Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Qooqlle


  • This topic is locked This topic is locked
13 replies to this topic

#1 faketiger

faketiger

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 18 February 2011 - 03:26 PM

For the past month, everytime I open a browser (firefox mainly), it gets directed to qooqlle. I"ve run spybot, adaware, AVG and malwarebytes, nothing seems to work. I run windows 7 and I'm not very sure if I have 64 or 32 bits.

Here's the DDS log:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Cherry at 13:27:41.18 on Fri 02/18/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.2221 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Cherry\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cherry\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {6d710e75-1b0d-7cd4-06d9-6ba346342240} - C:\Windows\SysWow64\whheelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Cherry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADQANQA4ADMANQAyADQALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.872
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=ZUzeb004YYUS_ZUman004
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uASetup: {B0A3AEAF-A862-AAD4-A5E7-AC54AC7721CD} - C:\Users\Cherry\AppData\Roaming\svchost.exe
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\
FF - prefs.js: browser.search.selectedEngine - qooqlle
FF - prefs.js: browser.startup.homepage - hxxp://www.qooqlle.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Cherry\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-28 55280]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-16 1153368]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-28 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-28 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-11-28 19968]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-18 11392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-18 393216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-18 139264]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-11-28 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-28 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-28 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-28 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-28 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-28 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-28 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-28 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-28 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]

=============== Created Last 30 ================

2011-02-18 05:28:15 388096 ----a-r- C:\Users\Cherry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 05:28:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-18 04:17:36 -------- d-----w- C:\Users\Cherry\AppData\Roaming\Malwarebytes
2011-02-18 04:17:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-18 04:17:27 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-18 04:17:24 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-02-18 04:17:22 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-18 04:17:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-16 15:32:09 -------- dc----w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-16 15:28:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-16 15:28:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-16 15:03:46 6231376 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-16 15:03:38 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9103B2DA-C16D-48C1-8C27-EDAB92C42E25}\mpengine.dll
2011-02-16 03:52:50 -------- d-----w- C:\Users\Cherry\AppData\Roaming\AVG10
2011-02-16 03:50:18 -------- d--h--w- C:\PROGRA~3\Common Files
2011-02-16 03:48:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-02-16 03:48:43 -------- d-----w- C:\PROGRA~3\AVG10
2011-02-16 03:31:28 -------- d-----w- C:\PROGRA~3\MFAData
2011-02-09 21:51:43 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-05 18:07:51 -------- d-----w- C:\Users\Cherry\AppData\Roaming\Islands
2011-02-04 19:39:38 -------- d-----w- C:\Users\Cherry\AppData\Roaming\DivoGames
2011-02-04 19:37:36 -------- d-----w- C:\Windows\Jack of all Tribes
2011-02-02 03:29:51 -------- d-----w- C:\Users\Cherry\AppData\Roaming\HdO Adventure
2011-01-30 20:57:00 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-28 03:09:42 -------- dc----w- C:\Program Files\0e2be3cc
2011-01-28 03:07:42 -------- d-----w- C:\Program Files (x86)\Doyo
2011-01-28 03:07:39 -------- d-----w- C:\Users\Cherry\AppData\Roaming\FlashgetSetup
2011-01-28 03:07:36 -------- d-----w- C:\Program Files (x86)\115

==================== Find3M ====================

2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 10:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

============= FINISH: 13:28:52.29 ===============


THank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:59 AM

Posted 23 February 2011 - 03:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:59 AM

Posted 28 February 2011 - 04:29 PM

Do you still need help?

Best Regards,
oneof4.


#4 faketiger

faketiger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 01 March 2011 - 08:42 PM

Hi, yes, I still need help and I'm sorry for not responding. For some reason I was waiting for email notifications that let me know there has been a reply. I apologize.

I run windows 7, I believe it's 64bits. I don't have the Windows DVD available.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Cherry at 19:22:24.40 on Tue 03/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.2353 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cherry\Downloads\downloaded software\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {6d710e75-1b0d-7cd4-06d9-6ba346342240} - C:\Windows\SysWow64\whheelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Cherry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADQANQA4ADMANQAyADQALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.872
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=ZUzeb004YYUS_ZUman004
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uASetup: {B0A3AEAF-A862-AAD4-A5E7-AC54AC7721CD} - C:\Users\Cherry\AppData\Roaming\svchost.exe
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
mRun-x64: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\
FF - prefs.js: browser.search.selectedEngine - qooqlle
FF - prefs.js: browser.startup.homepage - hxxp://www.qooqlle.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Cherry\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Cherry\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Cherry\AppData\Roaming\Move Networks
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-28 55280]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-16 1153368]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-28 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-11-28 19968]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-18 11392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-18 393216]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-28 104960]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-18 139264]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-11-28 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-28 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-28 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-28 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-28 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-28 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-28 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-28 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-28 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]

=============== Created Last 30 ================

2011-03-02 00:44:07 -------- d-----w- C:\Program Files (x86)\Conduit
2011-03-02 00:44:01 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-03-02 00:43:55 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-03-01 21:32:18 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{01562F1F-9ACC-47D3-A4BC-8D169C02FB48}\mpengine.dll
2011-02-24 16:02:58 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-24 16:02:58 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 17:04:12 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 17:04:12 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 17:04:11 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 17:04:11 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 00:20:28 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-02-19 22:07:18 -------- d-----w- C:\Users\Cherry\AppData\Roaming\Intuit
2011-02-19 22:04:33 -------- d-----w- C:\Users\Cherry\AppData\Local\IsolatedStorage
2011-02-19 22:04:30 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-02-19 22:04:16 -------- d-----w- C:\Program Files (x86)\TurboTax
2011-02-19 22:03:56 -------- d-----w- C:\PROGRA~3\Intuit
2011-02-18 05:28:15 388096 ----a-r- C:\Users\Cherry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 05:28:14 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-02-18 04:17:36 -------- d-----w- C:\Users\Cherry\AppData\Roaming\Malwarebytes
2011-02-18 04:17:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-18 04:17:27 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-18 04:17:24 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-02-18 04:17:22 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-18 04:17:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-16 15:32:09 -------- dc----w- C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-02-16 15:28:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-02-16 15:28:37 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-02-16 15:03:46 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-16 03:52:50 -------- d-----w- C:\Users\Cherry\AppData\Roaming\AVG10
2011-02-16 03:50:18 -------- d--h--w- C:\PROGRA~3\Common Files
2011-02-16 03:48:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-02-16 03:48:43 -------- d-----w- C:\PROGRA~3\AVG10
2011-02-16 03:31:28 -------- d-----w- C:\PROGRA~3\MFAData
2011-02-09 21:51:43 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-05 18:07:51 -------- d-----w- C:\Users\Cherry\AppData\Roaming\Islands
2011-02-04 19:39:38 -------- d-----w- C:\Users\Cherry\AppData\Roaming\DivoGames
2011-02-04 19:37:36 -------- d-----w- C:\Windows\Jack of all Tribes
2011-02-02 03:29:51 -------- d-----w- C:\Users\Cherry\AppData\Roaming\HdO Adventure

==================== Find3M ====================

2011-02-02 23:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 10:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

============= FINISH: 19:23:25.22 ===============

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:59 PM

Posted 03 March 2011 - 12:13 AM

Hello faketiger,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

2.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

4.
Download Bootkit Remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

5.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

6.
Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Things to include in your next reply::
TDSSKiller log
Bootkit Remover log
MBRCheck log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 faketiger

faketiger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 04 March 2011 - 01:00 PM

Thank you so much! Computer has been running ok, starting up the computer is significantly longer than before and the qooqlle is still there everytime I open firefox. 2 weeks ago the computer crashed twice. First my skype told me that webcam cannot be detected, then when I restart the computer it will not start. So I took the battery out and unplugged the cord for 5 minutes and tried to startup several times and it finally started up again. Same thing happened again several days later. Nothing significant since then.

TDSSKiller didn't find any malicious stuff.


Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`ee000000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NW235F
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 156):
0x03062000 \SystemRoot\system32\ntoskrnl.exe
0x03019000 \SystemRoot\system32\hal.dll
0x00BB8000 \SystemRoot\system32\kdcom.dll
0x00C77000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBB000 \SystemRoot\system32\PSHED.dll
0x00CCF000 \SystemRoot\system32\CLFS.SYS
0x00D2D000 \SystemRoot\system32\CI.dll
0x00E6D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F11000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F20000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F77000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F80000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F8A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCA000 \SystemRoot\System32\drivers\partmgr.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E15000 \SystemRoot\System32\drivers\mountmgr.sys
0x010D3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011EF000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0102A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01035000 \SystemRoot\system32\drivers\fltmgr.sys
0x01081000 \SystemRoot\system32\drivers\fileinfo.sys
0x01095000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01256000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014AA000 \SystemRoot\System32\Drivers\msrpc.sys
0x01508000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01522000 \SystemRoot\System32\Drivers\cng.sys
0x01595000 \SystemRoot\System32\drivers\pcw.sys
0x015A6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C0000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017B2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015B0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01693000 \SystemRoot\System32\Drivers\mup.sys
0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01474000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x016AE000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x0148A000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x02D75000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D9F000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x02DAE000 \SystemRoot\System32\Drivers\Null.SYS
0x02DB7000 \SystemRoot\System32\Drivers\Beep.SYS
0x02DBE000 \SystemRoot\System32\drivers\vga.sys
0x02DCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C00000 \SystemRoot\System32\drivers\watchdog.sys
0x02C10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C19000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C22000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C2B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01230000 \SystemRoot\System32\Drivers\Npfs.SYS
0x010A1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C36000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03AEE000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x03B4F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A00000 \SystemRoot\system32\drivers\afd.sys
0x03A8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A93000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03AB9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03ACF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B94000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BAF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C73000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CC4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CD0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03CDB000 \SystemRoot\System32\drivers\discache.sys
0x03CEA000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D08000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D19000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03D69000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E5A000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0484E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04942000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04988000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04995000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049EB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0455C000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04A4A000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04BB9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04A00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04BC6000 \SystemRoot\system32\DRIVERS\risdsn64.sys
0x04BDE000 \SystemRoot\system32\DRIVERS\rimssn64.sys
0x04824000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x03E43000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04BFC000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x045CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x045DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A3E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03D8F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03D9F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04842000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03C2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03C4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04A43000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04E96000 \SystemRoot\system32\DRIVERS\ks.sys
0x04ED9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04EEB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04F45000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06036000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04F5A000 \SystemRoot\system32\drivers\portcls.sys
0x06000000 \SystemRoot\system32\drivers\drmk.sys
0x06022000 \SystemRoot\system32\drivers\ksthunk.sys
0x04F97000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06028000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04FB4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0602A000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x061F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C43000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04FE2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x04E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x04E0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x04E1A000 \SystemRoot\system32\drivers\luafv.sys
0x04E3D000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x026AE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02701000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02714000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0272C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02736000 \SystemRoot\system32\drivers\HTTP.sys
0x02600000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0261E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02636000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02ABE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02B0C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02B2F000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x02B3B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x02B40000 \SystemRoot\system32\drivers\peauth.sys
0x02BE6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02A00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02A2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A3F000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x02A47000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x0548B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x054F2000 \SystemRoot\System32\DRIVERS\srv.sys
0x05588000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77650000 \Windows\System32\ntdll.dll
0x48070000 \Windows\System32\smss.exe
0xFF970000 \Windows\System32\apisetschema.dll

Processes (total 87):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
448 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
656 csrss.exe
708 csrss.exe
716 C:\Windows\System32\wininit.exe
764 C:\Windows\System32\services.exe
780 C:\Windows\System32\lsass.exe
792 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
572 C:\Windows\System32\svchost.exe
644 C:\Windows\System32\svchost.exe
596 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1168 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1252 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\dwm.exe
1568 C:\Windows\System32\svchost.exe
1596 C:\Windows\explorer.exe
1704 C:\Windows\System32\taskhost.exe
1808 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1848 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1888 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1924 C:\Windows\System32\svchost.exe
1988 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
620 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
1592 C:\Windows\System32\svchost.exe
1688 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
1760 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
1344 C:\Windows\System32\taskeng.exe
2108 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
2144 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2184 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2236 dllhost.exe
2260 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2316 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2328 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2580 C:\Windows\System32\igfxsrvc.exe
2852 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3032 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3428 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
3700 WUDFHost.exe
3812 C:\Windows\System32\svchost.exe
4016 C:\Windows\System32\hkcmd.exe
4032 C:\Windows\System32\igfxpers.exe
3336 C:\Program Files\Apoint\Apoint.exe
2692 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3732 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
1212 C:\Program Files\Apoint\ApMsgFwd.exe
2608 C:\Windows\System32\SearchIndexer.exe
3284 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
2028 C:\Program Files\Apoint\ApntEx.exe
4100 C:\Windows\System32\conhost.exe
4108 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4172 C:\Program Files\Apoint\Apvfb.exe
4360 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
4428 C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
4596 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4616 C:\Windows\System32\conhost.exe
4936 C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
4968 C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
5044 C:\Program Files\iPod\bin\iPodService.exe
4208 C:\Program Files\Windows Media Player\wmpnetwk.exe
4336 C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2544 C:\Windows\System32\svchost.exe
4324 C:\Program Files\Java\jre6\bin\jusched.exe
2564 C:\Program Files\Sony\VAIO Care\VCsystray.exe
5544 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3384 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
3088 C:\Windows\System32\svchost.exe
5960 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3804 C:\Windows\System32\svchost.exe
5260 C:\Program Files\Java\jre6\bin\jucheck.exe
6128 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
1868 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
3500 C:\Windows\System32\audiodg.exe
3932 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3512 C:\Windows\System32\SearchProtocolHost.exe
3380 C:\Windows\System32\notepad.exe
5660 dllhost.exe
5820 dllhost.exe
3860 C:\Users\Cherry\Desktop\MBRCheck.exe
5788 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`ee000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVS-26VAT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:59 PM

Posted 04 March 2011 - 05:26 PM

Hello,

Well I was hoping that would take care of it but we will have to pull out a bigger tool.


1.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 faketiger

faketiger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 05 March 2011 - 06:05 PM

Ok, here goes,

OTL logfile created on: 3/5/2011 4:48:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Cherry\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.37 Gb Total Space | 155.37 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: CHERRY-VAIO | User Name: Cherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/05 16:47:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
PRC - [2011/03/01 18:39:48 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/26 23:59:38 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/26 19:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/08/26 19:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/08/26 19:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/08/26 19:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/07/23 12:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 12:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 17:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/01 13:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/01 13:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 11:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/04/13 10:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/03/05 16:47:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/22 16:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/23 22:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/26 16:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 16:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/17 20:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/09/29 18:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/31 14:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/07/27 18:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/27 18:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/27 18:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/27 18:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/27 18:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 12:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 12:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 12:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 17:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 13:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 13:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 13:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/04/13 10:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/03 15:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/03 15:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/04 19:22:40 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/08/04 19:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/03 14:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 14:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 14:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 14:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 14:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 14:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 14:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/27 14:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/23 23:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/11 14:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 16:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/04/30 16:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 16:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/02/15 21:49:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/07 09:45:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/16 22:24:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/31 12:52:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/10/31 12:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Extensions
[2010/10/31 12:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/04 21:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions
[2011/03/01 18:43:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/03/01 18:43:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com
[2011/02/16 08:59:59 | 000,007,533 | ---- | M] () -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\searchplugins\mywebsearch.xml
[2011/02/17 18:53:05 | 000,001,860 | ---- | M] () -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\searchplugins\search.xml
[2010/02/04 13:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/24 12:40:11 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CHERRY\APPDATA\ROAMING\MOVE NETWORKS

O1 HOSTS File: ([2011/02/17 13:07:00 | 000,429,254 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14802 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {6D710E75-1B0D-7CD4-06D9-6BA346342240} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 16:47:41 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
[2011/03/04 11:52:32 | 000,000,000 | ---D | C] -- C:\Users\Cherry\Desktop\Bootkit remover
[2011/03/04 11:45:01 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cherry\Desktop\tdsskiller.exe
[2011/03/04 10:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/01 18:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/01 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/03/01 18:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar
[2011/02/21 18:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/21 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/02/19 16:12:29 | 000,000,000 | ---D | C] -- C:\Users\Cherry\Documents\TurboTax
[2011/02/19 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Intuit
[2011/02/19 16:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2011/02/19 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Local\IsolatedStorage
[2011/02/19 16:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/02/19 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2011/02/19 16:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/02/17 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/17 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/02/17 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Malwarebytes
[2011/02/17 22:17:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/17 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/17 22:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/02/17 22:17:22 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/17 22:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/16 09:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/16 09:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/16 09:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/02/15 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\AVG10
[2011/02/15 21:50:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/15 21:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/15 21:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/15 21:48:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/02/15 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/13 20:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/02/12 23:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/05 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Islands
[2011/02/04 13:39:38 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\DivoGames
[2011/02/04 13:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Jack of all Tribes
[1 C:\Users\Cherry\Desktop\*.tmp files -> C:\Users\Cherry\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/05 16:47:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
[2011/03/05 16:46:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171581760-2390547523-882710135-1001UA.job
[2011/03/05 16:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 13:46:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171581760-2390547523-882710135-1001Core.job
[2011/03/05 11:00:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 11:00:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/05 10:58:28 | 107,840,769 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/05 10:52:27 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 10:52:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/05 10:52:13 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/04 11:54:02 | 000,080,384 | ---- | M] () -- C:\Users\Cherry\Desktop\MBRCheck.exe
[2011/03/04 11:45:04 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cherry\Desktop\tdsskiller.exe
[2011/02/21 18:20:34 | 000,001,056 | -H-- | M] () -- C:\IPH.PH
[2011/02/21 18:20:33 | 000,001,933 | ---- | M] () -- C:\Users\Cherry\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/21 18:20:33 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/02/20 11:44:59 | 000,230,227 | ---- | M] () -- C:\Users\Cherry\Desktop\New schedule.pdf
[2011/02/20 11:32:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/20 11:32:07 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/20 11:32:07 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/20 08:54:05 | 000,456,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/19 20:06:45 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/02/19 16:06:07 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/02/18 13:25:11 | 000,000,000 | ---- | M] () -- C:\Users\Cherry\defogger_reenable
[2011/02/17 13:07:00 | 000,429,254 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/16 22:24:10 | 000,004,535 | ---- | M] () -- C:\Windows\wininit.ini
[2011/02/15 21:50:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011/02/15 21:50:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2011/02/13 20:30:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Users\Cherry\Desktop\*.tmp files -> C:\Users\Cherry\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 10:58:28 | 107,840,769 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/04 11:54:02 | 000,080,384 | ---- | C] () -- C:\Users\Cherry\Desktop\MBRCheck.exe
[2011/02/21 18:20:33 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/02/20 11:44:59 | 000,230,227 | ---- | C] () -- C:\Users\Cherry\Desktop\New schedule.pdf
[2011/02/19 16:06:07 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/02/18 13:25:11 | 000,000,000 | ---- | C] () -- C:\Users\Cherry\defogger_reenable
[2011/02/16 22:23:38 | 000,004,535 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/13 20:30:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/02/13 20:30:11 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/01/27 21:11:46 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2009/12/08 22:33:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/11/29 00:46:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/28 15:45:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/08/18 18:16:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/18 17:46:36 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/18 17:46:34 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/18 17:46:34 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/08/18 17:46:33 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/12/09 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\acccore
[2011/02/15 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\AVG10
[2010/12/19 23:45:54 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Big Fish Games
[2010/11/06 22:43:04 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Boolat Games
[2009/12/22 19:09:56 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Canon
[2011/02/04 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\DivoGames
[2010/10/16 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\ERS G-Studio
[2010/10/10 08:27:47 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\ERS Game Studios
[2011/01/27 21:11:46 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\FlashgetSetup
[2010/11/09 19:34:47 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Fuzzy Games
[2010/11/06 23:10:48 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\GameHouse
[2010/04/19 22:14:09 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\GameMill Entertainment
[2011/02/01 21:29:51 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\HdO Adventure
[2010/08/09 08:49:28 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\HorizonWimba
[2010/02/19 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\ICAClient
[2010/05/05 11:18:47 | 000,000,000 | RHSD | M] -- C:\Users\Cherry\AppData\Roaming\install
[2011/02/09 20:16:23 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Islands
[2010/12/04 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Jane s Hotel
[2010/10/18 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\LolClient
[2010/03/08 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2011/01/14 22:41:40 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\PlayFirst
[2010/11/23 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Roads Of Rome
[2010/03/20 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\SpinTop Games
[2011/01/16 23:32:56 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Supermarket Mania 2
[2010/10/31 12:52:23 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Thunderbird
[2011/03/05 16:53:32 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\uTorrent
[2011/02/19 20:06:45 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/11/06 11:49:40 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========
[2011/02/03 16:37:39 | 000,957,756 | ---- | M] ()(C:\Users\Public\Documents\?1?.docx) -- C:\Users\Public\Documents\第1章.docx
[2011/02/03 16:37:35 | 000,957,756 | ---- | C] ()(C:\Users\Public\Documents\?1?.docx) -- C:\Users\Public\Documents\第1章.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BFC41B39
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AF9BF410
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F81E7082

< End of report >

OTL Extras logfile created on: 3/5/2011 4:48:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Cherry\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.37 Gb Total Space | 155.37 Gb Free Space | 53.51% Space Free | Partition Type: NTFS

Computer Name: CHERRY-VAIO | User Name: Cherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\0e2be3cc\fie\2be3cccduec.exe" = C:\Program Files\0e2be3cc\fie\2be3cccduec.exe:*:Enabled:2be3cccduec -- ()
"C:\Program Files\0e2be3cc\fie\2be3cccduec.exe" = C:\Program Files\0e2be3cc\fie\2be3cccduec.exe:*:Enabled:2be3cccduec -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CanonMyPrinter" = Canon My Printer
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{852FD55C-9C56-4830-9F9F-7BFC3CE13B65}" = TurboTax 2010 wariper
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Application Manager for VAIO" = Application Manager for VAIO
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Pronto" = Pronto 3.1.0-D
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"splashtop" = VAIO Quick Web Access
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2011 3:20:57 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/19/2011 3:20:57 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030

Error - 2/19/2011 3:20:57 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030

Error - 2/19/2011 3:20:58 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/19/2011 3:20:58 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2075

Error - 2/19/2011 3:20:58 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2075

Error - 2/19/2011 3:20:59 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/19/2011 3:20:59 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3448

Error - 2/19/2011 3:20:59 AM | Computer Name = Cherry-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3448

Error - 2/19/2011 3:29:05 AM | Computer Name = Cherry-VAIO | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ System Events ]
Error - 3/4/2011 7:14:43 PM | Computer Name = Cherry-VAIO | Source = bowser | ID = 8003
Description =

Error - 3/4/2011 7:38:43 PM | Computer Name = Cherry-VAIO | Source = bowser | ID = 8003
Description =

Error - 3/4/2011 8:20:11 PM | Computer Name = Cherry-VAIO | Source = bowser | ID = 8003
Description =

Error - 3/4/2011 8:44:14 PM | Computer Name = Cherry-VAIO | Source = bowser | ID = 8003
Description =

Error - 3/4/2011 10:22:16 PM | Computer Name = Cherry-VAIO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 3/4/2011 10:26:29 PM | Computer Name = Cherry-VAIO | Source = bowser | ID = 8003
Description =

Error - 3/4/2011 11:02:32 PM | Computer Name = Cherry-VAIO | Source = bowser | ID = 8003
Description =

Error - 3/5/2011 12:52:24 PM | Computer Name = Cherry-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService
service to connect.

Error - 3/5/2011 12:52:24 PM | Computer Name = Cherry-VAIO | Source = Service Control Manager | ID = 7000
Description = The HsfXAudioService service failed to start due to the following
error: %%1053

Error - 3/5/2011 12:52:26 PM | Computer Name = Cherry-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.


< End of report >


Thanks!

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:59 PM

Posted 05 March 2011 - 08:46 PM

Hello,

Please do the following:


1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BFC41B39
    @Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:8E5EA40F
    @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:3790BACD
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AF9BF410
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F81E7082
    [2011/02/03 16:37:39 | 000,957,756 | ---- | M] ()(C:\Users\Public\Documents\?1?.docx) -- C:\Users\Public\Documents\第1章.docx
    [2011/02/03 16:37:35 | 000,957,756 | ---- | C] ()(C:\Users\Public\Documents\?1?.docx) -- C:\Users\Public\Documents\第1章.docx
    [2011/02/19 20:06:45 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\At1.job
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O4 - HKCU..\Run: [msnmsgr] File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    [2011/03/01 18:43:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com
    [2011/02/16 08:59:59 | 000,007,533 | ---- | M] () -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\searchplugins\mywebsearch.xml
    [2011/03/01 18:43:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - prefs.js..browser.search.selectedEngine: "qooqlle"
    FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    
    :commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

2.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



3.
  • Double click on the Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.




Things to include in your next reply::
OTL fix log
Otl.txt
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:59 PM

Posted 07 March 2011 - 08:14 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 faketiger

faketiger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 08 March 2011 - 05:16 PM

Ya sorry, I'm still here. I just ran all the tests according to your instruction and so far it seems like it's fixed! The search area on firefox says google instead of qooqlle and i haven't ran into that website since the test yet.

Here are the logs:

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:BFC41B39 deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\ProgramData\TEMP:3790BACD deleted successfully.
ADS C:\ProgramData\TEMP:AF9BF410 deleted successfully.
ADS C:\ProgramData\TEMP:F81E7082 deleted successfully.
C:\Users\Public\Documents\第1章.docx moved successfully.
File C:\Users\Public\Documents\第1章.docx not found.
File C:\Windows\Tasks\At1.job not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar\tbuTor.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\searchplugins\mywebsearch.xml moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
Prefs.js: "qooqlle" removed from browser.search.selectedEngine
Prefs.js: "http://www.qooqlle.com/" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\tbuTor.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Cherry
->Temp folder emptied: 39365 bytes
->Temporary Internet Files folder emptied: 28684241 bytes
->Java cache emptied: 1878253 bytes
->FireFox cache emptied: 115016520 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3989 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3544 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 4089342259 bytes

Total Files Cleaned = 4,040.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03082011_123316

Files\Folders moved on Reboot...
C:\Users\Cherry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5990

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/8/2011 12:49:39 PM
mbam-log-2011-03-08 (12-49-39).txt

Scan type: Quick scan
Objects scanned: 163968
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 3/8/2011 1:26:45 PM - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Cherry\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.37 Gb Total Space | 158.52 Gb Free Space | 54.59% Space Free | Partition Type: NTFS

Computer Name: CHERRY-VAIO | User Name: Cherry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Cherry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Cherry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/02/15 21:49:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/07 09:45:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/16 22:24:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/31 12:52:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/10/31 12:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Extensions
[2010/10/31 12:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/04 13:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/08 12:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\extensions
[2011/02/17 18:53:05 | 000,001,860 | ---- | M] () -- C:\Users\Cherry\AppData\Roaming\Mozilla\Firefox\Profiles\xjyge6dh.default\searchplugins\search.xml
[2010/02/04 13:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/26 23:59:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/24 12:40:11 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CHERRY\APPDATA\ROAMING\MOVE NETWORKS
[2010/06/26 23:59:38 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/26 23:59:38 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/07 15:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 15:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
[2010/06/26 23:59:39 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2011/01/30 14:57:00 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/10/07 09:45:02 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/10/07 09:45:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/10/07 09:45:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/10/07 09:45:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/10/07 09:45:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/10/07 09:45:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/10/07 09:45:03 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/15 18:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 18:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/11/07 23:17:17 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/01/15 18:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 18:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 18:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 18:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/15 18:13:03 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/03/08 12:33:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {6D710E75-1B0D-7CD4-06D9-6BA346342240} - File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Cherry\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 12:33:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/05 17:22:23 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Auslogics
[2011/03/05 17:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/03/05 17:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/03/05 16:47:41 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
[2011/03/04 11:52:32 | 000,000,000 | ---D | C] -- C:\Users\Cherry\Desktop\Bootkit remover
[2011/03/04 11:45:01 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cherry\Desktop\tdsskiller.exe
[2011/03/04 10:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/01 18:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/03/01 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/03/01 18:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar
[2011/02/23 11:04:12 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 11:04:12 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 11:04:11 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 11:04:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/21 18:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/21 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/02/19 16:12:29 | 000,000,000 | ---D | C] -- C:\Users\Cherry\Documents\TurboTax
[2011/02/19 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Intuit
[2011/02/19 16:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2011/02/19 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Local\IsolatedStorage
[2011/02/19 16:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2011/02/19 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2011/02/19 16:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/02/17 23:28:15 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/17 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/02/17 22:17:36 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\Malwarebytes
[2011/02/17 22:17:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/17 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/17 22:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/02/17 22:17:22 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/17 22:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/16 09:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/02/16 09:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/02/16 09:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/02/15 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cherry\AppData\Roaming\AVG10
[2011/02/15 21:50:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/15 21:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/15 21:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/15 21:48:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/02/15 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/13 20:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/02/12 23:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/09 15:52:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/09 15:52:14 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/09 15:52:14 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/09 15:52:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/09 15:52:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/09 15:52:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/09 15:52:13 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/09 15:52:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/09 15:52:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/09 15:52:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/09 15:52:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/09 15:52:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/09 15:51:37 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/09 15:51:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/09 15:51:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/09 15:51:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/09 15:51:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/09 15:51:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/09 15:51:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/09 15:51:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/09 15:51:32 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/09 15:51:32 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/09 15:51:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/09 15:51:30 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/09 15:51:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/09 15:51:30 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/09 15:51:29 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 15:51:29 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 15:51:28 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 15:51:28 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 15:51:27 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 15:51:27 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 15:51:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 15:51:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[1 C:\Users\Cherry\Desktop\*.tmp files -> C:\Users\Cherry\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/08 12:46:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171581760-2390547523-882710135-1001UA.job
[2011/03/08 12:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/08 12:43:24 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 12:43:24 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 12:35:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/08 12:35:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/08 12:35:26 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/08 12:33:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/03/08 10:40:57 | 108,045,197 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/06 14:02:42 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171581760-2390547523-882710135-1001Core.job
[2011/03/05 16:47:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Cherry\Desktop\OTL.exe
[2011/03/04 11:54:02 | 000,080,384 | ---- | M] () -- C:\Users\Cherry\Desktop\MBRCheck.exe
[2011/03/04 11:45:04 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cherry\Desktop\tdsskiller.exe
[2011/02/21 18:20:34 | 000,001,056 | -H-- | M] () -- C:\IPH.PH
[2011/02/21 18:20:33 | 000,001,933 | ---- | M] () -- C:\Users\Cherry\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/20 11:44:59 | 000,230,227 | ---- | M] () -- C:\Users\Cherry\Desktop\New schedule.pdf
[2011/02/20 11:32:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/20 11:32:07 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/20 11:32:07 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/20 08:54:05 | 000,456,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/18 13:25:11 | 000,000,000 | ---- | M] () -- C:\Users\Cherry\defogger_reenable
[2011/02/16 22:24:10 | 000,004,535 | ---- | M] () -- C:\Windows\wininit.ini
[2011/02/15 21:50:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011/02/15 21:50:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[1 C:\Users\Cherry\Desktop\*.tmp files -> C:\Users\Cherry\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/08 10:40:57 | 108,045,197 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/04 11:54:02 | 000,080,384 | ---- | C] () -- C:\Users\Cherry\Desktop\MBRCheck.exe
[2011/02/20 11:44:59 | 000,230,227 | ---- | C] () -- C:\Users\Cherry\Desktop\New schedule.pdf
[2011/02/18 13:25:11 | 000,000,000 | ---- | C] () -- C:\Users\Cherry\defogger_reenable
[2011/02/16 22:23:38 | 000,004,535 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/13 20:30:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/27 21:11:46 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2009/12/08 22:33:05 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/11/29 00:46:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/28 15:45:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/08/18 18:16:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/18 17:46:36 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/18 17:46:34 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/18 17:46:34 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/08/18 17:46:33 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/12/09 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\acccore
[2011/03/05 17:26:00 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Auslogics
[2011/02/15 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\AVG10
[2010/12/19 23:45:54 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Big Fish Games
[2010/11/06 22:43:04 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Boolat Games
[2009/12/22 19:09:56 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Canon
[2011/02/04 13:39:38 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\DivoGames
[2010/10/16 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\ERS G-Studio
[2010/10/10 08:27:47 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\ERS Game Studios
[2011/01/27 21:11:46 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\FlashgetSetup
[2010/11/09 19:34:47 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Fuzzy Games
[2010/11/06 23:10:48 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\GameHouse
[2010/04/19 22:14:09 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\GameMill Entertainment
[2011/02/01 21:29:51 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\HdO Adventure
[2010/08/09 08:49:28 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\HorizonWimba
[2010/02/19 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\ICAClient
[2010/05/05 11:18:47 | 000,000,000 | RHSD | M] -- C:\Users\Cherry\AppData\Roaming\install
[2011/02/09 20:16:23 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Islands
[2010/12/04 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Jane s Hotel
[2010/10/18 20:46:03 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\LolClient
[2010/03/08 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2011/01/14 22:41:40 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\PlayFirst
[2010/11/23 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Roads Of Rome
[2010/03/20 20:51:49 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\SpinTop Games
[2011/01/16 23:32:56 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Supermarket Mania 2
[2010/10/31 12:52:23 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\Thunderbird
[2011/03/07 09:17:09 | 000,000,000 | ---D | M] -- C:\Users\Cherry\AppData\Roaming\uTorrent
[2011/03/08 10:34:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >




I think those are the only logs I could find. Thanks!

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:59 PM

Posted 08 March 2011 - 07:24 PM

Hello, faketiger.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Double click Posted Image on your desktop to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Edited by fireman4it, 08 March 2011 - 07:25 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 faketiger

faketiger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 09 March 2011 - 05:56 PM

Thank you so much!

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:59 PM

Posted 09 March 2011 - 07:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users