Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirection Virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 CheckersMcGavern

CheckersMcGavern

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 23 December 2011 - 06:12 PM

As instructed, I am posting this topic as an extension to the previous topic found here: http://www.bleepingcomputer.com/forums/topic433987.html

From what I can tell, it seems most (if not all) of the malicious files have been found and removed, but i still get the redirects while in Chrome (Firefox, however, seems fine).

----------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by Daniel Bright at 15:07:16 on 2011-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2460 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Medialink\MWN-USB150N\UI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\Daniel Bright\Application Data\Spotify\spotify.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Google Update] "c:\documents and settings\daniel bright\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlayNC Launcher]
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [Spotify] "c:\documents and settings\daniel bright\application data\spotify\spotify.exe" /uri spotify:autostart
mRun: [Medialink Utilty] c:\program files\medialink\mwn-usb150n\UI.exe -s
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DCFCC053-0F9C-4B9A-942D-E0E4C32804A8} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: taskmgr.exe - "c:\documents and settings\daniel bright\desktop\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\daniel bright\application data\mozilla\firefox\profiles\n7v6cacl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\daniel bright\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-2-9 91520]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-10 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-22 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-22 22216]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-8-8 709248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-23 19:20:35 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-23 19:20:35 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-23 19:16:01 -------- d-----w- c:\windows\system32\appmgmt
2011-12-23 16:26:16 -------- d-----w- c:\program files\ESET
2011-12-22 22:23:23 -------- d-----w- c:\documents and settings\daniel bright\application data\Malwarebytes
2011-12-22 22:23:18 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-12-22 22:23:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-22 22:23:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-22 22:23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-22 18:32:27 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-12-21 17:21:24 -------- d-----w- C:\Web stuff
2011-12-04 16:31:26 -------- d-----w- c:\program files\Ultimate DCUO Character Planner
2011-11-27 22:19:07 -------- d-----w- c:\documents and settings\daniel bright\local settings\application data\SCE
2011-11-27 22:19:07 -------- d-----w- c:\documents and settings\daniel bright\application data\Sony Online Entertainment
2011-11-27 22:18:17 -------- d-----w- c:\program files\Sony Online Entertainment
.
==================== Find3M ====================
.
2011-12-23 19:20:20 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-27 22:19:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.
============= FINISH: 15:07:51.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 29 December 2011 - 07:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434235 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 30 December 2011 - 09:41 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 30 December 2011 - 03:59 PM

*edited* Sorry, forgot the extras.txt from OTL

Thanks for getting back to me. I'm still getting redirections in my Chrome browser and it's getting rather irritating.
Sorry it took so long to get back but the Gmer scan literally took longer than 4 hours to complete. I have a rather large harddrive for it to scan through.


OTL logfile created on: 12/30/2011 1:07:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel Bright\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.46% Memory free
5.09 Gb Paging File | 4.22 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 256.02 Gb Free Space | 27.48% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 0.93 Gb Free Space | 0.83% Space Free | Partition Type: NTFS

Computer Name: DANIEL | User Name: Daniel Bright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 13:06:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
PRC - [2011/12/23 14:20:21 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/12/20 23:58:30 | 004,010,160 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Daniel Bright\Application Data\Spotify\spotify.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/15 13:01:35 | 000,038,704 | ---- | M] (NCSoft) -- C:\Program Files\NCSoft\Launcher\NCLauncher.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/25 19:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 14:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009/12/18 09:06:14 | 002,170,904 | ---- | M] (MEDIALINK) -- C:\Program Files\Medialink\MWN-USB150N\UI.exe
PRC - [2008/09/02 06:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/20 23:58:29 | 019,900,928 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\Spotify\Data\libcef.dll
MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/11/15 13:01:35 | 000,217,088 | ---- | M] () -- C:\Program Files\NCSoft\Launcher\UnRar.Net.dll
MOD - [2011/11/15 13:01:35 | 000,024,576 | ---- | M] () -- C:\Program Files\NCSoft\Launcher\NC.Logging.dll
MOD - [2011/11/15 10:04:09 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/15 19:13:28 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
MOD - [2011/04/15 19:12:21 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
MOD - [2011/04/15 19:12:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/04/15 19:11:45 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
MOD - [2011/04/15 19:10:25 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/04/15 19:10:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/04/15 19:10:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/04/15 19:10:06 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
MOD - [2011/04/15 19:09:08 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/15 19:08:57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/04/15 19:08:17 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/01/26 16:38:42 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/02/27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2008/09/02 06:25:26 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/23 14:20:21 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/16 18:43:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/06 04:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/18 16:42:26 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/03/18 04:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 04:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 04:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 04:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/19 21:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 21:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/30 10:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/10 19:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/03/10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/10/19 09:13:24 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/02/09 09:24:22 | 000,091,520 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-602162358-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1409082233-602162358-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 13:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/18 13:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/23 14:20:35 | 000,000,000 | ---D | M]

[2010/08/08 17:29:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Extensions
[2011/12/29 01:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions
[2010/08/08 21:24:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 16:11:13 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/23 14:55:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/23 23:17:26 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\searchplugins\youtube-video-search.xml
[2011/12/18 13:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL BRIGHT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7V6CACL.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2011/12/18 13:03:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2002/04/18 08:39:16 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\mozilla firefox\plugins\npipcd3.dll
[2005/01/19 20:48:22 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\mozilla firefox\plugins\npiPLATO_22.dll
[2011/04/04 08:35:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/18 13:03:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: iPCD3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
CHR - plugin: iPLATO_22 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Sketchout = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alkpbpdpifoiennmemiijcneidjjjlbp\1_0\
CHR - Extension: Pulsate = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli\1.1_0\
CHR - Extension: absOrb = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhngphbmaiknkijaeehlmhaighhbofa\0.0.0.1_0\
CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Super Mario Bros. Crossover = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeecbbkpegiknjlkklkajceokkdgipbm\2.1_0\
CHR - Extension: Pool = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elpllolimgdplahhfppjkplanncepfnh\1.0_0\
CHR - Extension: Bubble Witch = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fakddecahedoejongjjbomkhcdfenafh\2_0\
CHR - Extension: Chain Reaction = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.1_0\
CHR - Extension: Flood-It! = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: SparkChess = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.1.0.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2007/07/27 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Medialink Utilty] C:\Program Files\Medialink\MWN-USB150N\UI.exe (MEDIALINK)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe (NCSoft)
O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [Spotify] C:\Documents and Settings\Daniel Bright\Application Data\Spotify\spotify.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCFCC053-0F9C-4B9A-942D-E0E4C32804A8}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\DANIEL BRIGHT\DESKTOP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/08 18:10:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: IntelAudioStudio - hkey= - key= - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 13:06:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
[2011/12/24 10:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Sun
[2011/12/23 15:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Desktop\gmer
[2011/12/23 15:07:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daniel Bright\Start Menu\Programs\Administrative Tools
[2011/12/23 15:02:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Bright\Desktop\dds.scr
[2011/12/23 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/23 14:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/23 11:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/23 11:25:51 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Daniel Bright\Desktop\esetsmartinstaller_enu.exe
[2011/12/22 17:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Application Data\Malwarebytes
[2011/12/22 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/12/22 17:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/22 17:21:58 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Bright\Desktop\mbam-setup.exe
[2011/12/22 17:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Desktop\GooredFix Backups
[2011/12/22 17:15:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Daniel Bright\Desktop\GooredFix.exe
[2011/12/22 13:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/22 13:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/21 21:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Desktop\backups
[2011/12/21 12:21:24 | 000,000,000 | ---D | C] -- C:\Web stuff
[2011/12/04 11:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Start Menu\Programs\Ultimate DCUO Character Planner
[2011/12/04 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate DCUO Character Planner
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Daniel Bright\Desktop\*.tmp files -> C:\Documents and Settings\Daniel Bright\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 13:06:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
[2011/12/30 12:17:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-602162358-725345543-1003UA.job
[2011/12/30 10:56:11 | 085,517,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/30 10:50:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 10:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 22:01:49 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/29 21:17:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-602162358-725345543-1003Core.job
[2011/12/29 18:35:42 | 000,317,269 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/25 17:47:33 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\Ultimate DCUO Character Planner.lnk
[2011/12/23 15:10:05 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\gmer.zip
[2011/12/23 15:09:25 | 000,004,683 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\attach.zip
[2011/12/23 15:02:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Bright\Desktop\dds.scr
[2011/12/23 11:25:56 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Daniel Bright\Desktop\esetsmartinstaller_enu.exe
[2011/12/22 17:22:04 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Bright\Desktop\mbam-setup.exe
[2011/12/22 17:19:54 | 000,395,875 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\MiniToolBox.exe
[2011/12/22 17:14:52 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Daniel Bright\Desktop\GooredFix.exe
[2011/12/22 13:34:17 | 000,666,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/22 13:15:53 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2011/12/22 13:03:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/22 01:55:28 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\134c59da
[2011/12/22 01:52:05 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\f391a625
[2011/12/21 22:00:07 | 000,003,250 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\e4342e20
[2011/12/21 21:47:50 | 000,017,142 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\My Documents\cc_20111221_214746.reg
[2011/12/21 21:46:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/20 17:10:38 | 000,022,734 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\roadpilot.jpg
[2011/12/18 12:17:59 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\Google Chrome.lnk
[2011/12/18 12:17:59 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/05 10:26:40 | 002,006,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/04 00:15:57 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\Shortcut to ScreenShots.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Daniel Bright\Desktop\*.tmp files -> C:\Documents and Settings\Daniel Bright\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/23 15:10:06 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\gmer.zip
[2011/12/23 15:09:25 | 000,004,683 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\attach.zip
[2011/12/22 17:19:55 | 000,395,875 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\MiniToolBox.exe
[2011/12/22 13:34:09 | 000,666,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/21 21:47:48 | 000,017,142 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\My Documents\cc_20111221_214746.reg
[2011/12/21 21:43:02 | 000,003,250 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Application Data\e4342e20
[2011/12/21 21:37:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Application Data\f391a625
[2011/12/21 21:14:06 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Application Data\134c59da
[2011/12/20 17:10:38 | 000,022,734 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\roadpilot.jpg
[2011/12/04 23:45:59 | 000,183,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-602162358-725345543-1003-0.dat
[2011/12/04 23:45:57 | 000,183,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/04 11:31:28 | 000,002,541 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\Ultimate DCUO Character Planner.lnk
[2011/12/04 00:15:57 | 000,001,049 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\Shortcut to ScreenShots.lnk
[2011/07/09 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/08 14:39:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/08 10:07:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/07/08 10:07:19 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/07/08 10:07:19 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/06/26 10:39:55 | 000,001,150 | -HS- | C] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\q1u2nx02tqj12hmb8173ru330n4uw65gaf54sa10
[2011/06/26 10:39:55 | 000,001,150 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q1u2nx02tqj12hmb8173ru330n4uw65gaf54sa10
[2011/06/15 00:50:02 | 000,001,284 | -HS- | C] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
[2011/06/15 00:50:02 | 000,001,284 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
[2011/06/15 00:50:01 | 000,001,296 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Application Data\E87A.035
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010/11/07 21:20:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 19:28:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/25 23:53:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/24 22:14:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/08/09 01:39:27 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 18:26:17 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/08/08 18:26:17 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\RaCoInst.dat
[2010/08/08 18:15:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 18:08:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/08 17:28:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/08 12:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/08 12:18:17 | 002,006,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/02 06:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 07:00:00 | 000,523,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 07:00:00 | 000,095,206 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/09/24 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/20 17:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/20 17:46:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/30 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/11 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oPp06511dNiKk06511
[2011/12/22 13:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/24 08:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\AVG2012
[2011/09/27 22:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\GSC 2.00
[2010/08/10 18:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\Leadertech
[2011/06/27 17:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\LucasArts
[2011/12/15 18:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\Sony Online Entertainment
[2011/12/30 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\Spotify
[2010/10/10 12:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\SystemRequirementsLab
[2011/07/04 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\Temp
[2011/12/20 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\uTorrent
[2010/08/08 19:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\Windows Desktop Search
[2010/08/11 00:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Bright\Application Data\Windows Search
[2011/07/05 16:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/22 21:16:48 | 000,119,781 | ---- | M] () -- C:\1331L.jpg
[2010/10/22 21:16:28 | 000,185,353 | ---- | M] () -- C:\1332L.jpg
[2010/10/11 18:20:14 | 000,018,498 | ---- | M] () -- C:\23210_610276304_5904_n.jpg
[2010/08/08 18:10:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/03 16:19:00 | 001,434,163 | ---- | M] () -- C:\blackest-night-5-003-04.jpg
[2011/12/22 13:15:53 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2010/08/08 18:10:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/03 16:01:45 | 000,408,525 | ---- | M] () -- C:\gl-38.jpg
[2010/11/03 16:04:11 | 000,715,431 | ---- | M] () -- C:\green-lantern.jpg
[2011/09/25 19:59:37 | 000,011,114 | ---- | M] () -- C:\index.html
[2010/08/08 18:10:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/15 19:19:28 | 000,723,728 | ---- | M] () -- C:\Minty_Ringtone_Mp3.mp3
[2010/08/08 18:10:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/07/27 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/16 18:15:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/09 11:50:33 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2011/07/09 12:39:03 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2011/12/30 10:50:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/12/10 22:18:21 | 000,017,872 | ---- | M] () -- C:\picard2.jpg
[2010/09/22 22:45:47 | 000,049,547 | ---- | M] () -- C:\picardgamelansmall.gif
[2010/08/23 19:01:51 | 000,313,435 | ---- | M] () -- C:\screenshot_100823-20-01-51.jpg
[2010/08/13 18:59:11 | 000,000,172 | ---- | M] () -- C:\sigmatel.log
[2011/12/22 13:31:51 | 000,050,030 | ---- | M] () -- C:\TDSSKiller.2.6.24.0_22.12.2011_13.30.40_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2010/08/08 12:17:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/08/08 12:17:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/08/08 12:17:01 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/18 13:03:00 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/18 13:03:00 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/18 13:03:00 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/18 13:03:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/18 13:03:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/18 13:03:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/18 13:03:00 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/18 13:03:00 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/18 13:03:00 | 000,713,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/18 13:03:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/18 13:03:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/18 13:03:04 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 06:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files


Edited by CheckersMcGavern, 30 December 2011 - 04:33 PM.
paste OTL log


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 30 December 2011 - 04:33 PM

Hello, CheckersMcGavern.

I see that you have Process Explorer set to launch in place of the default task manager...I'm assuming that was you and intentional, but please confirm.


Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    C:\Documents and Settings\All Users\Application Data\oPp06511dNiKk06511
    C:\Documents and Settings\Daniel Bright\Application Data\134c59da
    C:\Documents and Settings\Daniel Bright\Application Data\f391a625
    C:\Documents and Settings\Daniel Bright\Application Data\e4342e20
    C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\q1u2nx02tqj12hmb8173ru330n4uw65gaf54sa10
    C:\Documents and Settings\All Users\Application Data\q1u2nx02tqj12hmb8173ru330n4uw65gaf54sa10
    C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
    C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu
    C:\Documents and Settings\Daniel Bright\Application Data\E87A.035
    :OTL
    IE - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [PlayNC Launcher] File not found
    :commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2


Please launch MBAM, update the definitions and run a Quick Scan. Please post the resulting log.



Step 3


REboot after that and see if you're still redirected in Chrome.

If you are, tell me how you are launching it...e.g. shortcut on your desktop, shortcut in the Quick Launch area in the system tray, Start Menu, etc.

Also, try to launch Chrome in a new window called Incognito. Do this by launching Chrome, then pressing Ctrl-Shift-N within chrome. Browse for a bit with it...are you redirected in Incognito mode? That will help use determine the root cause.


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 30 December 2011 - 05:43 PM

Yes, I did install that Process Explorer. I used it a while ago to do some trouble-shooting.

I did everything as asked. I'm still getting some redirects, but it's not as often this time.

I think I may have found out what's causing it, however. I opened Chrome using the desktop icon and clicked 'view background pages', mostly out of curiosity. In the list, there's a background process that Chrome is running. It's labeled Extension:default Extension. I ended the process and ran a few test searches... and I was able to get a redirect. However, I closed the browser, re-opened it and the process was back. So I did a few more test searches and got some redirects. It's not exactly solid evidence, but I thought I should share it non-the-less.

Anyway, here are the reports.
----------------------

All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\oPp06511dNiKk06511 folder moved successfully.
C:\Documents and Settings\Daniel Bright\Application Data\134c59da moved successfully.
C:\Documents and Settings\Daniel Bright\Application Data\f391a625 moved successfully.
C:\Documents and Settings\Daniel Bright\Application Data\e4342e20 moved successfully.
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\q1u2nx02tqj12hmb8173ru330n4uw65gaf54sa10 moved successfully.
C:\Documents and Settings\All Users\Application Data\q1u2nx02tqj12hmb8173ru330n4uw65gaf54sa10 moved successfully.
C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu moved successfully.
C:\Documents and Settings\All Users\Application Data\17e16t76j00yk1muao33at50sr4ruanow2v64g745xuu moved successfully.
C:\Documents and Settings\Daniel Bright\Application Data\E87A.035 moved successfully.
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1409082233-602162358-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1409082233-602162358-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1409082233-602162358-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 125830 bytes
->Temporary Internet Files folder emptied: 35883 bytes

User: All Users

User: Daniel Bright
->Temp folder emptied: 513942729 bytes
->Temporary Internet Files folder emptied: 25333841 bytes
->Java cache emptied: 2178549 bytes
->FireFox cache emptied: 450378770 bytes
->Google Chrome cache emptied: 396029677 bytes
->Flash cache emptied: 2840106 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2190207 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99275 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 47403734 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,374.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12302011_164136

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
-----------------------------------------------------------------------------

OTL logfile created on: 12/30/2011 4:47:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daniel Bright\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 74.46% Memory free
5.09 Gb Paging File | 4.28 Gb Available in Paging File | 84.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 257.37 Gb Free Space | 27.63% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 0.93 Gb Free Space | 0.83% Space Free | Partition Type: NTFS

Computer Name: DANIEL | User Name: Daniel Bright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 13:06:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
PRC - [2011/12/23 14:20:21 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/12/20 23:58:30 | 004,010,160 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Daniel Bright\Application Data\Spotify\spotify.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/15 13:01:35 | 000,038,704 | ---- | M] (NCSoft) -- C:\Program Files\NCSoft\Launcher\NCLauncher.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/07 19:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/25 19:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/06/22 14:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009/12/18 09:06:14 | 002,170,904 | ---- | M] (MEDIALINK) -- C:\Program Files\Medialink\MWN-USB150N\UI.exe
PRC - [2008/09/02 06:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/20 23:58:29 | 019,900,928 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\Spotify\Data\libcef.dll
MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/11/15 13:01:35 | 000,217,088 | ---- | M] () -- C:\Program Files\NCSoft\Launcher\UnRar.Net.dll
MOD - [2011/11/15 13:01:35 | 000,024,576 | ---- | M] () -- C:\Program Files\NCSoft\Launcher\NC.Logging.dll
MOD - [2011/11/15 10:04:09 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/15 19:13:28 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
MOD - [2011/04/15 19:12:21 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\9e91cca51a5ed6fb13b67558109d2726\System.Security.ni.dll
MOD - [2011/04/15 19:12:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/04/15 19:11:45 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\fdf7f1404f4a5c7f5a0463d8e7a442e4\Accessibility.ni.dll
MOD - [2011/04/15 19:10:25 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/04/15 19:10:21 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/04/15 19:10:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/04/15 19:10:06 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll
MOD - [2011/04/15 19:09:08 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/15 19:08:57 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/04/15 19:08:17 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/01/26 16:38:42 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllMultiLanguage.dll
MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllPublicFunc.dll
MOD - [2009/02/27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 15:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\dllCommonCtrl.dll
MOD - [2008/09/02 06:25:26 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Medialink\MWN-USB150N\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/23 14:20:21 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/16 18:43:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/06 04:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/18 16:42:26 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/03/18 04:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 04:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 04:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 04:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/19 21:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 21:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/30 10:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/10 19:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/03/10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/10/19 09:13:24 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/02/09 09:24:22 | 000,091,520 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mv61xx.sys -- (mv61xx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-602162358-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1409082233-602162358-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 13:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/18 13:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/23 14:20:35 | 000,000,000 | ---D | M]

[2010/08/08 17:29:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Extensions
[2011/12/29 01:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions
[2010/08/08 21:24:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 16:11:13 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/23 14:55:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/23 23:17:26 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\n7v6cacl.default\searchplugins\youtube-video-search.xml
[2011/12/18 13:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANIEL BRIGHT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\N7V6CACL.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2011/12/18 13:03:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2002/04/18 08:39:16 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\mozilla firefox\plugins\npipcd3.dll
[2005/01/19 20:48:22 | 000,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\mozilla firefox\plugins\npiPLATO_22.dll
[2011/04/04 08:35:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/18 13:03:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: iPCD3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
CHR - plugin: iPLATO_22 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Sketchout = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alkpbpdpifoiennmemiijcneidjjjlbp\1_0\
CHR - Extension: Pulsate = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli\1.1_0\
CHR - Extension: absOrb = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhngphbmaiknkijaeehlmhaighhbofa\0.0.0.1_0\
CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Super Mario Bros. Crossover = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeecbbkpegiknjlkklkajceokkdgipbm\2.1_0\
CHR - Extension: Pool = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elpllolimgdplahhfppjkplanncepfnh\1.0_0\
CHR - Extension: Bubble Witch = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fakddecahedoejongjjbomkhcdfenafh\2_0\
CHR - Extension: Chain Reaction = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.1_0\
CHR - Extension: Flood-It! = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hidcjhphimkfnacedjcnajpmlaegnddp\1.11_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: SparkChess = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.1.0.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2007/07/27 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Medialink Utilty] C:\Program Files\Medialink\MWN-USB150N\UI.exe (MEDIALINK)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe (NCSoft)
O4 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..\Run: [Spotify] C:\Documents and Settings\Daniel Bright\Application Data\Spotify\spotify.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCFCC053-0F9C-4B9A-942D-E0E4C32804A8}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\DOCUMENTS AND SETTINGS\DANIEL BRIGHT\DESKTOP\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/08 18:10:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1409082233-602162358-725345543-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1409082233-602162358-725345543-1003\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 16:41:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 13:06:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
[2011/12/24 10:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Sun
[2011/12/23 15:07:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daniel Bright\Start Menu\Programs\Administrative Tools
[2011/12/23 15:02:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Bright\Desktop\dds.scr
[2011/12/23 14:20:35 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/23 14:20:35 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/23 14:20:35 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/23 14:20:34 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/23 14:20:34 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/23 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/23 14:16:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/23 14:12:22 | 020,290,952 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Daniel Bright\Desktop\jre-7u2-windows-i586.exe
[2011/12/23 11:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/23 11:25:51 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Daniel Bright\Desktop\esetsmartinstaller_enu.exe
[2011/12/22 17:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Application Data\Malwarebytes
[2011/12/22 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/12/22 17:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/22 17:21:58 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Bright\Desktop\mbam-setup.exe
[2011/12/22 17:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Desktop\GooredFix Backups
[2011/12/22 17:15:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Daniel Bright\Desktop\GooredFix.exe
[2011/12/22 13:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/22 13:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/12/21 21:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Desktop\backups
[2011/12/21 12:21:24 | 000,000,000 | ---D | C] -- C:\Web stuff
[2011/12/04 11:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Bright\Start Menu\Programs\Ultimate DCUO Character Planner
[2011/12/04 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate DCUO Character Planner
[1 C:\Documents and Settings\Daniel Bright\Desktop\*.tmp files -> C:\Documents and Settings\Daniel Bright\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 16:44:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 16:44:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 16:24:50 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 16:17:02 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-602162358-725345543-1003UA.job
[2011/12/30 13:18:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\gmer.exe
[2011/12/30 13:17:39 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\gmer.zip
[2011/12/30 13:06:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
[2011/12/30 10:56:11 | 085,517,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/29 21:17:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-602162358-725345543-1003Core.job
[2011/12/29 18:35:42 | 000,317,269 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/25 17:47:33 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\Ultimate DCUO Character Planner.lnk
[2011/12/23 15:09:25 | 000,004,683 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\attach.zip
[2011/12/23 15:02:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Bright\Desktop\dds.scr
[2011/12/23 14:20:21 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2011/12/23 14:20:21 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2011/12/23 14:20:21 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/23 14:20:20 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2011/12/23 14:20:20 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/23 14:20:20 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011/12/23 14:12:33 | 020,290,952 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Daniel Bright\Desktop\jre-7u2-windows-i586.exe
[2011/12/23 11:25:56 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Daniel Bright\Desktop\esetsmartinstaller_enu.exe
[2011/12/22 17:22:04 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Bright\Desktop\mbam-setup.exe
[2011/12/22 17:19:54 | 000,395,875 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\MiniToolBox.exe
[2011/12/22 17:14:52 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Daniel Bright\Desktop\GooredFix.exe
[2011/12/22 13:34:17 | 000,666,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/22 13:15:53 | 000,000,220 | -HS- | M] () -- C:\boot.ini
[2011/12/22 13:03:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/21 21:47:50 | 000,017,142 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\My Documents\cc_20111221_214746.reg
[2011/12/21 21:46:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/20 17:10:38 | 000,022,734 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\roadpilot.jpg
[2011/12/18 12:17:59 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\Google Chrome.lnk
[2011/12/18 12:17:59 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/05 10:26:40 | 002,006,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/04 00:15:57 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Daniel Bright\Desktop\Shortcut to ScreenShots.lnk
[1 C:\Documents and Settings\Daniel Bright\Desktop\*.tmp files -> C:\Documents and Settings\Daniel Bright\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 13:17:41 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\gmer.zip
[2011/12/23 15:09:25 | 000,004,683 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\attach.zip
[2011/12/22 17:19:55 | 000,395,875 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\MiniToolBox.exe
[2011/12/22 13:34:09 | 000,666,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/12/21 21:47:48 | 000,017,142 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\My Documents\cc_20111221_214746.reg
[2011/12/20 17:10:38 | 000,022,734 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\roadpilot.jpg
[2011/12/04 23:45:59 | 000,183,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-602162358-725345543-1003-0.dat
[2011/12/04 23:45:57 | 000,183,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/04 11:31:28 | 000,002,541 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\Ultimate DCUO Character Planner.lnk
[2011/12/04 00:15:57 | 000,001,049 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Desktop\Shortcut to ScreenShots.lnk
[2011/07/09 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/08 14:39:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/08 10:07:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/07/08 10:07:19 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/07/08 10:07:19 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010/11/07 21:20:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/18 19:28:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/25 23:53:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/24 22:14:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/08/09 01:39:27 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 18:26:17 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/08/08 18:26:17 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\RaCoInst.dat
[2010/08/08 18:15:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 18:08:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/08 17:28:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/08 12:28:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/08 12:18:17 | 002,006,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/02 06:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 07:00:00 | 000,523,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 07:00:00 | 000,095,206 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
-------------------------------------------------------------------------------------------------


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Daniel Bright :: DANIEL [administrator]

Protection: Disabled

12/30/2011 4:59:48 PM
mbam-log-2011-12-30 (16-59-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179437
Time elapsed: 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by CheckersMcGavern, 30 December 2011 - 05:46 PM.


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 31 December 2011 - 09:46 AM

Hello, CheckersMcGavern.

The default extension should automatically load with Chrome. So, you got a redirect even when you stopped the default extension? Or you didn't. It says you did, but in context it looks like that might be a typo. Did you try browsing in Incognito mode?

Do you know what these extensions are, I couldn't find any info on them:
Sketchout
absOrb
Pool


Also, do you use Plato? There's only a few references to the add-on on the web, but it appears it may be legit.





etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 31 December 2011 - 10:39 AM

Oh sorry, that was a typo. I didn't get any redirects with the extension closed. Chrome's Incognito mode seems to keep me from getting redirected as well.

Sketchout, absOrb, and Pool are extension games that I installed into Chrome. I don't even play them anymore, so we can remove them.

Plato was something I needed to use for a class assignment, and that class has been over for quite a while now so we can get rid of it too.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 31 December 2011 - 11:53 AM

OK, let's narrow it down further. It could be add-on or extension. This will tell us which.

Launch Chrome. Click the wrench in the top right, then Tools -> Extensions.

Uncheck all boxes next to Enabled...this will disable all of them. Then close that tab...you can verify the extensions are off by going to Chrome's task manager. Browse for a while...redirected or not? If you are NOT redirected...enable them one by one until we find which one is redirected. If you ARE redirected even with all extensions disabled, let me know and we'll dig into the plug ins.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 31 December 2011 - 12:39 PM

Okay, did some extensive tests (multiple searches each, clicking at least 10 different links per search) on this one to try and make sure the results were definitive.

With all the extensions disabled, I got no redirects. I enabled the extension-in-question first and got a redirect. I disabled it and enabled everything else, and got no redirects. Shall I remove it using Chrome or do you think there is a safer way to go about it?

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 31 December 2011 - 04:45 PM

Which extension in question? You talked about the default add-ons before. Add-ons shouldn't show in the Extensions page where you unchecked items.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 31 December 2011 - 05:32 PM

It's an Extension. I apologize if I led you to believe it was an Add-on. It's titled Extension:Default Extension in the 'View Background Pages' panel. In the Extensions Page (which is found through the Tools submenu), it's called Default Extension 1.0 (Unpacked).

When I disabled it in the extension page, it also disappeared from the 'View Background Pages' list. I assume this means they are the same process.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 31 December 2011 - 06:58 PM

It wasn't you...it was the log:

CHR - plugin: Default Plug-in (Enabled) = default_plugin


You'll see others are labeled CHR - extension

No worries. Now, we need to remove it. Click the Remove button next to it in the Extensions list. Then reboot...is it gone? Are you still redirected?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 31 December 2011 - 07:06 PM

Clicking remove made it seem like it was uninstalling it. However... when I closed the browser and re-opened it, the extension was still there and it was still redirecting me. I didn't even bother to reboot the machine.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 31 December 2011 - 07:11 PM

Hello, CheckersMcGavern.
OK, manual uninstall it is. The trick is to find it.

  • Please open Notepad.
  • Copy and paste the text in the box below into Notepad.
    @ECHO OFF
    dir "C:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\" > "%USERPROFILE%\Desktop\ExtensionLog.txt"
    start "%USERPROFILE%\Desktop\ExtensionLog.txt"
    del %0
    This fix is custom made for this user's computer.
  • Select File-->Save As
  • Select File as Type: All Types (*.*)
  • Save it to your desktop as fixme.bat
  • Double-click fixme.bat on your desktop to run the fix.
  • A window will briefly pop up then close.
  • A log will open, please copy and paste it into your response.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users