Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer very slow, flashing dos windows and firewall keeps turning off


  • This topic is locked This topic is locked
78 replies to this topic

#1 Manna1

Manna1

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 16 October 2011 - 12:08 AM

Hi I have been getting advice on the "I am infected" thread, Topic referenced is here: http://www.bleepingcomputer.com/forums/topic419968.html ~ OB and after trying many different things my computer is still playing up. I have foolowed the steps in the "prep guide" but was unable to get both DDS and GMER to run. I got told to use OTL and post my scan logs here. Basiclly My firewall keeps turning off and I see MS Dos type windows flash on my screen every 30 seconds or so. Thanks

Logs from OTL -

OTL logfile created on: 16/10/2011 2:48:36 PM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Sam & Dwayne\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 40.90% Memory free
8.19 Gb Paging File | 5.15 Gb Available in Paging File | 62.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.90 Gb Total Space | 254.14 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.48 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 7.02 Gb Free Space | 0.75% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 153.35 Gb Free Space | 32.92% Space Free | Partition Type: NTFS

Computer Name: SAMANDDWAYNE09 | User Name: Sam & Dwayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sam & Dwayne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe (Hewlett Packard)
PRC - C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe (Hewlett Packard)
PRC - C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe (Hewlett Packard)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hiro-Media\HiroClient\HiroClient.exe (Hiro Media)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Users\Sam & Dwayne\AppData\Local\Temp\mProjector2783293641\Flash6MovieV2.3.1.1e.mvx ()
MOD - C:\Users\Sam & Dwayne\AppData\Local\Temp\mProjector2783293641\System.3.1.1e.mfx ()
MOD - C:\Users\Sam & Dwayne\AppData\Local\Temp\mProjector2783293641\File.3.1.1e.mfx ()
MOD - C:\Users\Sam & Dwayne\AppData\Local\Temp\mProjector2783293641\Registry.3.1.1e.mfx ()
MOD - C:\Users\Sam & Dwayne\AppData\Local\Temp\mProjector2783293641\mPlayer.3.1.1e.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\GAC_32\HPTSEnUsr\1.0.0.0__661cda25fd3dfad3\HPTSEnUsr.dll ()
MOD - C:\Windows\assembly\GAC_32\HPTSEnCmn\1.0.0.0__9384b804f3886685\HPTSEnCmn.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder\1.0.51206.0__b03f5f7f11d50a3a\Microsoft.Practices.ObjectBuilder.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.Common\3.1.0.0__b03f5f7f11d50a3a\Microsoft.Practices.EnterpriseLibrary.Common.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling\3.1.0.0__b03f5f7f11d50a3a\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll ()
MOD - C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hiro-Media\HiroClient\QtXml4.dll ()
MOD - C:\Program Files (x86)\Hiro-Media\HiroClient\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Hiro-Media\HiroClient\QtCore4.dll ()
MOD - C:\Program Files (x86)\Hiro-Media\HiroClient\HiroHook.dll ()
MOD - C:\Program Files (x86)\Hiro-Media\HiroClient\DownloadManager.dll ()
MOD - C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\BRIGHTNESS.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HP Touch Screen Enhance) -- C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (Symantec RemoteAssist) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Leapfrog-USBLAN) -- C:\Windows\SysNative\DRIVERS\btblan.sys (Belcarra Technologies)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (AVerAVF2) -- C:\Windows\SysNative\DRIVERS\AVerAVF2.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=84&bd=crossfire&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=84&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=84&bd=crossfire&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=84&bd=crossfire&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: avg@toolbar:8.0.0.34.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/12 18:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/06 14:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/12 21:26:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/03 22:32:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/12 18:25:10 | 000,000,000 | ---D | M]

[2009/05/08 18:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Extensions
[2009/04/29 10:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/10 08:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions
[2010/06/20 22:05:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/12 19:10:07 | 000,000,000 | ---D | M] (P2P Max Toolbar) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}
[2010/11/21 11:22:55 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/12/02 09:36:47 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/09/29 14:00:35 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions\avg@toolbar
[2010/11/21 11:22:55 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\extensions\engine@conduit.com
[2010/11/17 14:31:36 | 000,002,427 | ---- | M] () -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\searchplugins\askcom.xml
[2010/09/14 22:41:12 | 000,002,506 | ---- | M] () -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\searchplugins\BearShareWebSearch.xml
[2010/12/04 17:27:34 | 000,000,903 | ---- | M] () -- C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\searchplugins\conduit.xml
[2011/10/04 07:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/05/12 19:09:13 | 000,000,000 | ---D | M] (shARES Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9c905b42-976e-43c1-bc30-fc5937017909}
[2011/10/04 07:23:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/06 14:49:19 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\mozilla firefox\components\coFFPlgn.dll
[2011/10/04 07:22:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/15 14:29:58 | 000,112,024 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npww.dll
[2010/09/14 22:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: AOL Search (Enabled)
CHR - default_search_provider: search_url = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcndtie7-en-au
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Sam & Dwayne\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Sam & Dwayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2011/09/02 10:09:39 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe (Hewlett Packard)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000..\Run: [Nokia Home Server Manager] "C:\Program Files (x86)\Nokia\Nokia Home Media Server\NHSM.exe" -autostart File not found
O4 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000..\Run: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam & Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hiro-Media Client.lnk = C:\Program Files (x86)\Hiro-Media\HiroClient\HiroClient.exe (Hiro Media)
O4 - Startup: C:\Users\Sam & Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.quicksales.com.au/WebResource.axd?d=jUnCECYfKXyjKEN7IjgpZHDGowldTZ4cHB8ldMQZy_7laT5zKRrMK_XyFuERVYKFn1i4pxufLfB4SpK2rDH_K89Zu26uWREsmREGDZHXMLilTbHaXaKJyMN0VhcjlLbVkmSuqto6g4rSiY0jA0E_gVhzHYosmIdZomPqTkHZrsubN8mo0&t=634459933126428576 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E6F9FCA-44C7-4906-9739-0E8DC1C4DB41}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E6F9FCA-44C7-4906-9739-0E8DC1C4DB41}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4B786CE-B821-4588-A412-051936CE775E}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFC8B3B2-A049-4E34-BBBF-DEF9DA4D9586}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\hiro - No CLSID value found
O18:64bit: - Protocol\Handler\hirodownload - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\hiro {50BA1131-168F-4c08-A69B-4012273F222E} - C:\Program Files (x86)\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll (TODO: <Company name>)
O18 - Protocol\Handler\hirodownload {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - C:\Program Files (x86)\Hiro-Media\HiroClient\HiroProtocolHandler.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2750490686-534021431-3081768307-1000 Winlogon: Shell - (EXPLORER.EXE) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/06 23:21:01 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/09/26 01:01:29 | 000,000,055 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c3f9f7c1-e0a6-11df-8f04-002186b5c3d9}\Shell - "" = AutoRun
O33 - MountPoints2\{c3f9f7c1-e0a6-11df-8f04-002186b5c3d9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 13:48:00 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Sam & Dwayne\Desktop\OTL.exe
[2011/10/15 11:03:57 | 000,000,000 | R--D | C] -- C:\Users\Sam & Dwayne\Videos
[2011/10/14 06:18:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/14 06:18:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/14 06:18:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/14 06:18:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/14 06:18:12 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/14 06:18:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/14 06:18:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/14 06:18:10 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/14 06:18:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/13 07:28:43 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 07:28:42 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/13 07:28:42 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/10/13 07:28:42 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/10/13 07:28:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/10/13 07:28:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/10/13 07:25:54 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 07:25:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 07:25:54 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 07:25:54 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 07:25:54 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/13 07:25:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/13 07:25:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/13 07:25:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/10 17:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/06 14:31:37 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Local\{2311E0B2-F3B7-43E9-B612-FFF6981A81D9}
[2011/10/04 20:48:58 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/04 07:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/04 07:23:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/04 07:23:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/04 07:23:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/04 07:20:15 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Sam & Dwayne\Desktop\jre-6u27-windows-i586-iftw.exe
[2011/10/03 22:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/10/03 22:47:03 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\Desktop\Downloaded Programs
[2011/10/03 22:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/10/03 22:21:03 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011/10/03 22:21:03 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011/10/03 22:21:02 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011/10/03 22:21:02 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011/10/03 22:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/30 12:09:07 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Roaming\QuickScan
[2011/09/29 14:01:04 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Roaming\AVG2012
[2011/09/29 14:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/29 14:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/09/29 14:00:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/09/29 13:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/28 14:31:30 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Roaming\Malwarebytes
[2011/09/28 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/28 14:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/28 14:31:21 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/28 14:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/25 08:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/09/25 08:33:13 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\.swt
[2011/09/22 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Roaming\Meodsai
[2011/09/22 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Roaming\Deag
[2011/09/18 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\Sam & Dwayne\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/18 13:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/18 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/18 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/18 13:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 14:54:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/16 14:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 14:47:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 14:47:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 13:48:15 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sam & Dwayne\Desktop\OTL.exe
[2011/10/16 12:51:32 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011/10/16 12:49:50 | 000,043,224 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/16 12:48:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 12:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/16 06:31:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/16 05:39:50 | 106,608,310 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/15 11:58:12 | 000,547,304 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/10/15 11:01:53 | 000,000,000 | ---- | M] () -- C:\Users\Sam & Dwayne\defogger_reenable
[2011/10/14 15:51:40 | 000,301,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/14 06:26:02 | 000,721,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/14 06:26:02 | 000,604,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/14 06:26:02 | 000,107,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/13 20:15:08 | 000,224,768 | ---- | M] () -- C:\Users\Sam & Dwayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/13 06:54:14 | 000,662,551 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/10/12 17:28:45 | 680,935,224 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/10 05:01:32 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSam & Dwayne.job
[2011/10/09 06:40:10 | 000,007,592 | ---- | M] () -- C:\Users\Sam & Dwayne\AppData\Local\d3d9caps.dat
[2011/10/08 13:20:34 | 000,000,874 | ---- | M] () -- C:\Users\Sam & Dwayne\Desktop\Weatherzone Tracker.lnk
[2011/10/06 14:49:19 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/05 18:01:39 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/04 20:48:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/04 07:22:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/10/04 07:22:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/04 07:22:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/04 07:22:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/04 07:20:15 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Sam & Dwayne\Desktop\jre-6u27-windows-i586-iftw.exe
[2011/10/03 22:20:19 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011/10/03 22:20:19 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011/10/03 22:20:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011/10/03 22:20:19 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011/09/29 14:00:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/29 14:00:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/09/29 14:00:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/09/25 08:31:54 | 000,001,689 | ---- | M] () -- C:\Users\Sam & Dwayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/09/25 08:31:53 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/15 11:01:53 | 000,000,000 | ---- | C] () -- C:\Users\Sam & Dwayne\defogger_reenable
[2011/10/09 21:34:11 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSam & Dwayne.job
[2011/10/08 13:20:34 | 000,000,874 | ---- | C] () -- C:\Users\Sam & Dwayne\Desktop\Weatherzone Tracker.lnk
[2011/10/06 14:49:19 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/03 22:32:41 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/29 14:00:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/29 14:00:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/09/29 14:00:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/09/01 22:47:35 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2011/09/01 22:47:35 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2011/09/01 22:47:35 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2011/07/15 10:45:06 | 000,000,600 | ---- | C] () -- C:\Users\Sam & Dwayne\AppData\Roaming\9F72.F8E
[2011/03/26 06:05:36 | 000,007,592 | ---- | C] () -- C:\Users\Sam & Dwayne\AppData\Local\d3d9caps.dat
[2010/05/05 22:41:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/10 16:15:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/05 14:01:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass Reduction
[2010/04/05 14:01:55 | 000,000,268 | RH-- | C] () -- C:\Users\Sam & Dwayne\AppData\Roaming\Basic Track
[2010/04/05 14:01:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/04/05 14:01:55 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle
[2010/03/12 18:23:45 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/10 14:36:24 | 000,162,704 | ---- | C] () -- C:\Windows\hpoins38.dat
[2009/11/30 16:09:27 | 000,000,204 | ---- | C] () -- C:\Windows\MYOBP.INI
[2009/11/30 16:09:27 | 000,000,041 | ---- | C] () -- C:\Windows\MYOB.INI
[2009/11/26 17:29:43 | 000,000,663 | ---- | C] () -- C:\Windows\openrda.ini
[2009/11/26 17:16:35 | 000,000,000 | ---- | C] () -- C:\Windows\drvxl32.INI
[2009/11/26 17:16:33 | 000,000,000 | ---- | C] () -- C:\Windows\drvwd32.INI
[2009/10/21 08:41:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/21 08:41:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/10/21 08:41:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/23 21:27:00 | 000,712,432 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/05 10:59:42 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat
[2009/05/18 21:38:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/05/18 21:35:09 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009/05/12 17:16:58 | 000,000,478 | ---- | C] () -- C:\Users\Sam & Dwayne\AppData\Roaming\settings.ini
[2009/05/12 15:56:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/04/29 10:49:58 | 000,000,190 | ---- | C] () -- C:\Users\Sam & Dwayne\AppData\Roaming\default.rss
[2009/04/29 10:49:45 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/26 21:46:24 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/04/26 21:26:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/04/26 16:48:37 | 000,224,768 | ---- | C] () -- C:\Users\Sam & Dwayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/12 12:06:30 | 000,058,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSACPIDLL.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/08/27 03:23:16 | 000,043,224 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/27 02:42:26 | 000,043,224 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/27 02:40:24 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\OSDForm.exe
[2008/08/27 02:37:20 | 000,011,783 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2008/08/27 02:29:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/08/27 02:29:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/08/27 02:21:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/04/27 10:33:36 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/01/21 12:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/03 01:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 22:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 22:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 19:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ctreestd.dll
[2000/01/31 08:02:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\Wh2Robo.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:919D319717837FBA
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


OTL Extras logfile created on: 16/10/2011 2:48:36 PM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Sam & Dwayne\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 40.90% Memory free
8.19 Gb Paging File | 5.15 Gb Available in Paging File | 62.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.90 Gb Total Space | 254.14 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.48 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 7.02 Gb Free Space | 0.75% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 153.35 Gb Free Space | 32.92% Space Free | Partition Type: NTFS

Computer Name: SAMANDDWAYNE09 | User Name: Sam & Dwayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2750490686-534021431-3081768307-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C7 7F E3 FF 47 54 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39AC767E-476A-411F-8909-54109828276B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93EE0577-8BFC-4092-8218-25C634F135D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C007D2C3-00D9-4088-BCDD-79EC73A6E424}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EB0E692D-D832-4309-B97A-2CE1551C22BC}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01213AC4-F030-4A3F-B545-846CD5485BE1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{02114571-A60E-419A-950A-5350A29524CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{03DDCAE7-B4A0-4685-9F0B-D1457E948A1B}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe |
"{04B33D28-6261-4378-8DDF-28DDC91973CB}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0A136AC1-FB24-46B6-ACA2-12156EBCBA98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{0B866EF1-A140-4A0C-A67A-22A2065FC630}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0C664339-4360-45AF-9A1F-AEB043BC1E3F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1111EBF1-9292-4016-B931-34E9BF91DC85}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{1248566E-0493-4CC6-90E6-5BAD1D65453A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{168B5213-31D7-4A2B-B1E5-6385F7542ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymedia.exe |
"{256D0C83-E75F-4B65-9E9C-EBE7DE79DD4B}" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{279AAA4C-2EAC-4C9E-B3FA-BC7478F0B5E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2AF8B4BD-A367-42CF-AF70-E551B2EBD1DD}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{2FD66B99-EBC8-4B29-82C9-CBC4B145578C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3A6AF798-6F77-493E-BFE6-15CFE2A587B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{3C30C648-C9C6-4146-B51C-FFE8B2622E19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3DDD3000-4BF1-4158-A6B9-52B17C07AB33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3F3A4F06-0F80-4055-9603-2FAD1A6BF5AC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{46F1FA25-CB35-4F9C-AC16-21518D5DCD8E}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{47D769C6-6354-462B-9D00-E170799FA077}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{54E91051-183E-47B1-AEAE-6FDB3669F822}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5537AECE-6773-44F0-96AE-A54C0E196C58}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{58FBD667-B5AB-4CFC-9654-5489D612E08A}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{5FE2BFBC-AA65-4A28-9286-A9C7F7F04964}" = protocol=17 | dir=in | app=c:\program files (x86)\weatherzone tracker\weather_tracker.exe |
"{60E63AD4-389A-4BEA-8DE9-9759B422D3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{63C2AE77-2D04-4A3D-9082-8D1DA9CC3E7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{69F30690-9BF7-42D2-BEEA-1301ABF109E9}" = protocol=6 | dir=in | app=c:\program files (x86)\weatherzone tracker\weather_tracker.exe |
"{73663D61-400F-4502-A0E6-9530E9FD4BFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{744592E3-609D-4C9C-A8C8-ACBD23E19EB7}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{76FD839C-29DF-4BC6-A5A4-BDAB205B8436}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{7D7921C7-DB09-41AC-AD30-F92B9F0E28B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7DE3FFDB-2960-4E0C-B906-65940E607FED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{7EE30684-1042-4301-A4E8-AD713EDAD0E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8A1EFD29-C476-47FC-AB46-85D3251A965E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8B53B59F-35C7-4D81-AC4E-27101728B1B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{90A9708C-E3C0-4F02-A063-98D24B87AEDF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9186737B-D801-4FB7-B983-6F2BA509F237}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{97DA1BA3-37BF-4F6F-9A93-34117F04BFDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{A74FE4D0-016F-4ACA-AB75-011B954D1174}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe |
"{AAD1336A-126F-4EFD-9270-EEF930636BFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{AAF64CAE-ADE7-44FB-A9EC-7DB77FD82003}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{AD2E90FD-6578-4AC9-9DFF-BE979564EC6B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{B338EFF8-124A-4ADC-89E6-98EF4E6629DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B721F34E-FCF6-4E2C-82AF-6F1C4F78720D}" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia home media server\media server\twonkymedia.exe |
"{B8B76C48-EACF-464F-B8B5-AF94DE299E23}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{BC7D3444-11F5-4013-BB57-222B95F1346D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{C340F195-4389-4D26-9E86-004503833236}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{C9DAC531-9532-48F7-84C0-C6DB3F1126B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{CAAE2393-1569-4820-9063-AC293BC50C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{D0B7BC6F-B68B-4327-BC82-1A02B7815EBB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DB8FE8AE-44F9-46D6-B551-2C5811E917C6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E76A668B-9A78-4D18-93DC-5A9C55AC673F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E8FFE3E8-A807-4444-8C77-120D747CD053}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E9048086-6B3D-46C1-8B96-535307143F45}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EADC42C0-D798-4BE6-A6B8-DD4951D588E5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EE2C34F1-DCAE-46EE-BC27-ABBFDEFA1EDC}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{F047F46C-679F-4E84-809D-603EE493500C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{F14F09C1-BF93-47DE-B6E5-8C3EBFD8FD00}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F21B840E-9A9E-4ABE-A910-C0A1C8422F37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F7F40130-057C-446F-A98E-750B86701D34}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{F973FF6F-DF0C-4490-8558-5DD4A92F2F17}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F9B32BCC-3057-4985-903C-3232E079C80E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{50CD7B44-AF4D-41B6-A3EC-09A869F7ADEB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{61C96C7A-DA0E-436B-93D3-1079C71B1EB7}C:\program files (x86)\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trademanager\aliim.exe |
"TCP Query User{A3F7ACC7-DCC0-45DF-B1EA-FD139C20CBD2}C:\users\sam & dwayne\my documents\vuze downloads\torrenteasy\torrenteasy.exe" = protocol=6 | dir=in | app=c:\users\sam & dwayne\my documents\vuze downloads\torrenteasy\torrenteasy.exe |
"TCP Query User{AAE1CDDB-3756-49EB-9DFA-396FF55F5C97}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{DF7C1FA5-AC3B-4212-83D7-8AA0D2F993E9}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{F37D1707-9AEB-4FC8-98F5-A1D835E7E08D}C:\users\sam & dwayne\appdata\roaming\meodsai\iparyc.exe" = protocol=6 | dir=in | app=c:\users\sam & dwayne\appdata\roaming\meodsai\iparyc.exe |
"TCP Query User{FA8F4B0D-00BD-4CCC-AAE2-B54DB95A1E88}C:\program files (x86)\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trademanager\aliim.exe |
"UDP Query User{1AD3922E-B542-421E-BC04-661FE884E09B}C:\users\sam & dwayne\my documents\vuze downloads\torrenteasy\torrenteasy.exe" = protocol=17 | dir=in | app=c:\users\sam & dwayne\my documents\vuze downloads\torrenteasy\torrenteasy.exe |
"UDP Query User{2666B16F-5691-49C7-A7F7-43E437442A2F}C:\program files (x86)\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trademanager\aliim.exe |
"UDP Query User{3461D3F4-01D0-4F6D-A27A-DE313454840E}C:\users\sam & dwayne\appdata\roaming\meodsai\iparyc.exe" = protocol=17 | dir=in | app=c:\users\sam & dwayne\appdata\roaming\meodsai\iparyc.exe |
"UDP Query User{E3B037A5-5E35-4785-A075-99E1D72F0895}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{EF5EDD98-C573-4D60-B8EF-1E884FB8FEE4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F43A79A2-49D3-49A4-BAA0-0C839E14D5B6}C:\program files (x86)\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trademanager\aliim.exe |
"UDP Query User{FCC78ED2-6CDF-4B47-AF13-A89FF5CDD207}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Bluetooth by hp 6.1.0.4600
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{18A5D9CF-61DD-4BB6-A9C3-E90602E6E7E1}" = HP Touch Screen Configuration
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5349A735-7482-406F-9FE4-3BB24608479D}" = AVG 2012
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{ED5E169E-490F-4F4C-B2BB-C89D510FA595}" = AVG 2012
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{062D1F01-7D08-46B9-BF87-67E59DCEEFDC}" = MYOB Accounting Plus v17 ED
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F6391A2-2C26-4DCD-B066-8CAFBE9B3702}" = HP Touch Screen Enhance Service
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{2AD646C3-4C2F-4F79-90C5-F3A88E60A9D1}" = HP TouchSmart
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Buttons & OSDs control application gen2
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6283B16A-66AE-48F9-BCA5-9EABDAE1790B}" = MYOB Accounting Plus v18 ED
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A3735D0-2119-40D5-971C-4FFC1E2C7695}" = HP TouchSmart Calendar
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}" = Nokia Photos
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BAEB9A15-011A-4C75-A2BA-06C3EE6C2F24}" = HP Touch Optimizer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}" = MYOB ODBC Direct v7
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1565BD9-6E66-4292-90C6-5FC70A98A428}" = MYOB ODBC Direct v8 AUS
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D814B1DF-E73D-46B5-B2D2-2C75F82B27FE}" = muvee autoProducer 6.1
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5505D86-C833-4370-9EAB-ACB4A1D68944}" = MYOB Accounting Plus v16 ED
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F41E9A47-0119-4DB7-849C-6BE6DA948B74}" = HP TouchSmart Notes
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FinalMediaPlayer_is1" = Final Media Player 2011
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"HP KEYBOARD_is1" = HP KEYBOARD
"ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
"ImTOO MKV Converter 6" = ImTOO MKV Converter 6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{062D1F01-7D08-46B9-BF87-67E59DCEEFDC}" = MYOB Accounting Plus v17 ED
"InstallShield_{6283B16A-66AE-48F9-BCA5-9EABDAE1790B}" = MYOB Accounting Plus v18 ED
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP TouchSmart Music/Photo/Video
"InstallShield_{C71F2873-3229-4A9E-A2A2-F14DCBF63F56}" = MYOB ODBC Direct v7
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D1565BD9-6E66-4292-90C6-5FC70A98A428}" = MYOB ODBC Direct v8 AUS
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E5505D86-C833-4370-9EAB-ACB4A1D68944}" = MYOB Accounting Plus v16 ED
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Trusted Software Assistant_is1" = File Type Assistant
"Weatherzone Tracker_is1" = Weatherzone Tracker v2.04
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/10/2011 4:29:19 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/10/2011 4:29:19 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3057

Error - 15/10/2011 4:29:19 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3057

Error - 15/10/2011 4:29:20 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/10/2011 4:29:20 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4056

Error - 15/10/2011 4:29:20 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4056

Error - 15/10/2011 4:29:21 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/10/2011 4:29:21 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5054

Error - 15/10/2011 4:29:21 PM | Computer Name = Samanddwayne09 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5054

Error - 15/10/2011 10:48:21 PM | Computer Name = Samanddwayne09 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 15/10/2011 10:49:19 PM | Computer Name = Samanddwayne09 | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154

[ OSession Events ]
Error - 24/02/2011 7:22:36 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/03/2011 11:45:52 PM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/05/2011 1:43:16 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/05/2011 1:43:42 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/05/2011 7:42:01 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/05/2011 4:58:46 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2011 6:38:09 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/05/2011 8:07:31 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/05/2011 3:58:29 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/05/2011 8:37:53 AM | Computer Name = Samanddwayne09 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/10/2011 4:13:43 PM | Computer Name = Samanddwayne09 | Source = Service Control Manager | ID = 7026
Description =

Error - 15/10/2011 3:35:05 PM | Computer Name = Samanddwayne09 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 15/10/2011 3:35:49 PM | Computer Name = Samanddwayne09 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 15/10/2011 3:36:46 PM | Computer Name = Samanddwayne09 | Source = Service Control Manager | ID = 7000
Description =

Error - 15/10/2011 3:36:46 PM | Computer Name = Samanddwayne09 | Source = Service Control Manager | ID = 7026
Description =

Error - 15/10/2011 4:29:59 PM | Computer Name = Samanddwayne09 | Source = Service Control Manager | ID = 7034
Description =

Error - 15/10/2011 10:46:34 PM | Computer Name = Samanddwayne09 | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 15/10/2011 10:47:06 PM | Computer Name = Samanddwayne09 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 15/10/2011 10:48:22 PM | Computer Name = Samanddwayne09 | Source = Service Control Manager | ID = 7000
Description =

Error - 15/10/2011 10:48:22 PM | Computer Name = Samanddwayne09 | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Edited by Orange Blossom, 16 October 2011 - 01:01 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:48 PM

Posted 21 October 2011 - 12:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423709 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 24 October 2011 - 01:18 AM

I have followed the steps in the bot asked me to do but was unable to get both DDS and GMER to run. No I dont have the original windows disk. My computer is now telling me it may be infected with a virus called "Win32/dh.00000000". Please help, my computer seems to be getting more unstable.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 24 October 2011 - 10:12 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 26 October 2011 - 03:48 AM

Hi thanks for that.

Here is the log from combofix. Computer seems ok, but might be too early to say. Should I do another AVG scan to see if the virus is still there?

ComboFix 11-10-25.04 - Sam & Dwayne 26/10/2011 16:46:08.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.4094.1822 [GMT 10:00]
Running from: c:\users\Sam & Dwayne\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-26 07:04 . 2011-10-26 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 23:49 . 2011-10-25 23:49 -------- d-----w- c:\program files (x86)\uTorrent
2011-10-25 23:48 . 2011-10-25 23:48 -------- d-----w- c:\users\Sam & Dwayne\AppData\Local\uTorrent
2011-10-18 23:29 . 2011-10-18 23:29 -------- d-----w- c:\program files\iPod
2011-10-18 23:29 . 2011-10-18 23:30 -------- d-----w- c:\program files\iTunes
2011-10-18 23:29 . 2011-10-18 23:30 -------- d-----w- c:\program files (x86)\iTunes
2011-10-18 23:26 . 2011-10-18 23:26 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-18 23:23 . 2011-10-18 23:23 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-18 23:23 . 2011-10-18 23:23 -------- d-----w- c:\program files\Bonjour
2011-10-14 19:53 . 2011-09-01 05:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-14 19:53 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-12 21:34 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:28 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:28 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:28 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:28 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-12 21:28 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 21:28 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 21:28 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 21:28 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-12 21:27 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 21:27 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 21:25 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:25 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 21:25 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:25 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:25 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 21:25 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 21:25 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 21:25 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-10 07:55 . 2011-10-10 07:55 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-04 10:48 . 2011-10-04 10:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-03 12:50 . 2011-10-03 12:50 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-10-03 12:27 . 2011-10-03 12:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-03 12:21 . 2011-10-03 12:20 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 12:20 . 2011-10-03 12:20 -------- d-----w- c:\program files\Java
2011-09-30 02:09 . 2011-09-30 02:09 -------- d-----w- c:\users\Sam & Dwayne\AppData\Roaming\QuickScan
2011-09-29 04:01 . 2011-09-29 04:01 -------- d-----w- c:\users\Sam & Dwayne\AppData\Roaming\AVG2012
2011-09-29 04:00 . 2011-09-29 04:00 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-29 04:00 . 2011-09-29 04:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-29 03:58 . 2011-09-29 04:11 -------- d-----w- c:\programdata\AVG2012
2011-09-28 04:31 . 2011-09-28 04:31 -------- d-----w- c:\users\Sam & Dwayne\AppData\Roaming\Malwarebytes
2011-09-28 04:31 . 2011-09-28 04:31 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 04:31 . 2011-09-28 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 04:31 . 2011-08-31 07:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 21:22 . 2010-08-01 09:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-12 20:30 . 2011-09-12 20:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-05 06:31 . 2011-09-05 06:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-05 06:31 . 2011-09-05 06:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-05 06:31 . 2011-09-05 06:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-05 06:31 . 2011-09-05 06:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-05 06:31 . 2011-09-05 06:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-05 06:31 . 2011-09-05 06:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-05 06:31 . 2011-09-05 06:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-05 06:31 . 2011-09-05 06:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-05 06:31 . 2011-09-05 06:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-05 06:31 . 2011-09-05 06:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-05 06:31 . 2011-09-05 06:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-05 06:31 . 2011-09-05 06:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-05 06:31 . 2011-09-05 06:31 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-05 06:31 . 2011-09-05 06:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-05 06:31 . 2011-09-05 06:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-05 06:31 . 2011-09-05 06:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-05 06:31 . 2011-09-05 06:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-05 06:31 . 2011-09-05 06:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-05 06:31 . 2011-09-05 06:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-05 06:31 . 2011-09-05 06:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-05 06:31 . 2011-09-05 06:31 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-05 06:31 . 2011-09-05 06:31 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-05 06:31 . 2011-09-05 06:31 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-05 06:31 . 2011-09-05 06:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-05 06:31 . 2011-09-05 06:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 06:31 . 2011-09-05 06:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-05 06:31 . 2011-09-05 06:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-05 06:31 . 2011-09-05 06:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-05 06:31 . 2011-09-05 06:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-05 06:31 . 2011-09-05 06:31 448512 ----a-w- c:\windows\system32\html.iec
2011-09-05 06:31 . 2011-09-05 06:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-05 06:31 . 2011-09-05 06:31 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-05 06:31 . 2011-09-05 06:31 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-05 06:31 . 2011-09-05 06:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-05 06:31 . 2011-09-05 06:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-05 06:31 . 2011-09-05 06:31 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-30 13:05 . 2011-08-30 13:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 13:05 . 2011-08-30 13:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 13:05 . 2011-08-30 13:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 13:05 . 2011-08-30 13:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 13:05 . 2011-08-30 13:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 13:05 . 2011-08-30 13:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-07 20:08 . 2011-08-07 20:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-08-02 07:38 . 2011-08-02 07:38 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-08-02 07:38 . 2011-08-02 07:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-03 12:50 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-03 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-31 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-28 5492096]
"Weather Tracker3"="c:\program files (x86)\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-05-26 1148200]
"Buttons & OSDs control application gen2"="c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe" [2009-04-16 208896]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-03 1144104]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-03 210216]
"HP KEYBOARD"="c:\program files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" [2009-05-30 693760]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-03-12 1314816]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-22 2404704]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-10-03 218440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNzIzODY4NzY4LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtWE8xMCsxMS1MSUMrMS1UVUcrMy1ERFQrMzU2MDAtREQxMEYrMS1TMTBGRERGKzUtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
.
c:\users\Sam & Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hiro-Media Client.lnk - c:\program files (x86)\Hiro-Media\HiroClient\HiroClient.exe [2009-2-25 2864408]
PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-4 333088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-14 1026600]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca11cb86200880;Google Update Service (gupdate1ca11cb86200880);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 133104]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-05-26 32240]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-18 2399560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-11 5265248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-12-12 21296]
S2 HP Touch Screen Enhance;HP Touch Screen Enhance;c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2009-01-20 101888]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-29 246600]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-23 05:24]
.
2011-10-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-31 02:54]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 10:41]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 10:41]
.
2011-10-09 c:\windows\Tasks\HPCeeScheduleForSam & Dwayne.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-26 10:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-01-16 3866624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-24 15836192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-24 82464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=84&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E6F9FCA-44C7-4906-9739-0E8DC1C4DB41}: NameServer = 4.2.2.2,4.2.2.1
Handler: hiro - {50BA1131-168F-4c08-A69B-4012273F222E} - c:\program files (x86)\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
Handler: hirodownload - {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - c:\program files (x86)\Hiro-Media\HiroClient\HiroProtocolHandler.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.quicksales.com.au/WebResource.axd?d=jUnCECYfKXyjKEN7IjgpZHDGowldTZ4cHB8ldMQZy_7laT5zKRrMK_XyFuERVYKFn1i4pxufLfB4SpK2rDH_K89Zu26uWREsmREGDZHXMLilTbHaXaKJyMN0VhcjlLbVkmSuqto6g4rSiY0jA0E_gVhzHYosmIdZomPqTkHZrsubN8mo0&t=634459933126428576
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: AVG Security Toolbar: avg@toolbar - %profile%\extensions\avg@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Wow6432Node-HKCU-Run-Nokia Home Server Manager - c:\program files (x86)\Nokia\Nokia Home Media Server\NHSM.exe
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\16 \1aT"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-26 18:04:02
ComboFix-quarantined-files.txt 2011-10-26 08:03
.
Pre-Run: 266,731,196,416 bytes free
Post-Run: 266,718,310,400 bytes free
.
- - End Of File - - 29DC82C5274788F408658224FCB42DE5

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 26 October 2011 - 09:26 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 27 October 2011 - 07:28 PM

Nothing strange happened during the scan. The firewall keeps turning off though.


ComboFix 11-10-25.04 - Sam & Dwayne 27/10/2011 11:21:00.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.4094.1456 [GMT 10:00]
Running from: c:\users\Sam & Dwayne\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam & Dwayne\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sam & Dwayne\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\SAM&DW~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 01:37 . 2011-10-27 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 23:49 . 2011-10-25 23:49 -------- d-----w- c:\program files (x86)\uTorrent
2011-10-25 23:48 . 2011-10-25 23:48 -------- d-----w- c:\users\Sam & Dwayne\AppData\Local\uTorrent
2011-10-18 23:29 . 2011-10-18 23:29 -------- d-----w- c:\program files\iPod
2011-10-18 23:29 . 2011-10-18 23:30 -------- d-----w- c:\program files\iTunes
2011-10-18 23:29 . 2011-10-18 23:30 -------- d-----w- c:\program files (x86)\iTunes
2011-10-18 23:26 . 2011-10-18 23:26 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-18 23:23 . 2011-10-18 23:23 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-18 23:23 . 2011-10-18 23:23 -------- d-----w- c:\program files\Bonjour
2011-10-14 19:53 . 2011-09-01 05:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-10-14 19:53 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-10-12 21:34 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 21:28 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 21:28 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 21:28 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 21:28 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-12 21:28 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 21:28 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-12 21:28 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 21:28 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-12 21:27 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 21:27 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 21:25 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:25 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 21:25 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:25 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:25 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 21:25 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 21:25 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 21:25 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-10 07:55 . 2011-10-10 07:55 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-04 10:48 . 2011-10-04 10:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 21:25 . 2011-10-03 21:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-03 12:50 . 2011-10-03 12:50 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-10-03 12:27 . 2011-10-03 12:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-03 12:21 . 2011-10-03 12:20 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 12:20 . 2011-10-03 12:20 -------- d-----w- c:\program files\Java
2011-09-30 02:09 . 2011-09-30 02:09 -------- d-----w- c:\users\Sam & Dwayne\AppData\Roaming\QuickScan
2011-09-29 04:01 . 2011-09-29 04:01 -------- d-----w- c:\users\Sam & Dwayne\AppData\Roaming\AVG2012
2011-09-29 04:00 . 2011-09-29 04:00 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-29 04:00 . 2011-09-29 04:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-29 03:58 . 2011-09-29 04:11 -------- d-----w- c:\programdata\AVG2012
2011-09-28 04:31 . 2011-09-28 04:31 -------- d-----w- c:\users\Sam & Dwayne\AppData\Roaming\Malwarebytes
2011-09-28 04:31 . 2011-09-28 04:31 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 04:31 . 2011-09-28 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-28 04:31 . 2011-08-31 07:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 21:22 . 2010-08-01 09:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-12 20:30 . 2011-09-12 20:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-05 06:31 . 2011-09-05 06:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-05 06:31 . 2011-09-05 06:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-05 06:31 . 2011-09-05 06:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-05 06:31 . 2011-09-05 06:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-05 06:31 . 2011-09-05 06:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-05 06:31 . 2011-09-05 06:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-05 06:31 . 2011-09-05 06:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-05 06:31 . 2011-09-05 06:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-05 06:31 . 2011-09-05 06:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-05 06:31 . 2011-09-05 06:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-05 06:31 . 2011-09-05 06:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-05 06:31 . 2011-09-05 06:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-05 06:31 . 2011-09-05 06:31 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-05 06:31 . 2011-09-05 06:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-05 06:31 . 2011-09-05 06:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-05 06:31 . 2011-09-05 06:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-05 06:31 . 2011-09-05 06:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-05 06:31 . 2011-09-05 06:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-05 06:31 . 2011-09-05 06:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-05 06:31 . 2011-09-05 06:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-05 06:31 . 2011-09-05 06:31 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-05 06:31 . 2011-09-05 06:31 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-05 06:31 . 2011-09-05 06:31 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-05 06:31 . 2011-09-05 06:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-05 06:31 . 2011-09-05 06:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 06:31 . 2011-09-05 06:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-05 06:31 . 2011-09-05 06:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-05 06:31 . 2011-09-05 06:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-05 06:31 . 2011-09-05 06:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-05 06:31 . 2011-09-05 06:31 448512 ----a-w- c:\windows\system32\html.iec
2011-09-05 06:31 . 2011-09-05 06:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-05 06:31 . 2011-09-05 06:31 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-05 06:31 . 2011-09-05 06:31 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-05 06:31 . 2011-09-05 06:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-05 06:31 . 2011-09-05 06:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-05 06:31 . 2011-09-05 06:31 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-30 13:05 . 2011-08-30 13:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 13:05 . 2011-08-30 13:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 13:05 . 2011-08-30 13:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 13:05 . 2011-08-30 13:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 13:05 . 2011-08-30 13:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 13:05 . 2011-08-30 13:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-07 20:08 . 2011-08-07 20:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-08-02 07:38 . 2011-08-02 07:38 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-08-02 07:38 . 2011-08-02 07:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-26_07.26.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-10-27 01:54 99746 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-26 06:42 . 2011-10-27 01:54 33758 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2750490686-534021431-3081768307-1000_UserData.bin
+ 2009-04-26 06:41 . 2011-10-26 08:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-26 06:41 . 2011-10-24 08:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-26 06:41 . 2011-10-26 08:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-26 06:41 . 2011-10-24 08:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-26 06:41 . 2011-10-24 08:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-26 06:41 . 2011-10-26 08:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-25 18:02 . 2011-10-25 18:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-27 01:47 . 2011-10-27 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-27 01:47 . 2011-10-27 01:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-25 18:02 . 2011-10-25 18:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-26 08:49 . 2011-10-26 10:45 420136 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2011-10-27 01:54 107540 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2011-10-27 01:54 615646 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-10-27 01:54 110220 c:\windows\system32\perfc009.dat
- 2011-02-10 12:47 . 2011-10-25 14:33 281596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-10 12:47 . 2011-10-27 01:45 281596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-04-26 13:09 . 2011-10-25 14:33 3336992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-26 13:09 . 2011-10-27 01:46 3336992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-07 12:42 . 2011-10-25 14:33 47858730 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2750490686-534021431-3081768307-1000-8192.dat
+ 2011-03-07 12:42 . 2011-10-27 01:45 47858730 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2750490686-534021431-3081768307-1000-8192.dat
+ 2011-09-05 11:44 . 2011-10-27 01:46 34110568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2750490686-534021431-3081768307-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-03 12:50 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-03 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-31 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-28 5492096]
"Weather Tracker3"="c:\program files (x86)\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-05-26 1148200]
"Buttons & OSDs control application gen2"="c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe" [2009-04-16 208896]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-03 1144104]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-03 210216]
"HP KEYBOARD"="c:\program files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" [2009-05-30 693760]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-03-12 1314816]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-09-22 2404704]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-10-03 218440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNzIzODY4NzY4LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLUY5TTIrMS1GTDEwKzEtWE8xMCsxMS1MSUMrMS1UVUcrMy1ERFQrMzU2MDAtREQxMEYrMS1TMTBGRERGKzUtU1QxMEZBUFArMQ&prod=90&ver=10.0.1410" [?]
.
c:\users\Sam & Dwayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hiro-Media Client.lnk - c:\program files (x86)\Hiro-Media\HiroClient\HiroClient.exe [2009-2-25 2864408]
PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-4 333088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-14 1026600]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca11cb86200880;Google Update Service (gupdate1ca11cb86200880);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 133104]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-05-26 32240]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-18 2399560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-11 5265248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-12-12 21296]
S2 HP Touch Screen Enhance;HP Touch Screen Enhance;c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2009-01-20 101888]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-29 246600]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-23 05:24]
.
2011-10-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-31 02:54]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 10:41]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-07-31 10:41]
.
2011-10-09 c:\windows\Tasks\HPCeeScheduleForSam & Dwayne.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-26 10:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-24 15836192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-24 82464]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=84&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E6F9FCA-44C7-4906-9739-0E8DC1C4DB41}: NameServer = 4.2.2.2,4.2.2.1
Handler: hiro - {50BA1131-168F-4c08-A69B-4012273F222E} - c:\program files (x86)\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
Handler: hirodownload - {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - c:\program files (x86)\Hiro-Media\HiroClient\HiroProtocolHandler.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.quicksales.com.au/WebResource.axd?d=jUnCECYfKXyjKEN7IjgpZHDGowldTZ4cHB8ldMQZy_7laT5zKRrMK_XyFuERVYKFn1i4pxufLfB4SpK2rDH_K89Zu26uWREsmREGDZHXMLilTbHaXaKJyMN0VhcjlLbVkmSuqto6g4rSiY0jA0E_gVhzHYosmIdZomPqTkHZrsubN8mo0&t=634459933126428576
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Sam & Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\lyy0xvq0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: AVG Security Toolbar: avg@toolbar - %profile%\extensions\avg@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\16 \1aT"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
.
**************************************************************************
.
Completion time: 2011-10-27 12:27:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-27 02:26
ComboFix2.txt 2011-10-26 08:04
.
Pre-Run: 269,207,556,096 bytes free
Post-Run: 269,287,858,176 bytes free
.
- - End Of File - - 3A79BAC2007F14791F963A5182B0E162

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 27 October 2011 - 08:41 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 27 October 2011 - 08:47 PM

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
µTorrent
B109a-m
Belkin Setup and Router Monitor
BufferChm
Buttons & OSDs control application gen2
Canon MP Navigator 3.0
Canon Utilities Easy-PhotoPrint EX
CyberLink DVD Suite Deluxe
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
e-tax 2009
File Type Assistant
File Uploader
Final Media Player 2011
GEAR driver installer for x86 and x64
GearDrvs
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP KEYBOARD
HP MediaSmart DVD
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Touch Optimizer
HP Touch Screen Enhance Service
HP TouchSmart
HP TouchSmart Calendar
HP TouchSmart Music/Photo/Video
HP TouchSmart Notes
HP Update
HPAsset component for HP Active Support Library
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImagXpress
ImTOO iPod Movie Converter
ImTOO MKV Converter 6
Java Auto Updater
Java™ 6 Update 27
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft FrontPage 2002
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.22)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
MYOB Accounting Plus v16 ED
MYOB Accounting Plus v17 ED
MYOB Accounting Plus v18 ED
MYOB ODBC Direct v7
MYOB ODBC Direct v8 AUS
neroxml
Nikon Message Center
Nikon Transfer
Nokia Map Loader
Nokia Photos
Nokia_Multimedia_Common_Components_2_5
PC Connectivity Solution
Photo Story 3 for Windows
PhotoScape
Picasa 3
PowerDirector
Primo
PS_AIO_06_B109a-m_SW_Min
Python 2.5.2
QuickTime
Ralink Wireless LAN
Runtime
Safari
Samsung PC Studio 3 USB Driver Installer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Sony Picture Utility
SoundMAX
Status
Symantec Technical Support Advanced Chat Controls
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Codec Package
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Weatherzone Tracker v2.04
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 27 October 2011 - 09:05 PM

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 30 October 2011 - 02:56 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 31 October 2011 - 01:15 AM

Hi Gringo,

Sorry I went away for the weekend and just got back now. I will follow all the steps above asap and post the logs. Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 31 October 2011 - 02:47 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 02 November 2011 - 05:18 AM

TCF ran without any issues. Here is my MBAM log - it said there were no threats or infections.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8066

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2/11/2011 8:08:13 PM
mbam-log-2011-11-02 (20-08-13).txt

Scan type: Quick scan
Objects scanned: 197055
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 Manna1

Manna1
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 02 November 2011 - 05:28 AM

I did the hijack scan and the notepad log was blank (it says it cannot find the log file and then asks if I want to create a new file). Plus there is no "Run as administrator" when I right click on it, only "Open". The computer is much the same. Firewall is still turning off on it's own and avg scan still picking up that win32 virus that it cant fix.

Edited by Manna1, 02 November 2011 - 05:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users