Armageddon Posted February 20, 2012 Posted February 20, 2012 Hi again have you tried a reset to default of IE9 ? heres how. [h=3]To reset Internet Explorer settings[/h] Close all Internet Explorer and Windows Explorer windows that are currently open. Open Internet Explorer by clicking the Start button http://res2.windows.microsoft.com/resbox/en/Windows%207/main/4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818.jpg. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer. Click the Tools button http://res2.windows.microsoft.com/resbox/en/Windows%207/main/448ef968-d58a-43a2-b0cc-f396f4024f2c_14.jpg, and then click Internet options. Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data. In the Reset Internet Explorer Settings dialog box, click Reset. When Internet Explorer finishes applying default settings, click Close, and then click OK. Close Internet Explorer. Your changes will take effect the next time you open Internet Explorer. Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Armageddon Posted February 21, 2012 Posted February 21, 2012 Hello Glws did you manage to reset IE9 ? Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Armageddon Posted February 21, 2012 Posted February 21, 2012 Hi Glws hmmm ok I am gonna ask you to run a couple of scans to see if anything more sinister is going on am sure one of our security guys will take a look and help out if needs be. Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check . . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Note: Running the above script with OTL will : turn on your system restore and set a new restore point (XP only) set a new restore point (if system restore is turned on) Vista & Win7. In your next reply, please submit: MBAM scan report Both reports from OTL Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things. Thanks. Quote Google is your friend We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
glws Posted February 22, 2012 Author Posted February 22, 2012 I will try this but I must say that it may take me a while to complete. Now I did try to download OTL earlier and ASK Jeeves would not let me open the program but I will try again. sorry for the delay out golfing today. Quote
glws Posted February 22, 2012 Author Posted February 22, 2012 otl OTL logfile created on: 2/22/2012 4:25:25 PM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\User\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 51.01% Memory free 9.37 Gb Paging File | 6.79 Gb Available in Paging File | 72.42% Paging File free Paging file location(s): C:\pagefile.sys 5758 5758 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76.69 Gb Total Space | 21.97 Gb Free Space | 28.65% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG) PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avformat-53.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avcodec-53.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl () MOD - C:\Program Files (x86)\IncrediMail\Bin\PMC.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc) SRV:64bit: - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc) SRV:64bit: - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys () DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com) DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ms-7309&r=17360111klbitTcaZqy[bXmhwIsh`U IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/ IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@DailyFitnessCenter_53.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 14:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2011/10/16 15:26:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\53ffxtbr@DailyFitnessCenter_53.com: C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin [2011/10/17 12:36:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:02:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 16:18:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 14:55:46 | 000,000,000 | ---D | M] [2011/10/15 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions [2011/10/15 18:16:04 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ACAW_enMX415 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: AVG Safe Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (CyberDefender Link Patrol) - {DD662A0C-12FE-4b38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O2 - BHO: (TBSB01457 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found. O3 - HKLM\..\Toolbar: (AllGamesHome Toolbar) - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - {8175e372-1ff1-4288-8e6e-addebd415d47} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {a6547405-a964-4600-8326-e91c95218964} - No CLSID value found. O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (CyberDefender Link Patrol) - {DD662A0C-12FE-4b38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AllGamesHome Toolbar) - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (CyberDefender Link Patrol) - {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O9 - Extra 'Tools' menuitem : AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: adobe.com ([get] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB29664F-FC07-4034-A7F9-C021B777BDF9}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{229c443a-236e-11e0-857f-406186ebbaae}\Shell - "" = AutoRun O33 - MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: CyberDefender Early Detection Center - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: RoboForm - hkey= - key= - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/20 17:26:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD7B15D4-E1BB-4E2D-B022-586B8977921D} [2012/02/20 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E794CD99-8AE3-4F0C-A6DE-1C793EA26E09} [2012/02/20 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2012/02/20 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live Writer [2012/02/20 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VS Revo Group [2012/02/20 14:10:27 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys [2012/02/20 14:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/02/20 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/02/20 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE [2012/02/20 13:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/20 13:30:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/16 18:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/02/16 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/02/16 15:57:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 15:57:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/16 15:57:07 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/16 15:57:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 15:57:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 15:57:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 15:57:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/16 15:57:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/16 15:57:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/16 15:57:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 15:57:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/16 15:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/02/16 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Product_RM [2012/02/16 12:46:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 12:45:34 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 12:45:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 12:44:43 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/11 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\a_picture_for_you [2012/02/11 10:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New York [2012/02/11 09:46:23 | 000,023,896 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2012/02/05 13:10:39 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSHFLXGD.OCX [2012/02/05 13:10:39 | 000,275,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDATGRD.OCX [2012/02/05 13:10:39 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX [2012/02/05 13:10:39 | 000,232,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDATLST.OCX [2012/02/05 13:10:39 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Richtx32.ocx [2012/02/05 13:10:39 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2012/02/05 13:10:39 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX [2012/02/05 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Equities [2012/02/05 13:10:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL [2012/02/05 13:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Net Equities [2012/01/30 22:33:31 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/30 22:33:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/30 22:33:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/30 22:33:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/30 22:33:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/30 22:33:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/26 07:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/22 16:02:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/22 13:01:30 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/22 13:01:30 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/22 12:52:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/22 12:52:02 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/02/22 12:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/22 12:51:49 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2012/02/22 10:03:03 | 089,724,429 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/02/20 16:03:18 | 000,170,195 | ---- | M] () -- C:\Users\User\Documents\jeeves.JPG [2012/02/20 14:45:19 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/02/20 14:42:45 | 000,001,103 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/02/20 13:30:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/20 12:11:34 | 000,007,605 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2012/02/20 12:06:57 | 000,001,399 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/02/19 16:24:25 | 001,206,319 | ---- | M] () -- C:\Users\User\Documents\True-Surface-Vibe-V-Specs.pdf [2012/02/18 22:49:17 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ASO-OneClickCare.job [2012/02/16 18:07:08 | 000,002,971 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk [2012/02/16 17:42:03 | 000,033,792 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/16 17:37:28 | 000,406,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/16 12:30:35 | 000,799,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/16 12:30:35 | 000,664,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/16 12:30:35 | 000,123,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/16 07:15:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/02/15 20:03:57 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/02/11 10:27:08 | 000,003,103 | ---- | M] () -- C:\Users\User\Desktop\.picasa - Shortcut.lnk [2012/02/11 08:35:28 | 000,001,092 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2012/02/11 08:35:28 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012/02/01 13:03:16 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/01/31 15:35:08 | 001,760,649 | ---- | M] () -- C:\Users\User\Documents\manual.pdf [2012/01/26 07:22:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/20 16:03:18 | 000,170,195 | ---- | C] () -- C:\Users\User\Documents\jeeves.JPG [2012/02/20 14:10:33 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/02/20 14:10:33 | 000,001,103 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/02/20 13:30:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/19 16:24:25 | 001,206,319 | ---- | C] () -- C:\Users\User\Documents\True-Surface-Vibe-V-Specs.pdf [2012/02/16 18:07:08 | 000,002,971 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk [2012/02/11 10:27:08 | 000,003,103 | ---- | C] () -- C:\Users\User\Desktop\.picasa - Shortcut.lnk [2012/01/31 15:35:08 | 001,760,649 | ---- | C] () -- C:\Users\User\Documents\manual.pdf [2012/01/26 07:22:58 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/12/29 15:05:10 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg [2011/12/29 14:57:53 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix106.dll [2011/12/29 14:57:53 | 000,000,489 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2011/12/29 14:57:49 | 000,000,932 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2011/12/29 14:55:38 | 000,000,518 | R--- | C] () -- C:\Windows\cm106.ini [2011/11/27 15:00:38 | 000,779,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/20 15:43:37 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2011/01/22 18:02:43 | 000,033,792 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/20 08:52:13 | 000,000,067 | ---- | C] () -- C:\Windows\st_affiliate.ini [2011/01/20 07:26:33 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat [2011/01/19 14:49:37 | 000,163,227 | ---- | C] () -- C:\Windows\hpoins37.dat [2011/01/18 17:21:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI ========== LOP Check ========== [2011/07/22 11:17:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\4shared Desktop [2011/01/18 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acer [2011/11/29 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG [2011/01/18 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG10 [2011/11/18 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012 [2011/02/18 08:11:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/10/16 12:17:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EleFun Games [2011/10/11 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eSobi [2011/02/12 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN [2012/01/12 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit [2011/01/18 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011/01/20 08:00:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2012/02/16 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Product_RM [2011/11/18 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft [2011/12/26 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak [2011/01/20 08:13:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TreeCardGames [2012/02/20 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2011/11/18 14:38:56 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job [2012/02/18 22:49:17 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\ASO-OneClickCare.job [2012/02/05 06:39:10 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/11/20 06:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2009/08/21 20:43:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011/01/20 08:40:41 | 000,482,914 | ---- | M] () -- C:\cybdefauth_i.log [2012/01/16 16:08:08 | 000,005,706 | ---- | M] () -- C:\cybdefauth_u.log [2012/01/16 16:11:03 | 000,023,187 | ---- | M] () -- C:\CybDefInstallInfo.log [2011/09/30 13:15:33 | 000,000,113 | ---- | M] () -- C:\CybDefWebInstaller.log [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012/02/22 12:51:49 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2012/02/22 12:51:50 | 1742,733,311 | -HS- | M] () -- C:\pagefile.sys [2011/01/20 13:30:30 | 000,060,586 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_20.01.2011_13.26.42_log.txt [2011/12/26 13:04:58 | 000,001,498 | ---- | M] () -- C:\user.js [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI [2009/11/20 21:56:00 | 000,159,766 | ---- | M] () -- C:\WINDOWSlogo_cd.bmp < %systemroot%\system32\Spool\prtprocs\w32x86\*.DLL > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.DLL /lockedfiles > [2011/10/12 17:43:20 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011/10/12 17:43:20 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011/12/13 21:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2011/12/13 20:57:18 | 001,127,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wininet.dll [2010/11/20 06:21:36 | 000,172,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wintrust.dll [2010/11/20 06:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ws2_32.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < Hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/12 17:43:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/12 17:43:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/12 17:43:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) < Hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/12 17:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/12 17:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/12 17:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Quote
glws Posted February 22, 2012 Author Posted February 22, 2012 OTL for Jeeves OTL logfile created on: 2/22/2012 4:25:25 PM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\User\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 51.01% Memory free 9.37 Gb Paging File | 6.79 Gb Available in Paging File | 72.42% Paging File free Paging file location(s): C:\pagefile.sys 5758 5758 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76.69 Gb Total Space | 21.97 Gb Free Space | 28.65% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit) PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\IncrediMail\Bin\ImNotfy.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG) PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avformat-53.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\avcodec-53.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll () MOD - C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl () MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl () MOD - C:\Program Files (x86)\IncrediMail\Bin\PMC.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc) SRV:64bit: - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc) SRV:64bit: - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AdvancedSystemCareService5) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (IObit) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys () DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com) DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ms-7309&r=17360111klbitTcaZqy[bXmhwIsh`U IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/ IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@DailyFitnessCenter_53.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 14:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2011/10/16 15:26:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\53ffxtbr@DailyFitnessCenter_53.com: C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin [2011/10/17 12:36:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:02:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 16:18:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 14:55:46 | 000,000,000 | ---D | M] [2011/10/15 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions [2011/10/15 18:16:04 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ACAW_enMX415 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: AVG Safe Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (CyberDefender Link Patrol) - {DD662A0C-12FE-4b38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O2 - BHO: (TBSB01457 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found. O3 - HKLM\..\Toolbar: (AllGamesHome Toolbar) - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - {8175e372-1ff1-4288-8e6e-addebd415d47} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {a6547405-a964-4600-8326-e91c95218964} - No CLSID value found. O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (CyberDefender Link Patrol) - {DD662A0C-12FE-4b38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AllGamesHome Toolbar) - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (CyberDefender Link Patrol) - {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O9 - Extra 'Tools' menuitem : AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: adobe.com ([get] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB29664F-FC07-4034-A7F9-C021B777BDF9}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{229c443a-236e-11e0-857f-406186ebbaae}\Shell - "" = AutoRun O33 - MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: CyberDefender Early Detection Center - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: IncrediMail - hkey= - key= - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: RoboForm - hkey= - key= - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/20 17:26:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD7B15D4-E1BB-4E2D-B022-586B8977921D} [2012/02/20 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E794CD99-8AE3-4F0C-A6DE-1C793EA26E09} [2012/02/20 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2012/02/20 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live Writer [2012/02/20 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VS Revo Group [2012/02/20 14:10:27 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys [2012/02/20 14:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/02/20 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/02/20 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE [2012/02/20 13:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/20 13:30:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/16 18:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/02/16 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/02/16 15:57:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 15:57:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/16 15:57:07 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/16 15:57:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 15:57:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 15:57:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 15:57:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/16 15:57:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/16 15:57:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/16 15:57:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 15:57:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/16 15:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/02/16 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Product_RM [2012/02/16 12:46:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 12:45:34 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 12:45:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 12:44:43 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/11 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\a_picture_for_you [2012/02/11 10:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New York [2012/02/11 09:46:23 | 000,023,896 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2012/02/05 13:10:39 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSHFLXGD.OCX [2012/02/05 13:10:39 | 000,275,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDATGRD.OCX [2012/02/05 13:10:39 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX [2012/02/05 13:10:39 | 000,232,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDATLST.OCX [2012/02/05 13:10:39 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Richtx32.ocx [2012/02/05 13:10:39 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2012/02/05 13:10:39 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX [2012/02/05 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Equities [2012/02/05 13:10:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL [2012/02/05 13:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Net Equities [2012/01/30 22:33:31 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/30 22:33:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/30 22:33:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/30 22:33:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/30 22:33:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/30 22:33:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/26 07:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/22 16:02:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/22 13:01:30 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/22 13:01:30 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/22 12:52:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/22 12:52:02 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/02/22 12:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/22 12:51:49 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2012/02/22 10:03:03 | 089,724,429 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/02/20 16:03:18 | 000,170,195 | ---- | M] () -- C:\Users\User\Documents\jeeves.JPG [2012/02/20 14:45:19 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/02/20 14:42:45 | 000,001,103 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/02/20 13:30:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/20 12:11:34 | 000,007,605 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2012/02/20 12:06:57 | 000,001,399 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/02/19 16:24:25 | 001,206,319 | ---- | M] () -- C:\Users\User\Documents\True-Surface-Vibe-V-Specs.pdf [2012/02/18 22:49:17 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ASO-OneClickCare.job [2012/02/16 18:07:08 | 000,002,971 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk [2012/02/16 17:42:03 | 000,033,792 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/16 17:37:28 | 000,406,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/16 12:30:35 | 000,799,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/16 12:30:35 | 000,664,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/16 12:30:35 | 000,123,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/16 07:15:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/02/15 20:03:57 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/02/11 10:27:08 | 000,003,103 | ---- | M] () -- C:\Users\User\Desktop\.picasa - Shortcut.lnk [2012/02/11 08:35:28 | 000,001,092 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2012/02/11 08:35:28 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012/02/01 13:03:16 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/01/31 15:35:08 | 001,760,649 | ---- | M] () -- C:\Users\User\Documents\manual.pdf [2012/01/26 07:22:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/20 16:03:18 | 000,170,195 | ---- | C] () -- C:\Users\User\Documents\jeeves.JPG [2012/02/20 14:10:33 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/02/20 14:10:33 | 000,001,103 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/02/20 13:30:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/19 16:24:25 | 001,206,319 | ---- | C] () -- C:\Users\User\Documents\True-Surface-Vibe-V-Specs.pdf [2012/02/16 18:07:08 | 000,002,971 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk [2012/02/11 10:27:08 | 000,003,103 | ---- | C] () -- C:\Users\User\Desktop\.picasa - Shortcut.lnk [2012/01/31 15:35:08 | 001,760,649 | ---- | C] () -- C:\Users\User\Documents\manual.pdf [2012/01/26 07:22:58 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/12/29 15:05:10 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg [2011/12/29 14:57:53 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix106.dll [2011/12/29 14:57:53 | 000,000,489 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2011/12/29 14:57:49 | 000,000,932 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2011/12/29 14:55:38 | 000,000,518 | R--- | C] () -- C:\Windows\cm106.ini [2011/11/27 15:00:38 | 000,779,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/20 15:43:37 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2011/01/22 18:02:43 | 000,033,792 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/20 08:52:13 | 000,000,067 | ---- | C] () -- C:\Windows\st_affiliate.ini [2011/01/20 07:26:33 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat [2011/01/19 14:49:37 | 000,163,227 | ---- | C] () -- C:\Windows\hpoins37.dat [2011/01/18 17:21:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI ========== LOP Check ========== [2011/07/22 11:17:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\4shared Desktop [2011/01/18 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acer [2011/11/29 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG [2011/01/18 19:29:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG10 [2011/11/18 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012 [2011/02/18 08:11:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/10/16 12:17:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EleFun Games [2011/10/11 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eSobi [2011/02/12 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN [2012/01/12 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit [2011/01/18 23:12:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011/01/20 08:00:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2012/02/16 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Product_RM [2011/11/18 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft [2011/12/26 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak [2011/01/20 08:13:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TreeCardGames [2012/02/20 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2011/11/18 14:38:56 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job [2012/02/18 22:49:17 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\ASO-OneClickCare.job [2012/02/05 06:39:10 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/11/20 06:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2009/08/21 20:43:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011/01/20 08:40:41 | 000,482,914 | ---- | M] () -- C:\cybdefauth_i.log [2012/01/16 16:08:08 | 000,005,706 | ---- | M] () -- C:\cybdefauth_u.log [2012/01/16 16:11:03 | 000,023,187 | ---- | M] () -- C:\CybDefInstallInfo.log [2011/09/30 13:15:33 | 000,000,113 | ---- | M] () -- C:\CybDefWebInstaller.log [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2012/02/22 12:51:49 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2012/02/22 12:51:50 | 1742,733,311 | -HS- | M] () -- C:\pagefile.sys [2011/01/20 13:30:30 | 000,060,586 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_20.01.2011_13.26.42_log.txt [2011/12/26 13:04:58 | 000,001,498 | ---- | M] () -- C:\user.js [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI [2009/11/20 21:56:00 | 000,159,766 | ---- | M] () -- C:\WINDOWSlogo_cd.bmp < %systemroot%\system32\Spool\prtprocs\w32x86\*.DLL > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.DLL /lockedfiles > [2011/10/12 17:43:20 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011/10/12 17:43:20 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011/12/13 21:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2011/12/13 20:57:18 | 001,127,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wininet.dll [2010/11/20 06:21:36 | 000,172,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wintrust.dll [2010/11/20 06:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ws2_32.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < Hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/12 17:43:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/12 17:43:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/12 17:43:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) < Hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/02/14 23:03:37 | 001,049,072 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/12 17:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/12 17:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/12 17:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/10/12 17:43:20 | 000,748,336 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > Quote
Starbuck Posted February 23, 2012 Posted February 23, 2012 Hi glws I'm not surprised that you have been having problems! We'll get rid of Ask Jeeves for you and will also remove some dodgy entries. It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove both Advanced SystemCare 5 and Authentium AntiVirus5. Just keep AVG. I personally wouldn't want either Advanced SystemCare 5 or Authentium AntiVirus5 on my system. Recommendation. SuperAntiSpyware doesn't need to start when Windows starts. You can start it manually when you need to do a scan. To change this: Restart SuperAntiSpyware... Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'. Then click Close. and then Close on the next screen to exit the program. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (TBSB01457 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found. O3 - HKLM\..\Toolbar: (AllGamesHome Toolbar) - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - {8175e372-1ff1-4288-8e6e-addebd415d47} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {a6547405-a964-4600-8326-e91c95218964} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AllGamesHome Toolbar) - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O9 - Extra Button: AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O9 - Extra 'Tools' menuitem : AllGamesHome Toolbar - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll () O15 - HKCU\..Trusted Domains: adobe.com ([get] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O33 - MountPoints2\{229c443a-236e-11e0-857f-406186ebbaae}\Shell - "" = AutoRun O33 - MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe MsConfig:64bit - StartUpReg: CyberDefender Early Detection Center - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 :Files C:\Program Files (x86)\Ask.com ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. In your next reply, please submit: OTL fix report New OTL reports So that i can check for orphan entries. Don't forget to post the extras.txt this time. If you have problems removing either of those AV programs, let me know. Thanks. Quote Member of:UNITE
glws Posted February 23, 2012 Author Posted February 23, 2012 All processes killed ========== OTL ========== No active process named Program Files was found! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully. C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ deleted successfully. File C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8175e372-1ff1-4288-8e6e-addebd415d47} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8175e372-1ff1-4288-8e6e-addebd415d47}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a6547405-a964-4600-8326-e91c95218964} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6547405-a964-4600-8326-e91c95218964}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ not found. File C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ not found. File C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}\ not found. File C:\Program Files (x86)\AllGamesHome Toolbar\tbcore3.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com\get\ deleted successfully. Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Starting removal of ActiveX control {0E5F0222-96B9-11D3-8997-00104BD12D94} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{229c443a-236e-11e0-857f-406186ebbaae}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{229c443a-236e-11e0-857f-406186ebbaae}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e5b945-2377-11e0-bf08-806e6f6e6963}\ not found. File D:\Setup.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CyberDefender Early Detection Center\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found. ADS C:\ProgramData\Temp:0B4227B4 deleted successfully. ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully. ========== FILES ========== C:\Program Files (x86)\Ask.com\Updater folder moved successfully. C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully. C:\Program Files (x86)\Ask.com\assets folder moved successfully. C:\Program Files (x86)\Ask.com folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\User\Downloads\cmd.bat deleted successfully. C:\Users\User\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: All Users.WINDOWS User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: heather ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 66341 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: User ->Temp folder emptied: 60499827 bytes ->Temporary Internet Files folder emptied: 109993440 bytes ->Java cache emptied: 8320850 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3853 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20695550 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes RecycleBin emptied: 7527675 bytes Total Files Cleaned = 198.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.2 log created on 02232012_070808 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\User\AppData\Local\Temp\SASE8AB.tmp not found! C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Local\Trusteer\Rapport\user\logs\koan_x64.4860.log moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9715PA4\adsCAK6XQ2A.htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4R8XIZR5\ads[8].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4R8XIZR5\page2[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... Quote
glws Posted February 23, 2012 Author Posted February 23, 2012 OTL logfile created on: 2/23/2012 7:23:20 AM - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\User\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 66.36% Memory free 9.37 Gb Paging File | 7.89 Gb Available in Paging File | 84.24% Paging File free Paging file location(s): C:\pagefile.sys 5758 5758 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76.69 Gb Total Space | 21.84 Gb Free Space | 28.47% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl () MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl () ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc) SRV:64bit: - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc) SRV:64bit: - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys () DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com) DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ms-7309&r=17360111klbitTcaZqy[bXmhwIsh`U IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/ IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@CieoNetUtilities_0e.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@DailyFitnessCenter_53.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 14:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0effxtbr@CieoNetUtilities_0e.com: C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2011/10/16 15:26:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\53ffxtbr@DailyFitnessCenter_53.com: C:\Program Files (x86)\DailyFitnessCenter_53\bar\1.bin [2011/10/17 12:36:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 13:02:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 16:18:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/19 14:55:46 | 000,000,000 | ---D | M] [2011/10/15 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions [2011/10/15 18:16:04 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ACAW_enMX415 CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: AVG Safe Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/02/23 07:09:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (CyberDefender Link Patrol) - {DD662A0C-12FE-4b38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll File not found O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (CyberDefender Link Patrol) - {DD662A0C-12FE-4b38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (CyberDefender Link Patrol) - {DD662A0C-12FE-4B38-BA53-247F7EC82F46} - C:\Users\User\AppData\LocalLow\CyberDefender\cdmyidd.dll (CyberDefender Corp.) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB29664F-FC07-4034-A7F9-C021B777BDF9}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/23 07:08:08 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/20 17:26:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FD7B15D4-E1BB-4E2D-B022-586B8977921D} [2012/02/20 17:26:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E794CD99-8AE3-4F0C-A6DE-1C793EA26E09} [2012/02/20 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Windows Live Writer [2012/02/20 17:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live Writer [2012/02/20 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VS Revo Group [2012/02/20 14:10:27 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys [2012/02/20 14:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/02/20 14:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/02/20 13:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE [2012/02/20 13:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/20 13:30:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/16 18:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/02/16 18:07:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/02/16 15:57:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 15:57:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/16 15:57:07 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/02/16 15:57:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 15:57:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 15:57:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 15:57:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/02/16 15:57:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/02/16 15:57:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/02/16 15:57:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 15:57:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/02/16 15:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/02/16 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Product_RM [2012/02/16 12:46:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 12:45:34 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 12:45:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 12:44:43 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/11 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\a_picture_for_you [2012/02/11 10:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New York [2012/02/11 09:46:23 | 000,023,896 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe [2012/02/05 13:10:39 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSHFLXGD.OCX [2012/02/05 13:10:39 | 000,275,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDATGRD.OCX [2012/02/05 13:10:39 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX [2012/02/05 13:10:39 | 000,232,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDATLST.OCX [2012/02/05 13:10:39 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Richtx32.ocx [2012/02/05 13:10:39 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2012/02/05 13:10:39 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX [2012/02/05 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Equities [2012/02/05 13:10:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL [2012/02/05 13:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Net Equities [2012/01/30 22:33:31 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/30 22:33:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/30 22:33:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/30 22:33:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/30 22:33:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/30 22:33:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/26 07:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner ========== Files - Modified Within 30 Days ========== [2012/02/23 07:19:41 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/23 07:19:41 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/23 07:11:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/23 07:10:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/02/23 07:10:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/23 07:10:43 | 3019,300,864 | -HS- | M] () -- C:\hiberfil.sys [2012/02/23 07:09:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/02/23 07:02:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/22 19:10:11 | 000,033,792 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/22 19:09:06 | 089,796,173 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/02/20 16:03:18 | 000,170,195 | ---- | M] () -- C:\Users\User\Documents\jeeves.JPG [2012/02/20 14:45:19 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/02/20 14:42:45 | 000,001,103 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/02/20 13:30:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/20 12:11:34 | 000,007,605 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2012/02/20 12:06:57 | 000,001,399 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/02/19 16:24:25 | 001,206,319 | ---- | M] () -- C:\Users\User\Documents\True-Surface-Vibe-V-Specs.pdf [2012/02/18 22:49:17 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\ASO-OneClickCare.job [2012/02/16 18:07:08 | 000,002,971 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk [2012/02/16 17:37:28 | 000,406,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/16 12:30:35 | 000,799,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/16 12:30:35 | 000,664,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/16 12:30:35 | 000,123,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/16 07:15:01 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/02/15 20:03:57 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/02/11 10:27:08 | 000,003,103 | ---- | M] () -- C:\Users\User\Desktop\.picasa - Shortcut.lnk [2012/02/11 08:35:28 | 000,001,092 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2012/02/11 08:35:28 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012/02/01 13:03:16 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/01/31 15:35:08 | 001,760,649 | ---- | M] () -- C:\Users\User\Documents\manual.pdf [2012/01/26 07:22:58 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2012/02/20 16:03:18 | 000,170,195 | ---- | C] () -- C:\Users\User\Documents\jeeves.JPG [2012/02/20 14:10:33 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2012/02/20 14:10:33 | 000,001,103 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/02/20 13:30:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/19 16:24:25 | 001,206,319 | ---- | C] () -- C:\Users\User\Documents\True-Surface-Vibe-V-Specs.pdf [2012/02/16 18:07:08 | 000,002,971 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk [2012/02/11 10:27:08 | 000,003,103 | ---- | C] () -- C:\Users\User\Desktop\.picasa - Shortcut.lnk [2012/01/31 15:35:08 | 001,760,649 | ---- | C] () -- C:\Users\User\Documents\manual.pdf [2012/01/26 07:22:58 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/12/29 15:05:10 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg [2011/12/29 14:57:53 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix106.dll [2011/12/29 14:57:53 | 000,000,489 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2011/12/29 14:57:49 | 000,000,932 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2011/12/29 14:55:38 | 000,000,518 | R--- | C] () -- C:\Windows\cm106.ini [2011/11/27 15:00:38 | 000,779,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/20 15:43:37 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2011/01/22 18:02:43 | 000,033,792 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/20 08:52:13 | 000,000,067 | ---- | C] () -- C:\Windows\st_affiliate.ini [2011/01/20 07:26:33 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat [2011/01/19 14:49:37 | 000,163,227 | ---- | C] () -- C:\Windows\hpoins37.dat [2011/01/18 17:21:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > Quote
glws Posted February 23, 2012 Author Posted February 23, 2012 C:\Users\User\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: All Users.WINDOWS User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: heather ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 66341 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: User ->Temp folder emptied: 60499827 bytes ->Temporary Internet Files folder emptied: 109993440 bytes ->Java cache emptied: 8320850 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3853 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20695550 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes RecycleBin emptied: 7527675 bytes Total Files Cleaned = 198.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.2 log created on 02232012_070808 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\User\AppData\Local\Temp\SASE8AB.tmp not found! C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Local\Trusteer\Rapport\user\logs\koan_x64.4860.log moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z9715PA4\adsCAK6XQ2A.htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4R8XIZR5\ads[8].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4R8XIZR5\page2[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... Quote
Starbuck Posted February 23, 2012 Posted February 23, 2012 Hi glws, I see you had problems removing Authentium AntiVirus, this is one of the reasons i needed the extras.txt. Authentium is not always under that name. No problem though, we'll get rid of it with a script. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl SRV:64bit: - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc) SRV:64bit: - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc) SRV:64bit: - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found [2011/10/15 18:16:04 | 000,000,000 | ---D | M] (AllGamesHome Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.) @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4 :Files C:\Program Files\Common Files\Authentium :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Because you are running OTL from your download folder: C:\Users\User\Downloads The OTL report and the Extras.txt will be saved there as well. Please take a look and if you find the extras.txt.... please post it here for me. The extras.txt looks simillar to the main.txt but will have extras.txt in the header. It's the report that contains the add/remove list. In your next reply, please submit: New Otl fix report Extras.txt ( if you find it) and let me know how the system is running now. Thanks. Quote Member of:UNITE
glws Posted February 23, 2012 Author Posted February 23, 2012 OTL Extras logfile created on: 2/23/2012 7:23:20 AM - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\User\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 66.36% Memory free 9.37 Gb Paging File | 7.89 Gb Available in Paging File | 84.24% Paging File free Paging file location(s): C:\pagefile.sys 5758 5758 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76.69 Gb Total Space | 21.84 Gb Free Space | 28.47% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C459FF28-B6DB-4C17-B54F-4175BF7F8D5B}" = AVG 2012 "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012 "{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2012 "CCleaner" = CCleaner "C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device "EBDCDAEB98C3CEE4C1FE2250AF5C64880A0E8D87" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/25/2011 6.0.1.6299) "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400 "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync "{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1" = Advanced System Optimizer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC5352DA-F4F2-4A59-A1BF-41546342746B}" = CyberDefender Early Detection Center "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{AE613868-24C7-4f1f-A9C6-7B3B718ABDA5}" = IObit Toolbar v4.9 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin "{B3CCD41C-8D31-4E67-B24F-9D5BC6C74FE3}" = AllGamesHome Toolbar "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.2 "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "AI RoboForm" = AI RoboForm (All Users) "ALUpdate_is1" = ALTools Update "ALZip_is1" = ALZip "DivX Setup" = DivX Setup "Equity Evaluator_is1" = Equity Evaluator "Google Chrome" = Google Chrome "Identity Card" = Identity Card "IncrediMail" = IncrediMail 2.0 "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "IObit Malware Fighter_is1" = IObit Malware Fighter "jZip" = jZip "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "MonitorTest_is1" = MonitorTest V3.1 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "PC Matic_is1" = PC Matic 1.1.0.36 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "Picasa 3" = Picasa 3 "Rapport_msi" = Rapport "Smart Defrag 2_is1" = Smart Defrag 2 "WinLiveSuite" = Windows Live Essentials "ZipCentral_is1" = ZipCentral 4.01 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Quote
glws Posted February 23, 2012 Author Posted February 23, 2012 All processes killed ========== OTL ========== Service vseqrts stopped successfully! Service vseqrts deleted successfully! C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe moved successfully. Service vsedsps stopped successfully! Service vsedsps deleted successfully! C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe moved successfully. Service vseamps stopped successfully! Service vseamps deleted successfully! C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\components folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\chrome\content\id_toolbar folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\chrome\content folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD}\chrome folder moved successfully. C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{C178BB02-BFCF-4E69-AB7C-DED3BD0291BD} folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\ deleted successfully. C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll moved successfully. ADS C:\ProgramData\Temp:0B4227B4 deleted successfully. ========== FILES ========== C:\Program Files\Common Files\Authentium\AntiVirus5\ampse folder moved successfully. C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf folder moved successfully. C:\Program Files\Common Files\Authentium\AntiVirus5 folder moved successfully. C:\Program Files\Common Files\Authentium folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: All Users.WINDOWS User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: heather ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: User ->Temp folder emptied: 304272 bytes ->Temporary Internet Files folder emptied: 26463526 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 6109405 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3664 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 31.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02232012_131633 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Local\Trusteer\Rapport\user\logs\koan_x64.2244.log moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\User\AppData\Local\Trusteer\Rapport\user\logs\koan_x64.3736.log moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TRHTDD27\ads[6].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TRHTDD27\page2[2].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TRHTDD27\Tracking[2].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TRHTDD27\WelcomeMessageMember[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LT2QM201\ads[6].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LT2QM201\signin[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LT2QM201\Tracking[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWKQ27VL\like[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWKQ27VL\like[2].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... Quote
Starbuck Posted February 23, 2012 Posted February 23, 2012 Hi glws Thanks for that. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 3 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 3". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x64' from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 24 . Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u3-windows-i586-p.exe to install the newest version. Quote Member of:UNITE
glws Posted February 24, 2012 Author Posted February 24, 2012 now the ask jeeves is 1/2 gone the top section is not there anymore but the bottom section that ask me to download or save anything I open is still there. If you look at my original copy and paste of the problem you will see 2 sections NOW only one. Quote
Starbuck Posted February 24, 2012 Posted February 24, 2012 Is this coming up on a specific browser or all of them? Quote Member of:UNITE
Plastic Nev Posted February 25, 2012 Posted February 25, 2012 To save Starbuck asking, which one of the two are you seeing now? It could be important to know. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
Starbuck Posted February 25, 2012 Posted February 25, 2012 Sorry but i'm totally confused now. I don't see anything in the top section of the attachment. http://img.photobucket.com/albums/v708/starbuck50/ask1.png Only the topic you was replying to....'Ask Jeeves'. ( this was only the tab that was open) This is what was showing in the bottom section: http://img.photobucket.com/albums/v708/starbuck50/ask.png Ask has been removed.... the whole folder has gone, i can't see how you are still seeing this bottom section. Please post a pic of what you see please. Quote Member of:UNITE
glws Posted February 27, 2012 Author Posted February 27, 2012 sorry but the bottom section "an add on has failed to run" runs and also other directions come up on this section i.e. "save" " or "downloads" it does not come up all the time only certain times Quote
glws Posted February 27, 2012 Author Posted February 27, 2012 in fact it runs as I replied when I open your site Quote
Starbuck Posted February 27, 2012 Posted February 27, 2012 Ar right, i see now. Actually this is IE working correctly according to the settings you have. If you have a setting similar to the one below, you will get these notifications. http://img.photobucket.com/albums/v708/starbuck50/settings.png This has nothing to do with 'Ask Jeeves'. Quote Member of:UNITE
glws Posted February 28, 2012 Author Posted February 28, 2012 okay thank you very much. So this is the proper set up I need and I have this for life. Quote
Starbuck Posted February 28, 2012 Posted February 28, 2012 Hi glws So this is the proper set up I need and I have this for life. Regarding IE, yes it seems to be set up correctly, it's protecting your privacy concerning 3rd party cookies. Obviously you can change these settings if you want, you are never stuck with settings you don't want. Let's finish off the cleaning process now. Step 1 Restart MBAM. (if installed) Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed if it's installed. Step 3 Now you should set a New Restore Point. Setting a new restore point AFTER cleaning your system will help your computer to "roll-back" to a clean working state, if ever needed. Click Start >> Computer >> System Properties >> System Protection. Here you have a list of hard drives and partitions available in your computer - mostly just one. Select the drive that has "(System)" written after it and click Configure. select Turn off system protection under Restore Settings and click Delete button. Click Continue in confirmation window and click Close after the restore points have been deleted. Then click OK to close properties for the drive. Now reboot the system. Follow the above procedure again, only this time click Restore system settings and previous Versions of files. Then click OK. Your System restore will now be active again... starting with a new restore point. Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ... see note* ....installation guide Here Avast free MS Security Essentials ... see note** ... installation guide Here Note*: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation. Note**: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.