Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe maxing out cpu, AVG reporting blocking blackhole exploit kits & Java Trojans, FF opening new ad tabs.


  • This topic is locked This topic is locked
14 replies to this topic

#1 AmandaV

AmandaV

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:29 PM

Posted 08 October 2011 - 06:39 AM

Yesterday I noticed my laptop lagging and after checking windows task manager I found Ping.exe using all unused CPU to max it out at 100%. I have tried ending the process tree but shortly after it restarts itself. Also WLIDSVC.EXE and WLIDSVCM.EXE are running and I do not remember them running before and when ending them they also restart around the same time as Ping.exe. When clicking links it will go to them but also open a new tab in FF for a ad normally for something shopping related or you've won a gift card ect. Since this has started AVG resident shield has popping up saying it blocked 4 different Java related Trojans within seconds of each other and AVG online shield blocked 2 Exploit Blackhole Exploit Kits (type 1889) and 2 Exploit Blackhole Exploit Kits (type 2060) at different times within 2 days. I have scanned whole computer with AVG and AVG Anti-Rootkit scan a few times and they have found nothing to remove. I have also tried scanning with Housecall, and McAfee Security Scan Plus and have had no luck getting rid of whatever this is. Please Help!!! Thanks in advance! Here are the logs you asked for....

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Gateway at 7:05:19 on 2011-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2255 [GMT -4:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?

b=ACGW&l=0409&m=nv78&r=273612094525l03e4z115a4882v27o
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
uURLSearchHooks: N/A: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin

\2pSrcAs.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG

\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn

\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag

Bar\Toolbar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine

\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX

Plus Web Player\npdivx32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint

EX\ewpexbho.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar

\1.bin\2pSrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn

\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar

\Toolbar.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint

EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "C:\Users\Gateway\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h

-k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation

\NobuActivation.exe" UNATTENDED
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files

(x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -

hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -

hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} - hxxps://www.clientspace.com/download/RapidocsX.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\C696E6B6379737 : NameServer =

208.67.222.222,208.67.220.220
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\C696E6B6379737 : DhcpNameServer = 68.87.72.134

68.87.77.134
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion

\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers

Unite! Snag Bar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine

\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files

(x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon

\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player

\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported

sites - No File
BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar

\1.bin\2pSrcAs.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG

\AVG9\Toolbar\IEToolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO-X64: FreeOnlineRadioPlayerRecorder - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs

\cpn\YTSingleInstance.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-

WebPrint EX\ewpexhlp.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn

\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
TB-X64: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag

Bar\Toolbar.dll
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin

\2pbar.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe"

-h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation

\NobuActivation.exe" UNATTENDED
mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\isjogzwl.Amanda\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-

US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?

d=4b238321&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\Users\Gateway\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-

81a0-3fe44b74abe8}
FF - Ext: CouponAlert: 2pffxtbr@CouponAlert_2p.com - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar

em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar

em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-10-08 10:24:35 -------- d-----w- C:\Users\Gateway\AppData\Local\{95998430-2D84-4A51-A1CE-

C01F68C2E2F4}
2011-10-08 02:52:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates

\{57AC453B-2127-425C-8BB8-7D833A39F75E}\offreg.dll
2011-10-07 13:38:44 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates

\{57AC453B-2127-425C-8BB8-7D833A39F75E}\mpengine.dll
2011-10-07 01:41:06 -------- d-----w- C:\Users\Gateway\AppData\Roaming\GetRightToGo
2011-10-06 08:09:56 -------- d-----w- C:\Users\Gateway\AppData\Roaming\ParetoLogic
2011-10-06 08:09:56 -------- d-----w- C:\Users\Gateway\AppData\Roaming\DriverCure
2011-10-06 08:09:38 -------- d-----w- C:\ProgramData\ParetoLogic
2011-10-06 08:06:23 -------- d-----w- C:\Users\Gateway\AppData\Local\AVG Security Toolbar
2011-10-06 06:42:12 -------- d--h--w- C:\ProgramData\Common Files
2011-10-06 06:37:27 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2011-10-05 21:20:17 -------- d-----we C:\Windows\system64
2011-09-21 01:56:10 -------- d-----w- C:\Program Files (x86)\CouponAlert_2p
2011-09-21 01:55:40 -------- d-----w- C:\Program Files (x86)\CouponAlert_2pEI
2011-09-16 20:56:58 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-09-15 07:00:24 -------- d-----w- C:\1c5e208c452cd738b206d42006
2011-09-15 02:30:14 -------- d-----w- C:\Users\Gateway\AppData\Local\{F69419D2-5B86-4E82-A354-

7FE15B52E15A}
.
==================== Find3M ====================
.
2011-10-06 06:37:31 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-10-06 06:37:27 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-10-06 06:37:11 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSwa.sys
2011-10-06 06:37:03 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-06 06:36:57 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-08-28 04:01:24 271424 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-08-13 03:42:42 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-30 23:54:17 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-30 23:54:17 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-19 09:39:57 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 7:11:13.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:29 PM

Posted 13 October 2011 - 06:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422445 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 AmandaV

AmandaV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:29 PM

Posted 13 October 2011 - 07:49 AM

The problems are the same as the original post. The only thing I have been able to do is suspend Ping.exe under Resource Monitor which has stopped it from running and maxing out my CPU. It has also slowed down the pop-ups quite a bit but I do still get one occasionally and they seem to be coming mostly from testedonline. I have to suspend Ping.exe every time I reboot but it seems to stay suspended once I stop it. I do not have the original Windows discs. Ping.exe was suspended when I ran DDS if that makes a difference. I don't remember if I left it open on the original scan.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Gateway at 8:36:10 on 2011-10-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.2182 [GMT -4:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\perfmon.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?

b=ACGW&l=0409&m=nv78&r=273612094525l03e4z115a4882v27o
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
uURLSearchHooks: N/A: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin

\2pSrcAs.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG

\AVG9\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn

\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag

Bar\Toolbar.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine

\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX

Plus Web Player\npdivx32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint

EX\ewpexbho.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar

\1.bin\2pSrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn

\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar

\Toolbar.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint

EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "C:\Users\Gateway\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -update activex
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h

-k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation

\NobuActivation.exe" UNATTENDED
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files

(x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -

hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-

i586.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} -

hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} - hxxps://www.clientspace.com/download/RapidocsX.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\C696E6B6379737 : NameServer =

208.67.222.222,208.67.220.220
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\C696E6B6379737 : DhcpNameServer = 68.87.72.134

68.87.77.134
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\E4544574541425 : NameServer =

208.67.222.222,208.67.220.220
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion

\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files

\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Gamers Unite! Snag Bar BHO: {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers

Unite! Snag Bar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine

\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files

(x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon

\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player

\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported

sites - No File
BHO-X64: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar

\1.bin\2pSrcAs.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files

(x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG

\AVG9\Toolbar\IEToolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
BHO-X64: FreeOnlineRadioPlayerRecorder - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs

\cpn\YTSingleInstance.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-

WebPrint EX\ewpexhlp.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn

\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar

\IEToolbar.dll
TB-X64: Gamers Unite! Snag Bar: {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag

Bar\Toolbar.dll
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files

(x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll
TB-X64: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin

\2pbar.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe"

-h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation

\NobuActivation.exe" UNATTENDED
mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\isjogzwl.Amanda\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-

US:official
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?

d=4b238321&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\Users\Gateway\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions

\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-

81a0-3fe44b74abe8}
FF - Ext: CouponAlert: 2pffxtbr@CouponAlert_2p.com - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers

\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS

\avgfwd6a.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers

\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows

\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers

\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows

\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS

\vwififlt.sys [?]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-10-6 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-10-6 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2011-10-6 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-10-6

5897808]
R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2011-9-20 42504]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28

844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

[2009-8-20 62720]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver

\Platform_WIN764\AVGIDSDriver.sys [2009-12-12 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver

\Platform_WIN764\AVGIDSFilter.sys [2009-12-12 35920]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys

[?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows

\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:

\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS

\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET

\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

[2011-10-6 947528]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23

1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-13

136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan

\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows

\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-7-29 19544]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows

\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS

[?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS

\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows

\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22

57184]
.
=============== Created Last 30 ================
.
2011-10-13 07:09:00 -------- d-----w- C:\80c6aa5c2417c63d12
2011-10-13 04:37:02 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates

\{45FF5CB5-45B4-4F83-ABD6-733D1E4B7D4E}\offreg.dll
2011-10-13 04:37:01 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates

\{45FF5CB5-45B4-4F83-ABD6-733D1E4B7D4E}\mpengine.dll
2011-10-08 10:24:35 -------- d-----w- C:\Users\Gateway\AppData\Local\{95998430-2D84-4A51-A1CE-

C01F68C2E2F4}
2011-10-07 01:41:06 -------- d-----w- C:\Users\Gateway\AppData\Roaming\GetRightToGo
2011-10-06 08:09:56 -------- d-----w- C:\Users\Gateway\AppData\Roaming\ParetoLogic
2011-10-06 08:09:56 -------- d-----w- C:\Users\Gateway\AppData\Roaming\DriverCure
2011-10-06 08:09:38 -------- d-----w- C:\ProgramData\ParetoLogic
2011-10-06 08:06:23 -------- d-----w- C:\Users\Gateway\AppData\Local\AVG Security Toolbar
2011-10-06 06:42:12 -------- d--h--w- C:\ProgramData\Common Files
2011-10-06 06:37:27 13048 ----a-w- C:\Windows\System32\avgrssta.dll
2011-10-05 21:20:17 -------- d-----we C:\Windows\system64
2011-09-21 01:56:10 -------- d-----w- C:\Program Files (x86)\CouponAlert_2p
2011-09-21 01:55:40 -------- d-----w- C:\Program Files (x86)\CouponAlert_2pEI
2011-09-16 20:56:58 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-09-15 07:00:24 -------- d-----w- C:\1c5e208c452cd738b206d42006
2011-09-15 02:30:14 -------- d-----w- C:\Users\Gateway\AppData\Local\{F69419D2-5B86-4E82-A354-

7FE15B52E15A}
.
==================== Find3M ====================
.
2011-10-06 06:37:31 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-10-06 06:37:27 35664 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-10-06 06:37:11 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSwa.sys
2011-10-06 06:37:03 269904 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-06 06:36:57 56008 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-08-28 04:01:24 271424 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-08-13 03:42:42 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-30 23:54:17 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-30 23:54:17 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-19 09:39:57 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-19 09:05:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 8:37:03.22 ===============

Attached Files



#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 13 October 2011 - 09:15 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 13 October 2011 - 09:21 AM

Hi,

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
    • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Edit: Also can you turn WordWrap off for me please (makes the logs easier to read). In Notepad click Format, then untick WordWrap.

Casey

Edited by Casey_boy, 13 October 2011 - 09:34 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 AmandaV

AmandaV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:29 PM

Posted 13 October 2011 - 07:31 PM

Hello Casey. Thank you for all your help. This is starting to drive me mad. Like I said in earlier posts I still get an occasional pop-up but as long as I have Ping suspended it is seeming to run okay for the time being but of course I would rather get rid of the problem completely then just using a way around it. TDSSKiller did not find anything malicious or suspicious but here are the logs you asked for.

20:11:59.0534 6796 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
20:12:01.0546 6796 ============================================================
20:12:01.0546 6796 Current date / time: 2011/10/13 20:12:01.0546
20:12:01.0546 6796 SystemInfo:
20:12:01.0546 6796
20:12:01.0546 6796 OS Version: 6.1.7601 ServicePack: 1.0
20:12:01.0546 6796 Product type: Workstation
20:12:01.0546 6796 ComputerName: GATEWAY-PC
20:12:01.0546 6796 UserName: Gateway
20:12:01.0546 6796 Windows directory: C:\Windows
20:12:01.0546 6796 System windows directory: C:\Windows
20:12:01.0546 6796 Running under WOW64
20:12:01.0546 6796 Processor architecture: Intel x64
20:12:01.0546 6796 Number of processors: 2
20:12:01.0546 6796 Page size: 0x1000
20:12:01.0546 6796 Boot type: Normal boot
20:12:01.0546 6796 ============================================================
20:12:03.0028 6796 Initialize success
20:12:32.0497 6028 ============================================================
20:12:32.0497 6028 Scan started
20:12:32.0497 6028 Mode: Manual;
20:12:32.0497 6028 ============================================================
20:12:34.0119 6028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:34.0135 6028 1394ohci - ok
20:12:34.0166 6028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:34.0182 6028 ACPI - ok
20:12:34.0291 6028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:34.0291 6028 AcpiPmi - ok
20:12:34.0384 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:34.0384 6028 adp94xx - ok
20:12:34.0509 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:34.0525 6028 adpahci - ok
20:12:34.0572 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:34.0587 6028 adpu320 - ok
20:12:34.0712 6028 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:12:34.0712 6028 AFD - ok
20:12:34.0806 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:34.0821 6028 agp440 - ok
20:12:34.0852 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:34.0868 6028 aliide - ok
20:12:34.0962 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:34.0962 6028 amdide - ok
20:12:35.0008 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:35.0008 6028 AmdK8 - ok
20:12:35.0086 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:35.0102 6028 AmdPPM - ok
20:12:35.0149 6028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:12:35.0149 6028 amdsata - ok
20:12:35.0242 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:35.0242 6028 amdsbs - ok
20:12:35.0305 6028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:12:35.0305 6028 amdxata - ok
20:12:35.0414 6028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:35.0414 6028 AppID - ok
20:12:35.0476 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:35.0476 6028 arc - ok
20:12:35.0554 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:35.0570 6028 arcsas - ok
20:12:35.0601 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:35.0601 6028 AsyncMac - ok
20:12:35.0695 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:35.0695 6028 atapi - ok
20:12:35.0882 6028 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
20:12:35.0991 6028 atikmdag - ok
20:12:36.0178 6028 Avgfwfd (b611370218f2a7dd6d0f089781eb8eae) C:\Windows\system32\DRIVERS\avgfwd6a.sys
20:12:36.0178 6028 Avgfwfd - ok
20:12:36.0272 6028 AVGIDSDriverw7a (0bd9d87bd41ce736d3096097dd4065b7) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys
20:12:36.0288 6028 AVGIDSDriverw7a - ok
20:12:36.0381 6028 AVGIDSErHrw7a (673703efcf80b548fab88d7dc536f727) C:\Windows\system32\Drivers\AVGIDSwa.sys
20:12:36.0381 6028 AVGIDSErHrw7a - ok
20:12:36.0522 6028 AVGIDSFilterw7a (96feb9648b1db7a012a4e2f9c149abc4) C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys
20:12:36.0522 6028 AVGIDSFilterw7a - ok
20:12:36.0631 6028 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
20:12:36.0646 6028 AvgLdx64 - ok
20:12:36.0678 6028 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
20:12:36.0678 6028 AvgMfx64 - ok
20:12:36.0771 6028 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
20:12:36.0771 6028 AvgRkx64 - ok
20:12:36.0818 6028 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
20:12:36.0818 6028 AvgTdiA - ok
20:12:36.0943 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:36.0958 6028 b06bdrv - ok
20:12:37.0068 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:37.0068 6028 b57nd60a - ok
20:12:37.0192 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:37.0208 6028 Beep - ok
20:12:37.0348 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:37.0348 6028 blbdrive - ok
20:12:37.0395 6028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:37.0395 6028 bowser - ok
20:12:37.0489 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:37.0489 6028 BrFiltLo - ok
20:12:37.0504 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:37.0520 6028 BrFiltUp - ok
20:12:37.0551 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:37.0551 6028 Brserid - ok
20:12:37.0645 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:37.0660 6028 BrSerWdm - ok
20:12:37.0676 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:37.0692 6028 BrUsbMdm - ok
20:12:37.0770 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:37.0785 6028 BrUsbSer - ok
20:12:37.0801 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:12:37.0801 6028 BTHMODEM - ok
20:12:37.0941 6028 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:12:37.0941 6028 CAXHWAZL - ok
20:12:37.0972 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:12:37.0972 6028 cdfs - ok
20:12:38.0097 6028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:12:38.0097 6028 cdrom - ok
20:12:38.0160 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:12:38.0160 6028 circlass - ok
20:12:38.0253 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:12:38.0269 6028 CLFS - ok
20:12:38.0347 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:12:38.0347 6028 CmBatt - ok
20:12:38.0440 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:12:38.0456 6028 cmdide - ok
20:12:38.0487 6028 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:12:38.0503 6028 CNG - ok
20:12:38.0581 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:12:38.0581 6028 Compbatt - ok
20:12:38.0674 6028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:12:38.0721 6028 CompositeBus - ok
20:12:38.0924 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:12:38.0924 6028 crcdisk - ok
20:12:39.0064 6028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:12:39.0064 6028 DfsC - ok
20:12:39.0096 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:12:39.0096 6028 discache - ok
20:12:39.0205 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:12:39.0205 6028 Disk - ok
20:12:39.0236 6028 DKbFltr - ok
20:12:39.0330 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:12:39.0330 6028 drmkaud - ok
20:12:39.0376 6028 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:12:39.0376 6028 dtsoftbus01 - ok
20:12:39.0501 6028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:12:39.0517 6028 DXGKrnl - ok
20:12:39.0688 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:12:39.0766 6028 ebdrv - ok
20:12:39.0891 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:12:39.0907 6028 elxstor - ok
20:12:40.0016 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:12:40.0016 6028 ErrDev - ok
20:12:40.0063 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:12:40.0078 6028 exfat - ok
20:12:40.0172 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:12:40.0172 6028 fastfat - ok
20:12:40.0203 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:12:40.0203 6028 fdc - ok
20:12:40.0312 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:12:40.0312 6028 FileInfo - ok
20:12:40.0359 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:12:40.0359 6028 Filetrace - ok
20:12:40.0375 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:12:40.0390 6028 flpydisk - ok
20:12:40.0500 6028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:12:40.0500 6028 FltMgr - ok
20:12:40.0546 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:12:40.0546 6028 FsDepends - ok
20:12:40.0656 6028 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
20:12:40.0656 6028 fssfltr - ok
20:12:40.0702 6028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:12:40.0702 6028 Fs_Rec - ok
20:12:40.0827 6028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:12:40.0843 6028 fvevol - ok
20:12:40.0890 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:12:40.0890 6028 gagp30kx - ok
20:12:41.0030 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:12:41.0030 6028 hcw85cir - ok
20:12:41.0092 6028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:12:41.0092 6028 HdAudAddService - ok
20:12:41.0202 6028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:12:41.0202 6028 HDAudBus - ok
20:12:41.0248 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:12:41.0248 6028 HidBatt - ok
20:12:41.0342 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:12:41.0342 6028 HidBth - ok
20:12:41.0373 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:12:41.0389 6028 HidIr - ok
20:12:41.0514 6028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:12:41.0529 6028 HidUsb - ok
20:12:41.0545 6028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:12:41.0560 6028 HpSAMD - ok
20:12:41.0701 6028 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:12:41.0716 6028 HSF_DPV - ok
20:12:41.0841 6028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:12:41.0857 6028 HTTP - ok
20:12:41.0950 6028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:12:41.0950 6028 hwpolicy - ok
20:12:42.0013 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:12:42.0013 6028 i8042prt - ok
20:12:42.0153 6028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:12:42.0169 6028 iaStorV - ok
20:12:42.0512 6028 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:12:42.0715 6028 igfx - ok
20:12:42.0808 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:12:42.0824 6028 iirsp - ok
20:12:42.0918 6028 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
20:12:42.0949 6028 IntcAzAudAddService - ok
20:12:43.0042 6028 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
20:12:43.0042 6028 IntcHdmiAddService - ok
20:12:43.0089 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:12:43.0089 6028 intelide - ok
20:12:43.0198 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:12:43.0198 6028 intelppm - ok
20:12:43.0245 6028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:12:43.0261 6028 IpFilterDriver - ok
20:12:43.0370 6028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:12:43.0370 6028 IPMIDRV - ok
20:12:43.0417 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:12:43.0417 6028 IPNAT - ok
20:12:43.0526 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:12:43.0526 6028 IRENUM - ok
20:12:43.0573 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:12:43.0588 6028 isapnp - ok
20:12:43.0635 6028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:12:43.0635 6028 iScsiPrt - ok
20:12:43.0744 6028 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:12:43.0760 6028 k57nd60a - ok
20:12:43.0822 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:12:43.0822 6028 kbdclass - ok
20:12:43.0978 6028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:12:43.0978 6028 kbdhid - ok
20:12:44.0041 6028 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:12:44.0041 6028 KSecDD - ok
20:12:44.0134 6028 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:12:44.0134 6028 KSecPkg - ok
20:12:44.0181 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:12:44.0197 6028 ksthunk - ok
20:12:44.0337 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:12:44.0337 6028 lltdio - ok
20:12:44.0400 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:12:44.0400 6028 LSI_FC - ok
20:12:44.0493 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:12:44.0509 6028 LSI_SAS - ok
20:12:44.0540 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:12:44.0540 6028 LSI_SAS2 - ok
20:12:44.0634 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:12:44.0634 6028 LSI_SCSI - ok
20:12:44.0680 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:12:44.0680 6028 luafv - ok
20:12:44.0821 6028 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:12:44.0821 6028 mdmxsdk - ok
20:12:44.0852 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:12:44.0852 6028 megasas - ok
20:12:44.0883 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:12:44.0883 6028 MegaSR - ok
20:12:44.0977 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:12:44.0992 6028 Modem - ok
20:12:45.0008 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:12:45.0008 6028 monitor - ok
20:12:45.0102 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:12:45.0102 6028 mouclass - ok
20:12:45.0180 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:12:45.0180 6028 mouhid - ok
20:12:45.0242 6028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:12:45.0242 6028 mountmgr - ok
20:12:45.0289 6028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:12:45.0289 6028 mpio - ok
20:12:45.0367 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:12:45.0382 6028 mpsdrv - ok
20:12:45.0445 6028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:12:45.0460 6028 MRxDAV - ok
20:12:45.0538 6028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:12:45.0538 6028 mrxsmb - ok
20:12:45.0601 6028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:12:45.0601 6028 mrxsmb10 - ok
20:12:45.0663 6028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:12:45.0663 6028 mrxsmb20 - ok
20:12:45.0726 6028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:12:45.0726 6028 msahci - ok
20:12:45.0804 6028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:12:45.0819 6028 msdsm - ok
20:12:45.0882 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:12:45.0882 6028 Msfs - ok
20:12:45.0960 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:12:45.0960 6028 mshidkmdf - ok
20:12:46.0022 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:12:46.0022 6028 msisadrv - ok
20:12:46.0100 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:12:46.0100 6028 MSKSSRV - ok
20:12:46.0162 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:12:46.0162 6028 MSPCLOCK - ok
20:12:46.0178 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:12:46.0178 6028 MSPQM - ok
20:12:46.0256 6028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:12:46.0256 6028 MsRPC - ok
20:12:46.0334 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:12:46.0334 6028 mssmbios - ok
20:12:46.0396 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:12:46.0396 6028 MSTEE - ok
20:12:46.0443 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:12:46.0443 6028 MTConfig - ok
20:12:46.0506 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:12:46.0506 6028 Mup - ok
20:12:46.0599 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:12:46.0615 6028 NativeWifiP - ok
20:12:46.0708 6028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:12:46.0724 6028 NDIS - ok
20:12:46.0833 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:12:46.0849 6028 NdisCap - ok
20:12:46.0880 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:12:46.0896 6028 NdisTapi - ok
20:12:47.0005 6028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:12:47.0005 6028 Ndisuio - ok
20:12:47.0052 6028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:12:47.0052 6028 NdisWan - ok
20:12:47.0098 6028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:12:47.0098 6028 NDProxy - ok
20:12:47.0208 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:12:47.0208 6028 NetBIOS - ok
20:12:47.0254 6028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:12:47.0254 6028 NetBT - ok
20:12:47.0551 6028 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:12:47.0707 6028 NETw5s64 - ok
20:12:47.0941 6028 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
20:12:48.0066 6028 netw5v64 - ok
20:12:48.0175 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:12:48.0175 6028 nfrd960 - ok
20:12:48.0300 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:12:48.0300 6028 Npfs - ok
20:12:48.0331 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:12:48.0331 6028 nsiproxy - ok
20:12:48.0424 6028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:12:48.0440 6028 Ntfs - ok
20:12:48.0534 6028 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:12:48.0534 6028 NTIDrvr - ok
20:12:48.0549 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:12:48.0549 6028 Null - ok
20:12:48.0596 6028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:12:48.0596 6028 nvraid - ok
20:12:48.0705 6028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:12:48.0721 6028 nvstor - ok
20:12:48.0736 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:12:48.0752 6028 nv_agp - ok
20:12:48.0768 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:12:48.0783 6028 ohci1394 - ok
20:12:48.0877 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:12:48.0892 6028 Parport - ok
20:12:48.0939 6028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:12:48.0939 6028 partmgr - ok
20:12:49.0033 6028 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
20:12:49.0033 6028 pbfilter - ok
20:12:49.0158 6028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:12:49.0158 6028 pci - ok
20:12:49.0173 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:12:49.0173 6028 pciide - ok
20:12:49.0204 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:49.0204 6028 pcmcia - ok
20:12:49.0298 6028 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
20:12:49.0298 6028 pcouffin - ok
20:12:49.0329 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:12:49.0329 6028 pcw - ok
20:12:49.0360 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:12:49.0376 6028 PEAUTH - ok
20:12:49.0516 6028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:49.0532 6028 PptpMiniport - ok
20:12:49.0563 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:12:49.0563 6028 Processor - ok
20:12:49.0688 6028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:12:49.0688 6028 Psched - ok
20:12:49.0766 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:12:49.0782 6028 ql2300 - ok
20:12:49.0891 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:49.0906 6028 ql40xx - ok
20:12:49.0922 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:12:49.0938 6028 QWAVEdrv - ok
20:12:49.0953 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:49.0953 6028 RasAcd - ok
20:12:50.0062 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:50.0062 6028 RasAgileVpn - ok
20:12:50.0109 6028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:50.0109 6028 Rasl2tp - ok
20:12:50.0218 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:50.0234 6028 RasPppoe - ok
20:12:50.0250 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:50.0250 6028 RasSstp - ok
20:12:50.0296 6028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:50.0296 6028 rdbss - ok
20:12:50.0406 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:50.0421 6028 rdpbus - ok
20:12:50.0468 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:50.0468 6028 RDPCDD - ok
20:12:50.0484 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:12:50.0484 6028 RDPENCDD - ok
20:12:50.0577 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:12:50.0577 6028 RDPREFMP - ok
20:12:50.0608 6028 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:12:50.0624 6028 RDPWD - ok
20:12:50.0733 6028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:12:50.0749 6028 rdyboost - ok
20:12:50.0796 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:50.0796 6028 rspndr - ok
20:12:50.0889 6028 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
20:12:50.0905 6028 RSUSBSTOR - ok
20:12:50.0936 6028 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
20:12:50.0952 6028 RTHDMIAzAudService - ok
20:12:51.0061 6028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:12:51.0061 6028 sbp2port - ok
20:12:51.0108 6028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:12:51.0108 6028 scfilter - ok
20:12:51.0217 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:12:51.0217 6028 secdrv - ok
20:12:51.0248 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:12:51.0264 6028 Serenum - ok
20:12:51.0295 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:12:51.0295 6028 Serial - ok
20:12:51.0404 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:12:51.0404 6028 sermouse - ok
20:12:51.0466 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:12:51.0466 6028 sffdisk - ok
20:12:51.0482 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:12:51.0482 6028 sffp_mmc - ok
20:12:51.0591 6028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:12:51.0591 6028 sffp_sd - ok
20:12:51.0622 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:51.0622 6028 sfloppy - ok
20:12:51.0732 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:51.0732 6028 SiSRaid2 - ok
20:12:51.0763 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:51.0763 6028 SiSRaid4 - ok
20:12:51.0794 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:12:51.0794 6028 Smb - ok
20:12:51.0919 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:12:51.0919 6028 spldr - ok
20:12:51.0966 6028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:12:51.0981 6028 srv - ok
20:12:52.0075 6028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:12:52.0075 6028 srv2 - ok
20:12:52.0106 6028 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:12:52.0122 6028 SrvHsfHDA - ok
20:12:52.0231 6028 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:12:52.0262 6028 SrvHsfV92 - ok
20:12:52.0371 6028 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:12:52.0387 6028 SrvHsfWinac - ok
20:12:52.0480 6028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:52.0480 6028 srvnet - ok
20:12:52.0543 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:12:52.0558 6028 stexstor - ok
20:12:52.0668 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:12:52.0668 6028 swenum - ok
20:12:52.0714 6028 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
20:12:52.0730 6028 SynTP - ok
20:12:52.0870 6028 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
20:12:52.0902 6028 Tcpip - ok
20:12:53.0026 6028 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:53.0042 6028 TCPIP6 - ok
20:12:53.0136 6028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:12:53.0151 6028 tcpipreg - ok
20:12:53.0198 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:12:53.0198 6028 TDPIPE - ok
20:12:53.0307 6028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:12:53.0307 6028 TDTCP - ok
20:12:53.0354 6028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:12:53.0370 6028 tdx - ok
20:12:53.0463 6028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:12:53.0463 6028 TermDD - ok
20:12:53.0510 6028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:53.0526 6028 tssecsrv - ok
20:12:53.0619 6028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:12:53.0619 6028 TsUsbFlt - ok
20:12:53.0682 6028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:53.0697 6028 tunnel - ok
20:12:53.0791 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:12:53.0791 6028 uagp35 - ok
20:12:53.0822 6028 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:12:53.0822 6028 UBHelper - ok
20:12:53.0869 6028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:12:53.0869 6028 udfs - ok
20:12:53.0978 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:12:53.0978 6028 uliagpkx - ok
20:12:54.0040 6028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:12:54.0040 6028 umbus - ok
20:12:54.0134 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:12:54.0134 6028 UmPass - ok
20:12:54.0212 6028 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:12:54.0212 6028 usbaudio - ok
20:12:54.0337 6028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:54.0337 6028 usbccgp - ok
20:12:54.0399 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:12:54.0415 6028 usbcir - ok
20:12:54.0540 6028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:12:54.0540 6028 usbehci - ok
20:12:54.0571 6028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:54.0586 6028 usbhub - ok
20:12:54.0602 6028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:12:54.0602 6028 usbohci - ok
20:12:54.0696 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:54.0696 6028 usbprint - ok
20:12:54.0727 6028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:12:54.0727 6028 usbscan - ok
20:12:54.0789 6028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:12:54.0789 6028 USBSTOR - ok
20:12:54.0898 6028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:12:54.0914 6028 usbuhci - ok
20:12:54.0961 6028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:12:54.0976 6028 usbvideo - ok
20:12:55.0117 6028 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:12:55.0148 6028 VClone - ok
20:12:55.0273 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:12:55.0273 6028 vdrvroot - ok
20:12:55.0320 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:55.0320 6028 vga - ok
20:12:55.0335 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:12:55.0351 6028 VgaSave - ok
20:12:55.0444 6028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:12:55.0444 6028 vhdmp - ok
20:12:55.0491 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:12:55.0491 6028 viaide - ok
20:12:55.0522 6028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:12:55.0522 6028 volmgr - ok
20:12:55.0616 6028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:12:55.0632 6028 volmgrx - ok
20:12:55.0678 6028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:12:55.0678 6028 volsnap - ok
20:12:55.0788 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:55.0788 6028 vsmraid - ok
20:12:55.0819 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:12:55.0819 6028 vwifibus - ok
20:12:55.0881 6028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:12:55.0897 6028 vwififlt - ok
20:12:55.0959 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:12:55.0959 6028 WacomPen - ok
20:12:56.0053 6028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:56.0068 6028 WANARP - ok
20:12:56.0068 6028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:56.0068 6028 Wanarpv6 - ok
20:12:56.0209 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:12:56.0209 6028 Wd - ok
20:12:56.0287 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:12:56.0287 6028 Wdf01000 - ok
20:12:56.0427 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:56.0427 6028 WfpLwf - ok
20:12:56.0458 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:12:56.0458 6028 WIMMount - ok
20:12:56.0505 6028 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:12:56.0521 6028 winachsf - ok
20:12:56.0661 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:12:56.0661 6028 WmiAcpi - ok
20:12:56.0708 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:56.0708 6028 ws2ifsl - ok
20:12:56.0755 6028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:12:56.0755 6028 WudfPf - ok
20:12:56.0864 6028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:56.0864 6028 WUDFRd - ok
20:12:56.0895 6028 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
20:12:56.0911 6028 XAudio - ok
20:12:56.0958 6028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:12:56.0973 6028 \Device\Harddisk0\DR0 - ok
20:12:56.0973 6028 Boot (0x1200) (06b9be63f56282a0b4eabec593459593) \Device\Harddisk0\DR0\Partition0
20:12:56.0973 6028 \Device\Harddisk0\DR0\Partition0 - ok
20:12:56.0989 6028 Boot (0x1200) (c95e24b3a01f90ff779bf69af5b599a9) \Device\Harddisk0\DR0\Partition1
20:12:57.0004 6028 \Device\Harddisk0\DR0\Partition1 - ok
20:12:57.0004 6028 ============================================================
20:12:57.0004 6028 Scan finished
20:12:57.0004 6028 ============================================================
20:12:57.0004 5740 Detected object count: 0
20:12:57.0004 5740 Actual detected object count: 0


OTL logfile created on: 10/13/2011 8:17:31 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Gateway\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.06% Memory free
7.86 Gb Paging File | 6.16 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 49.42 Gb Free Space | 10.89% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/13 20:15:33 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
PRC - [2011/10/06 02:37:34 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2011/10/06 02:37:15 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2011/10/06 02:37:09 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/10/06 02:37:08 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/10/06 02:37:06 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2011/10/06 02:37:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2011/10/06 02:37:02 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2011/10/06 02:36:56 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2011/09/20 21:56:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
PRC - [2011/09/20 21:56:10 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
PRC - [2011/08/17 03:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/20 20:26:00 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/08/20 20:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/18 05:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/28 17:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/12 07:48:10 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/12/12 07:48:09 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/07/08 17:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 18:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/10/06 02:37:15 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/10/06 02:37:08 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/06 02:37:06 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2011/10/06 02:37:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2011/09/20 21:56:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/20 20:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 23:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/06 02:37:31 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/10/06 02:37:27 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/10/06 02:37:11 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2011/10/06 02:37:03 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/10/06 02:36:57 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/08/28 00:01:24 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/12 07:47:44 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2009/12/02 05:03:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 06:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/06 12:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/05/25 16:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/13 20:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 23:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 10:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 10:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 10:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 18:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/10/06 02:37:11 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys -- (AVGIDSFilterw7a)
DRV - [2011/10/06 02:37:10 | 000,132,688 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys -- (AVGIDSDriverw7a)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273612094525l03e4z115a4882v27o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273612094525l03e4z115a4882v27o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273612094525l03e4z115a4882v27o
IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Gateway\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/27 02:03:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/27 02:03:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin [2011/09/20 21:56:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/10/06 02:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/09 17:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/02 01:11:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Gateway\AppData\Roaming\IDM\idmmzcc3

[2010/02/14 06:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gateway\AppData\Roaming\mozilla\Extensions
[2009/12/05 09:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gateway\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/08/11 07:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions
[2010/06/02 02:37:37 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2011/08/11 07:40:00 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/10/13 06:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\isjogzwl.Amanda\extensions
[2011/05/11 01:52:59 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\isjogzwl.Amanda\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2011/03/27 03:41:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\isjogzwl.Amanda\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 02:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\isjogzwl.Amanda\extensions\DivXWebPlayer@divx.com-trash
[2011/10/13 06:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/24 15:40:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/10/06 22:22:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Entanglement = C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: DivX HiQ = C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Poppit = C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Gamers Unite! Snag Bar BHO) - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (COMPANYVERS_NAME)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\Toolbar\WebBrowser: (Gamers Unite! Snag Bar) - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll ()
O3 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001..\Run: [cdloader] C:\Users\Gateway\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8:64bit: - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..Trusted Domains: g ([]* in Local intranet)
O15 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..Trusted Domains: my%20book ([]file in Local intranet)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} https://www.clientspace.com/download/RapidocsX.cab (LedaX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ef417874-e01d-11de-84a7-0026227f18c7}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{ef417874-e01d-11de-84a7-0026227f18c7}\Shell\phone\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 20:15:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2011/10/13 20:09:20 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gateway\Desktop\tdsskiller.exe
[2011/10/13 20:00:11 | 000,000,000 | R--D | C] -- C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/10/13 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Gateway\Desktop\New folder
[2011/10/13 03:09:00 | 000,000,000 | ---D | C] -- C:\80c6aa5c2417c63d12
[2011/10/13 03:01:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 03:01:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 03:01:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 03:01:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 03:01:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 03:01:22 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 03:01:22 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 03:01:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/13 03:01:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 00:57:43 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 00:57:42 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 00:57:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 00:57:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 00:57:27 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 00:57:26 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/08 07:03:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Gateway\Desktop\dds.scr
[2011/10/08 06:24:35 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{95998430-2D84-4A51-A1CE-C01F68C2E2F4}
[2011/10/07 01:50:22 | 002,405,576 | ---- | C] (Trend Micro Inc.) -- C:\Users\Gateway\Desktop\HousecallLauncher64.exe
[2011/10/06 23:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/06 22:22:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/06 22:22:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/06 22:22:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/06 21:41:06 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Roaming\GetRightToGo
[2011/10/06 21:41:06 | 000,000,000 | ---D | C] -- C:\Users\Gateway\Documents\Downloads
[2011/10/06 04:27:24 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\mseinstall.exe
[2011/10/06 04:09:56 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Roaming\ParetoLogic
[2011/10/06 04:09:56 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Roaming\DriverCure
[2011/10/06 04:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/10/06 04:06:23 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\AVG Security Toolbar
[2011/10/06 02:42:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/06 02:37:27 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2011/10/05 17:20:17 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/09/20 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponAlert_2p
[2011/09/20 21:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponAlert_2pEI
[2011/09/16 16:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2011/09/15 03:00:24 | 000,000,000 | ---D | C] -- C:\1c5e208c452cd738b206d42006
[2011/09/14 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\Gateway\AppData\Local\{F69419D2-5B86-4E82-A354-7FE15B52E15A}
[2009/12/02 05:03:52 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Gateway\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/13 20:15:33 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Gateway\Desktop\OTL.exe
[2011/10/13 20:09:26 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gateway\Desktop\tdsskiller.exe
[2011/10/13 20:00:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 19:31:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 11:38:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 11:38:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 11:30:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/13 11:30:21 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 11:29:37 | 3166,158,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 09:15:18 | 000,036,434 | ---- | M] () -- C:\Users\Gateway\Desktop\314311_277656252254589_262640037089544_931806_1512499316_n.jpg
[2011/10/13 03:26:23 | 087,132,222 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/10/13 03:04:30 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/13 03:04:30 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/13 03:04:30 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/12 11:27:01 | 000,662,551 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2011/10/12 03:56:54 | 000,001,175 | ---- | M] () -- C:\Users\Gateway\AppData\Roaming\vso_ts_preview.xml
[2011/10/10 19:19:47 | 000,007,592 | ---- | M] () -- C:\Users\Gateway\AppData\Local\Resmon.ResmonCfg
[2011/10/08 07:03:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Gateway\Desktop\dds.scr
[2011/10/08 07:02:19 | 000,000,178 | ---- | M] () -- C:\Users\Gateway\defogger_reenable
[2011/10/08 07:01:39 | 000,050,477 | ---- | M] () -- C:\Users\Gateway\Desktop\Defogger.exe
[2011/10/07 06:13:31 | 006,832,689 | ---- | M] () -- C:\Users\Gateway\AppData\Local\census.cache
[2011/10/07 06:05:26 | 000,114,585 | ---- | M] () -- C:\Users\Gateway\AppData\Local\ars.cache
[2011/10/07 02:02:11 | 002,405,576 | ---- | M] (Trend Micro Inc.) -- C:\Users\Gateway\Desktop\HousecallLauncher64.exe
[2011/10/07 01:50:47 | 000,000,036 | ---- | M] () -- C:\Users\Gateway\AppData\Local\housecall.guid.cache
[2011/10/06 04:32:27 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/06 04:27:44 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Gateway\Desktop\mseinstall.exe
[2011/10/06 02:37:31 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2011/10/06 02:37:27 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2011/10/06 02:37:27 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2011/10/06 02:37:11 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys
[2011/10/06 02:37:03 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2011/10/06 02:36:57 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2011/10/05 20:47:30 | 000,000,000 | ---- | M] () -- C:\Users\Gateway\AppData\Local\{4E035EFE-1243-4726-A119-1F9A3199C0BC}
[2011/10/04 15:32:27 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/16 16:57:11 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2011/09/16 16:57:01 | 000,000,089 | ---- | M] () -- C:\Windows\LManager.UNI
[2011/09/16 07:02:12 | 000,000,938 | ---- | M] () -- C:\Users\Gateway\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/09/16 07:02:12 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/13 09:15:14 | 000,036,434 | ---- | C] () -- C:\Users\Gateway\Desktop\314311_277656252254589_262640037089544_931806_1512499316_n.jpg
[2011/10/08 07:02:19 | 000,000,178 | ---- | C] () -- C:\Users\Gateway\defogger_reenable
[2011/10/08 07:01:35 | 000,050,477 | ---- | C] () -- C:\Users\Gateway\Desktop\Defogger.exe
[2011/10/07 06:13:31 | 006,832,689 | ---- | C] () -- C:\Users\Gateway\AppData\Local\census.cache
[2011/10/07 06:05:26 | 000,114,585 | ---- | C] () -- C:\Users\Gateway\AppData\Local\ars.cache
[2011/10/07 01:50:47 | 000,000,036 | ---- | C] () -- C:\Users\Gateway\AppData\Local\housecall.guid.cache
[2011/10/06 04:32:27 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/05 20:47:30 | 000,000,000 | ---- | C] () -- C:\Users\Gateway\AppData\Local\{4E035EFE-1243-4726-A119-1F9A3199C0BC}
[2011/09/16 16:57:11 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2011/09/16 07:02:12 | 000,000,938 | ---- | C] () -- C:\Users\Gateway\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/09/16 07:02:12 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/09/09 22:52:02 | 000,000,000 | ---- | C] () -- C:\Users\Gateway\AppData\Local\{89E26771-B3C1-423D-8D8D-09AF4A6FAEA0}
[2011/07/05 09:52:40 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\8639e739
[2011/07/05 09:52:40 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\840e75c2
[2011/06/26 23:44:35 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bf38540c
[2011/06/26 23:44:35 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\be7d7c44
[2011/06/26 23:44:23 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\9656b716
[2011/06/26 23:44:23 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\94a66068
[2011/06/26 23:44:07 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\4a670c81
[2011/06/26 23:44:07 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\49ae688f
[2011/06/26 23:44:04 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2c3ffa27
[2011/06/26 23:44:04 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2ac9c999
[2011/06/26 23:44:02 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\8359f15e
[2011/06/26 23:44:01 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\829c8e4f
[2011/06/26 23:43:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\d98aaa47
[2011/06/26 23:43:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\d8ec7e3c
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\c1482d3d
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\c0ad48c6
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bfcbad96
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bf2a13bc
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\be738f24
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bce440df
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bb85c6a4
[2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\baec22e2
[2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a20afad9
[2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a177e36e
[2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a028967a
[2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\9f8cfae4
[2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\97d9f64f
[2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\958544d5
[2011/06/24 01:58:52 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\44eeeec9
[2011/06/24 01:58:52 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\44332451
[2011/06/24 01:58:25 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\973f6740
[2011/06/24 01:58:25 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\96093005
[2011/06/24 01:57:57 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\4ef6f044
[2011/06/24 01:57:57 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\4e48c26f
[2011/06/24 01:57:53 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\da567765
[2011/06/24 01:57:53 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\d91dda5c
[2011/06/24 01:57:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\33baaf21
[2011/06/24 01:57:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\3292604a
[2011/06/24 01:57:26 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\b967a126
[2011/06/24 01:57:26 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\b8704cf0
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2209768b
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2162658d
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1c6aa8c9
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1bcba776
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1a9738e6
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\18d007b6
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1770665f
[2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\16d4ba9f
[2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\fc777a1e
[2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\fbbfd623
[2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a05c3e
[2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2b7e547
[2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2287dae
[2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\17ca2d7
[2011/04/08 17:00:45 | 000,007,592 | ---- | C] () -- C:\Users\Gateway\AppData\Local\Resmon.ResmonCfg
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/24 05:53:50 | 000,006,408 | ---- | C] () -- C:\Program Files (x86)\AgentHelp4.Rtf
[2010/04/24 05:53:50 | 000,005,656 | ---- | C] () -- C:\Program Files (x86)\AgentHelp2.Rtf
[2010/04/24 05:53:50 | 000,005,448 | ---- | C] () -- C:\Program Files (x86)\AgentHelp3.Rtf
[2010/04/24 05:53:50 | 000,005,428 | ---- | C] () -- C:\Program Files (x86)\AgentHelp1.Rtf
[2010/04/24 05:53:11 | 000,001,366 | ---- | C] () -- C:\Program Files (x86)\MasterTickerList.Test
[2010/03/16 08:11:53 | 000,000,000 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\wklnhst.dat
[2010/03/13 01:08:36 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
[2010/02/14 06:01:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/16 18:40:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/12/16 18:40:23 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/16 18:40:23 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/12/16 18:40:21 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/07 23:45:33 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/05 01:34:19 | 000,003,584 | ---- | C] () -- C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 23:07:57 | 000,000,254 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/02 05:05:06 | 000,001,175 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\vso_ts_preview.xml
[2009/12/02 05:03:52 | 000,099,384 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\inst.exe
[2009/12/02 05:03:52 | 000,007,859 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\pcouffin.cat
[2009/12/02 05:03:52 | 000,001,167 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\pcouffin.inf
[2009/08/28 07:27:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/28 06:32:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/10 16:58:22 | 000,072,012 | ---- | C] () -- C:\Windows\SysWow64\SSLEAY32.DLL
[2009/03/10 16:58:18 | 000,315,844 | ---- | C] () -- C:\Windows\SysWow64\LIBEAY32.DLL
[2007/11/06 08:52:24 | 000,023,104 | ---- | C] () -- C:\Windows\SysWow64\svcprmpt.dll
[2007/11/06 08:52:22 | 000,030,976 | ---- | C] () -- C:\Windows\rascntrl.dll
[2007/06/23 12:50:44 | 000,001,577 | ---- | C] () -- C:\Windows\WSYS049.SYS
[2007/06/23 12:50:44 | 000,000,008 | ---- | C] () -- C:\Windows\Modemx.dll
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2004/09/16 17:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\SysWow64\drivers\ADFUUD.SYS
[2004/09/16 17:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F7A0F98A

< End of report >


OTL Extras logfile created on: 10/13/2011 8:17:31 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Gateway\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 65.06% Memory free
7.86 Gb Paging File | 6.16 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 49.42 Gb Free Space | 10.89% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-PC | User Name: Gateway | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 27
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.6.316
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.56
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"AviSynth" = AviSynth 2.5
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CouponAlert_2pbar Uninstall" = Coupon Alert
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free Easy Burner_is1" = Free Easy Burner V 3.9
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"Gamers Unite! Snag Bar" = Gamers Unite! Snag Bar
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Pogo Auto" = Pogo Auto
"Super Winspy_is1" = Super Winspy v3.5
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3288301004-2552221867-1979918599-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2011 3:58:03 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/29/2011 3:59:24 AM | Computer Name = Gateway-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1314 Start
Time: 01cc7e7d77ea33e7 Termination Time: 155 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/29/2011 4:00:37 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/29/2011 6:06:24 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/29/2011 6:06:32 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/30/2011 12:19:03 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/30/2011 12:19:08 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/30/2011 12:24:21 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/30/2011 12:25:50 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

Error - 9/30/2011 3:07:12 AM | Computer Name = Gateway-PC | Source = swg | ID = 1
Description =

[ System Events ]
Error - 10/13/2011 11:29:03 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/13/2011 11:30:41 AM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Firewall Authorization Driver service failed to start
due to the following error: %%183

Error - 10/13/2011 11:30:41 AM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Firewall service depends on the Windows Firewall Authorization
Driver service which failed to start because of the following error: %%183

Error - 10/13/2011 11:30:43 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/13/2011 11:30:52 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/13/2011 11:31:03 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/13/2011 11:31:03 AM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/13/2011 8:00:19 PM | Computer Name = Gateway-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 10/13/2011 8:00:28 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/13/2011 8:00:29 PM | Computer Name = Gateway-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

Edited by AmandaV, 13 October 2011 - 07:54 PM.


#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 14 October 2011 - 05:41 AM

Hi there,

:step1: P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.

:step2: The ping.exe file is a legitimate file and so should not need to be interfered with. Let's just check that it's not been patched.

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Browse to the following filepath:

    C:\Windows\SysWOW64\PING.EXE
  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

:step3: We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :processes
    killallprocesses
    
    :OTL
    PRC - [2011/09/20 21:56:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
    PRC - [2011/09/20 21:56:10 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    SRV - [2011/09/20 21:56:10 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
    IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
    IE - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
    FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll (MindSpark)
    [2011/08/11 07:40:00 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Toolbar) -- C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (COMPANYVERS_NAME)
    O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
    O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3288301004-2552221867-1979918599-1001\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - mmswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{ef417874-e01d-11de-84a7-0026227f18c7}\Shell\AutoRun\command - "" = E:\autorun.exe
    O33 - MountPoints2\{ef417874-e01d-11de-84a7-0026227f18c7}\Shell\phone\command - "" = E:\autorun.exe
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
    O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
    [2011/07/05 09:52:40 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\8639e739
    [2011/07/05 09:52:40 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\840e75c2
    [2011/06/26 23:44:35 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bf38540c
    [2011/06/26 23:44:35 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\be7d7c44
    [2011/06/26 23:44:23 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\9656b716
    [2011/06/26 23:44:23 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\94a66068
    [2011/06/26 23:44:07 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\4a670c81
    [2011/06/26 23:44:07 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\49ae688f
    [2011/06/26 23:44:04 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2c3ffa27
    [2011/06/26 23:44:04 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2ac9c999
    [2011/06/26 23:44:02 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\8359f15e
    [2011/06/26 23:44:01 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\829c8e4f
    [2011/06/26 23:43:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\d98aaa47
    [2011/06/26 23:43:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\d8ec7e3c
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\c1482d3d
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\c0ad48c6
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bfcbad96
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bf2a13bc
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\be738f24
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bce440df
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\bb85c6a4
    [2011/06/26 23:43:47 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\baec22e2
    [2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a20afad9
    [2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a177e36e
    [2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a028967a
    [2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\9f8cfae4
    [2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\97d9f64f
    [2011/06/26 23:43:46 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\958544d5
    [2011/06/24 01:58:52 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\44eeeec9
    [2011/06/24 01:58:52 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\44332451
    [2011/06/24 01:58:25 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\973f6740
    [2011/06/24 01:58:25 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\96093005
    [2011/06/24 01:57:57 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\4ef6f044
    [2011/06/24 01:57:57 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\4e48c26f
    [2011/06/24 01:57:53 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\da567765
    [2011/06/24 01:57:53 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\d91dda5c
    [2011/06/24 01:57:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\33baaf21
    [2011/06/24 01:57:51 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\3292604a
    [2011/06/24 01:57:26 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\b967a126
    [2011/06/24 01:57:26 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\b8704cf0
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2209768b
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2162658d
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1c6aa8c9
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1bcba776
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1a9738e6
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\18d007b6
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\1770665f
    [2011/06/24 01:57:12 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\16d4ba9f
    [2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\fc777a1e
    [2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\fbbfd623
    [2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\a05c3e
    [2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2b7e547
    [2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\2287dae
    [2011/06/24 01:57:11 | 000,004,634 | ---- | C] () -- C:\Users\Gateway\AppData\Roaming\17ca2d7
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F7A0F98A
    
    :files
    C:\Program Files (x86)\CouponAlert_2p
    C:\Program Files (x86)\CouponAlert_2pEI
    C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
    C:\Program Files (x86)\ConduitEngine
    
    :commands
    [CREATERESTOREPOINT]
    [PURITY]
    [RESETHOSTS]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 AmandaV

AmandaV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:29 PM

Posted 14 October 2011 - 08:54 AM

I use utorrent to send files to my brother overseas so I will be keeping it but I won't use it while we are working on this issue. I am not sure what you done in the last post but I cannot get to any websites with FF, IE or Chrome now so I had to use another PC to make this post. Also I am now getting a warning from the Windows Security Action Center saying my firewall is off and AVG is reporting "Firewall cannot start due to corrupted configuration. Please run Firewall Wizard and regenerate the configuration. Also please contact technical support and provide them the configuration file." I noticed when trying to start FF that my coupon and online radio bars are both missing. I was wondering why you decided to remove them. I have been using them both for awhile with no problems. Hope to hear back from you soon as I can't get online from my laptop atm. Here are the logs you asked for.

Filename: PING.EXE
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Tue 11 Oct 2011 08:00:32 (CET) Permalink


========== PROCESSES ==========
All processes killed
========== OTL ==========
Process 2pbarsvc.exe killed successfully!
No active process named 2pbrmon.exe was found!
Service CouponAlert_2pService stopped successfully!
Service CouponAlert_2pService deleted successfully!
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{f999a48b-1950-4d81-9971-79018f807b4b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b}\ deleted successfully.
C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3288301004-2552221867-1979918599-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3288301004-2552221867-1979918599-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f999a48b-1950-4d81-9971-79018f807b4b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b}\ not found.
File C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin\ deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\searchplugin folder moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\META-INF folder moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\lib folder moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\defaults folder moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\components folder moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\chrome folder moved successfully.
C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\9i1eo4sk.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60e91567-ef8a-4520-bce2-83aba5256799}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799}\ deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b}\ not found.
File C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3462c343-be19-4143-af70-cefb56f46fc6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6}\ deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f999a48b-1950-4d81-9971-79018f807b4b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b}\ not found.
File C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3288301004-2552221867-1979918599-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}\ not found.
File C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CouponAlert_2p Browser Plugin Loader deleted successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef417874-e01d-11de-84a7-0026227f18c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef417874-e01d-11de-84a7-0026227f18c7}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef417874-e01d-11de-84a7-0026227f18c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef417874-e01d-11de-84a7-0026227f18c7}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\autorun.exe not found.
C:\Users\Gateway\AppData\Roaming\8639e739 moved successfully.
C:\Users\Gateway\AppData\Roaming\840e75c2 moved successfully.
C:\Users\Gateway\AppData\Roaming\bf38540c moved successfully.
C:\Users\Gateway\AppData\Roaming\be7d7c44 moved successfully.
C:\Users\Gateway\AppData\Roaming\9656b716 moved successfully.
C:\Users\Gateway\AppData\Roaming\94a66068 moved successfully.
C:\Users\Gateway\AppData\Roaming\4a670c81 moved successfully.
C:\Users\Gateway\AppData\Roaming\49ae688f moved successfully.
C:\Users\Gateway\AppData\Roaming\2c3ffa27 moved successfully.
C:\Users\Gateway\AppData\Roaming\2ac9c999 moved successfully.
C:\Users\Gateway\AppData\Roaming\8359f15e moved successfully.
C:\Users\Gateway\AppData\Roaming\829c8e4f moved successfully.
C:\Users\Gateway\AppData\Roaming\d98aaa47 moved successfully.
C:\Users\Gateway\AppData\Roaming\d8ec7e3c moved successfully.
C:\Users\Gateway\AppData\Roaming\c1482d3d moved successfully.
C:\Users\Gateway\AppData\Roaming\c0ad48c6 moved successfully.
C:\Users\Gateway\AppData\Roaming\bfcbad96 moved successfully.
C:\Users\Gateway\AppData\Roaming\bf2a13bc moved successfully.
C:\Users\Gateway\AppData\Roaming\be738f24 moved successfully.
C:\Users\Gateway\AppData\Roaming\bce440df moved successfully.
C:\Users\Gateway\AppData\Roaming\bb85c6a4 moved successfully.
C:\Users\Gateway\AppData\Roaming\baec22e2 moved successfully.
C:\Users\Gateway\AppData\Roaming\a20afad9 moved successfully.
C:\Users\Gateway\AppData\Roaming\a177e36e moved successfully.
C:\Users\Gateway\AppData\Roaming\a028967a moved successfully.
C:\Users\Gateway\AppData\Roaming\9f8cfae4 moved successfully.
C:\Users\Gateway\AppData\Roaming\97d9f64f moved successfully.
C:\Users\Gateway\AppData\Roaming\958544d5 moved successfully.
C:\Users\Gateway\AppData\Roaming\44eeeec9 moved successfully.
C:\Users\Gateway\AppData\Roaming\44332451 moved successfully.
C:\Users\Gateway\AppData\Roaming\973f6740 moved successfully.
C:\Users\Gateway\AppData\Roaming\96093005 moved successfully.
C:\Users\Gateway\AppData\Roaming\4ef6f044 moved successfully.
C:\Users\Gateway\AppData\Roaming\4e48c26f moved successfully.
C:\Users\Gateway\AppData\Roaming\da567765 moved successfully.
C:\Users\Gateway\AppData\Roaming\d91dda5c moved successfully.
C:\Users\Gateway\AppData\Roaming\33baaf21 moved successfully.
C:\Users\Gateway\AppData\Roaming\3292604a moved successfully.
C:\Users\Gateway\AppData\Roaming\b967a126 moved successfully.
C:\Users\Gateway\AppData\Roaming\b8704cf0 moved successfully.
C:\Users\Gateway\AppData\Roaming\2209768b moved successfully.
C:\Users\Gateway\AppData\Roaming\2162658d moved successfully.
C:\Users\Gateway\AppData\Roaming\1c6aa8c9 moved successfully.
C:\Users\Gateway\AppData\Roaming\1bcba776 moved successfully.
C:\Users\Gateway\AppData\Roaming\1a9738e6 moved successfully.
C:\Users\Gateway\AppData\Roaming\18d007b6 moved successfully.
C:\Users\Gateway\AppData\Roaming\1770665f moved successfully.
C:\Users\Gateway\AppData\Roaming\16d4ba9f moved successfully.
C:\Users\Gateway\AppData\Roaming\fc777a1e moved successfully.
C:\Users\Gateway\AppData\Roaming\fbbfd623 moved successfully.
C:\Users\Gateway\AppData\Roaming\a05c3e moved successfully.
C:\Users\Gateway\AppData\Roaming\2b7e547 moved successfully.
C:\Users\Gateway\AppData\Roaming\2287dae moved successfully.
C:\Users\Gateway\AppData\Roaming\17ca2d7 moved successfully.
ADS C:\ProgramData\Temp:F7A0F98A deleted successfully.
========== FILES ==========
C:\Program Files (x86)\CouponAlert_2p\bar\Settings folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\Message folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\IE9Mesg folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\History folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\chrome folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p\bar folder moved successfully.
C:\Program Files (x86)\CouponAlert_2p folder moved successfully.
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\chrome folder moved successfully.
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin folder moved successfully.
C:\Program Files (x86)\CouponAlert_2pEI\Installr folder moved successfully.
C:\Program Files (x86)\CouponAlert_2pEI folder moved successfully.
C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder folder moved successfully.
C:\Program Files (x86)\ConduitEngine folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10142011_092715

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 14 October 2011 - 12:14 PM

Hi,

I am not sure what you done in the last post but I cannot get to any websites with FF, IE or Chrome now so I had to use another PC to make this post.


We deleted a few entries in your LSP, which can break your internet access, however, OTL should have auto-fixed this. Could you try rebooting your PC to see if that fixes it? If not, there are some tools we can use to fix it.

Also I am now getting a warning from the Windows Security Action Center saying my firewall is off and AVG is reporting "Firewall cannot start due to corrupted configuration. Please run Firewall Wizard and regenerate the configuration. Also please contact technical support and provide them the configuration file."


I don't know what has caused that. Did you try running the Firewall Wizard as instructed? If not, please do so.

I noticed when trying to start FF that my coupon and online radio bars are both missing. I was wondering why you decided to remove them. I have been using them both for awhile with no problems.


Sorry, I should have posted as to why I was removing them. Both of those toolbars are linked to malware behaviour. For details, please see the following:

Coupon Alert Toolbar
Online Radio Toolbar

If you want, you can reinstall them, but I wouldn't recommend that.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 AmandaV

AmandaV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:29 PM

Posted 14 October 2011 - 02:09 PM

I have tried restarting a few times with no luck. I also tried running the Firewall Wizard several times and it will not work either. After the 2nd restart now when I open IE it shuts down. FF will stay open it just won't load the anything.

I will be here for approx 5 more hrs and then I will be heading home. If I don't hear from you before then I will have to try a system restore to before I ran OTL or I will be without net until Monday and I just can't do that. I will edit this post and let you know if I have to do the restore if you don't have any other ideas or can't get back to me before I leave.

Edited by AmandaV, 14 October 2011 - 02:20 PM.


#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 14 October 2011 - 02:18 PM

Hi,

  • Please download LSPfix to your Desktop.
  • Double click on LSPFix.exe
  • Allow any security warning (enter your administrator password if prompted)
  • Click Finish

This should restore your internet access - let me know how it goes.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 AmandaV

AmandaV
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:29 PM

Posted 14 October 2011 - 03:14 PM

I ran LSPfix but it didn't seem to help so I went ahead and rebooted and my AVG Firewall started working, no idea, still not connecting though. Or it shows connected but I can't do anything....

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 15 October 2011 - 02:07 AM

Ok, no problem.

Please try the following:

Start > type cmd > right click and run as administrator > type the following into the black window:

netsh winsock reset

hit Enter. You may need to reboot.

This should repair your internet access.

Casey

Edited by Casey_boy, 15 October 2011 - 01:18 PM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 18 October 2011 - 06:22 AM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:29 AM

Posted 20 October 2011 - 10:04 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users