com v5.0.2.2

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4642B082-DBC9-44CA-87F3-7A0B997B9590}" = Brother HL-5250DN

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{491EAC1A-8ECB-45D5-97D1-0583D5676914}" = ProMash

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{53C239F5-7E23-493D-8FB6-F8EEEA5C2154}" = Garmin Training Center

"{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}" = SolidWorks Explorer 2007 sp0

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = AsusUpdate

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B5E816C-A761-4F5B-BF48-84B794556CAA}_is1" = Freelang Dictionary (wordlist)

"{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3

"{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}" = MotionBased Agent

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC

"{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.1.55b

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007

"{8AC9520B-25F3-4B3C-B83A-2E4B51AF8DEC}" = Fritz8

"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid

"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95FCA50A-CF7D-457E-AF69-F058F8BC2844}" = SolidWorks 2007 SP0

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE2AFE1-617E-478F-9BE5-DABB63B4380A}" = COSMOSMotion 2007 SP0

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{A83C5D20-CA65-432E-B103-730664547FB5}" = Tina 9 - TI

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9

"{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E}" = COSMOSWorks 2007 SP0

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer

"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder

"{E0000600-0600-0600-0600-000000000600}" = ICS Viewer 6.0

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5

"{FAF88B432344413595BB2DED98385684}" = DivX User Guide

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"7-Zip" = 7-Zip 9.15 beta

"7-Zip 9.20" = 7-Zip 9.20

"Across Lite 2.0" = Across Lite 2.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"Audacity_is1" = Audacity 1.2.6

"AVG" = AVG 2012

"AVG Secure Search" = AVG Security Toolbar

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"BeerSmith 2" = BeerSmith 2

"BetterLinksChrome" = BetterLinks v1.0.7 (remove only)

"BitTorrent" = BitTorrent

"Canon CanoScan LiDE 200 User Registration" = Canon CanoScan LiDE 200 User Registration

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Creative NOMAD II Driver" = Creative NOMAD II Driver

"EpicPlay" = EpicPlay

"ESET Online Scanner" = ESET Online Scanner v3

"HammerHead Rhythm Station" = HammerHead Rhythm Station

"Hugin_release_is1" = Hugin 2009.4.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"iLivid" = iLivid

"InfraRecorder" = InfraRecorder

"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"LVG332" = 3rd Grade

"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)

"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"oggcodecs" = oggcodecs 0.71.0946

"PrimoPDF2.0" = PrimoPDF

"PUBLISHERR" = Microsoft Office Publisher 2007 Trial

"PunkBusterSvc" = PunkBuster Services

"QuicktimeAlt_is1" = QuickTime Alternative 1.69

"R for Windows_is1" = R for Windows 2.5.1

"RealPlayer 12.0" = RealPlayer

"RegistryBooster 2_is1" = Uniblue RegistryBooster 2

"Sendori" = Sendori

"SopCast" = SopCast 3.2.9

"SpywareBlaster_is1" = SpywareBlaster 4.2

"ST6UNST #1" = Machinehead GearCalc Pro (32 bit)

"Steam App 105600" = Terraria

"Steam App 1250" = Killing Floor

"TomTom HOME" = TomTom HOME 2.8.2.2264

"Veetle TV" = Veetle TV 0.9.18

"vShare" = vShare Plugin

"WBA_F.C Toolbar" = WBA F.C. Toolbar

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WinAVR" = WinAVR 20060125 (remove only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Energy Blue Theme Pack" = Windows XP Energy Blue Theme Pack

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.5

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xfire" = Xfire (remove only)

"XP Codec Pack" = XP Codec Pack

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in

"BitTorrent DNA" = DNA

"Google Chrome" = Google Chrome

"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/4/2012 4:16:31 PM | Computer Name = OPTERON | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2001141

Error - 3/4/2012 4:16:31 PM | Computer Name = OPTERON | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2001141

Error - 3/4/2012 4:33:57 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000

Description = Faulting application javaw.exe, version 6.0.260.3, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x0001245f.

Error - 3/4/2012 4:34:06 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001

Description = Fault bucket -1809748939.

Error - 3/6/2012 2:58:05 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000

Description = Faulting application javaw.exe, version 6.0.260.3, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x0001240b.

Error - 3/6/2012 2:58:09 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001

Description = Fault bucket -1814028883.

Error - 3/6/2012 3:05:28 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000

Description = Faulting application javaw.exe, version 6.0.260.3, faulting module

nvoglnt.dll, version 6.14.11.9745, fault address 0x00717a16.

Error - 3/6/2012 3:05:32 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001

Description = Fault bucket -1813797555.

Error - 3/6/2012 6:45:05 PM | Computer Name = OPTERON | Source = Application Error | ID = 1000

Description = Faulting application javaw.exe, version 6.0.260.3, faulting module

nvoglnt.dll, version 6.14.11.9745, fault address 0x00717a39.

Error - 3/6/2012 6:45:09 PM | Computer Name = OPTERON | Source = Application Error | ID = 1001

Description = Fault bucket -1813594957.

[ System Events ]

Error - 3/2/2012 8:35:19 AM | Computer Name = OPTERON | Source = Dhcp | ID = 1002

Description = The IP address lease 10.0.0.7 for the Network Card with network address

0015F2170C12 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a

DHCPNACK message).

Error - 3/2/2012 10:13:13 AM | Computer Name = OPTERON | Source = BROWSER | ID = 8032

Description = The browser service has failed to retrieve the backup list too many

times on transport \Device\NetBT_Tcpip_{F4688967-C48E-4E37-9106-7A7BF9CDB52F}. The

backup browser is stopping.

Error - 3/2/2012 6:40:25 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000

Description = The Active Common Service service failed to start due to the following

error: %%3

Error - 3/2/2012 6:40:25 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000

Description = The IWin service service failed to start due to the following error:

%%3

Error - 3/2/2012 6:43:44 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000

Description = The Active Common Service service failed to start due to the following

error: %%3

Error - 3/2/2012 6:43:44 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000

Description = The IWin service service failed to start due to the following error:

%%3

Error - 3/3/2012 7:46:28 AM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000

Description = The Active Common Service service failed to start due to the following

error: %%3

Error - 3/3/2012 7:46:28 AM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7000

Description = The IWin service service failed to start due to the following error:

%%3

Error - 3/4/2012 3:23:55 PM | Computer Name = OPTERON | Source = Service Control Manager | ID = 7034

Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.

It has done this 1 time(s).

Error - 3/5/2012 11:14:51 PM | Computer Name = OPTERON | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 10.0.0.4 on the

Network

Card with network address 0015F2170C12.

< End of report >

Share this post


Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    CHR - default_search_provider: WhiteSmoke Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860
    CHR - default_search_provider: suggest_url =
    IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860
    IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Share this post


Link to post
Share on other sites

========== OTL ==========

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry key HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004_Classes\.com\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1202660629-1336601894-839522115-1004_Classes\ComFile\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!

OTL by OldTimer - Version 3.2.35.1 log created on 03072012_071528

Share this post


Link to post
Share on other sites

I should tell you that I ran OTL twice... the first time I received the following report. I figured that I just didn't paste the text completely and tried again.

Error: Unable to interpret <CHR - default_search_provider: WhiteSmoke Search (Enabled)> in the current context!

Error: Unable to interpret <CHR - default_search_provider: search_url = http://isearch.white...&as=0&isid=9860> in the current context!

Error: Unable to interpret <CHR - default_search_provider: suggest_url => in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.white...&as=0&isid=9860> in the current context!

Error: Unable to interpret <IE - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.white...&as=0&isid=9860> in the current context!

Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!

Error: Unable to interpret <O3 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!

Error: Unable to interpret <O37 - HKU\S-1-5-21-1202660629-1336601894-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found> in the current context!

OTL by OldTimer - Version 3.2.35.1 log created on 03072012_071341

Share this post


Link to post
Share on other sites

CHR - default_search_provider: WhiteSmoke Search (Enabled)
CHR - default_search_provider: search_url = [url="http://isearch.white...&as=0&isid=9860"]http://isearch.white...&as=0&isid=9860[/url]
CHR - default_search_provider: suggest_url =

These you have to reset yourself > Look through these:

Open up GC

Click Wrench Icon > look through......

Tools

Options

Basics > Search > Manage Search Engine

There's also Help

http://support.googl...en&answer=95653

MrC

Share this post


Link to post
Share on other sites

I uninstalled chrome and re-installed it. That seems to have worked.

What do you recommend?

Share this post


Link to post
Share on other sites

Good, a little clean up to do:

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

--------------------------

Go to your control panels add/remove programs and uninstall these: (older versions of Java are vulnerable to malware)

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1

Then download and install the latest version Java™ 6 Update 31:

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.