Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please HELP me... Virus has knocked out firewall, Anti-Virus, MBAM and internet!


  • This topic is locked This topic is locked
49 replies to this topic

#1 34dean

34dean

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 04 February 2012 - 11:05 PM

I worked with Broni all day today and he was extremely generous with his time. My problems started about 10 days ago when I found the Vista 2012 Security virus on my machine. My AV quarantined the viruses but I had no internet. I ran the various fixes including Rkill and Combo-Fix and got my internet back a few days later. It was fine all week and then yesterday it went down again. Broni helped me through the following thread:

http://www.bleepingcomputer.com/forums/topic441308.html/page__st__15


He helped me get my internet back and my system seemed to be running better than ever tonight. Then, after running the Mini Tool Box and aswMBR tools, the computer restarted and couldn't. It asked me if I wanted to go to a restore point and repair which I selected Yes to. It restarted, slowly, and I found that my firewall was disabled, my MBAL was corrupt or missing and my Avira Anti-Virus was shot as well. Scary.

Broni then told me to follow these instructions here:

http://www.bleepingcomputer.com/forums/topic34773.html


I have begun to do that and will post the logs associated with the steps. I really appreciate anyone that can help me.

BC AdBot (Login to Remove)

 


#2 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 04 February 2012 - 11:08 PM

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Todd at 22:52:16 on 2012-02-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.1314 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080312
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mURLSearchHooks: H - No File
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: FBLayouts Plugin: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - c:\program files\fblayouts\fblayouts.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [DVDtoiPodConverter_upgrade] "c:\program files\e-zsoft\dvdtoipodconverter\DVDtoiPodConverter.exe" /upgrade
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FAEA4A5D-D35B-42FF-BCC0-EAE95EA59FA1} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\todd\appdata\roaming\mozilla\firefox\profiles\jpb1mfdf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\guffinsei\installr\1.bin\NPu4EISb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\todd\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\todd\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
.
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, c74b6902-fc0e-4b5c-aa23-3123c35c019f
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-2 36000]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-2 86224]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-2 74640]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-29 21504]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-5-25 315392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-28 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-24 28672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-4 40776]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-13 22016]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-2 110032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-13 22016]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-4-12 507264]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-05 03:01:31 -------- d-----w- c:\users\todd\appdata\local\{CF0CF528-0AA6-44FF-914B-12789AB7F44F}
2012-02-05 02:51:40 -------- d-----w- c:\users\todd\appdata\local\{95573B7F-9707-42B3-B473-CA6F6C588F90}
2012-02-05 02:49:29 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-05 02:04:25 -------- d-----w- c:\users\todd\appdata\local\{9B1E4933-7CF6-411F-BE84-C617410EDCDB}
2012-02-05 02:03:45 -------- d-----w- c:\users\todd\appdata\local\{DC2F115F-F86B-4A87-A599-2D9F926E548C}
2012-02-04 23:07:51 -------- d-----w- C:\SupportSoft
2012-02-04 21:59:00 -------- d-----w- c:\users\todd\appdata\local\{9902D47C-E44C-4980-A6B1-0CEE0052F933}
2012-02-04 21:14:47 -------- d-----w- c:\users\todd\appdata\local\{E7F5E99A-A415-4CE9-BD56-78C05A006187}
2012-02-04 21:09:54 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-04 15:27:10 -------- d-----w- c:\users\todd\appdata\local\{093C8817-5F5B-4307-87A6-8E41D52E3044}
2012-02-04 15:08:05 -------- d-----w- c:\users\todd\appdata\local\{E8C509F0-46DB-40A8-B245-B31D9F12149D}
2012-02-04 15:01:58 -------- d-----w- c:\users\todd\appdata\local\{848C40BE-8C3F-4AA1-BF89-A8ED9DC6304A}
2012-02-04 14:39:11 -------- d-s---w- C:\ComboFix2
2012-02-04 14:35:53 -------- d-----w- c:\users\todd\appdata\local\{69DB8366-9719-4C81-BA4D-1B80CCC4394C}
2012-02-04 02:41:03 -------- d-----w- c:\users\todd\appdata\local\{2AA55150-C8DC-45E4-BADF-915375E5F693}
2012-02-03 23:05:43 -------- d-----w- c:\users\todd\appdata\local\{1EFD7A81-8313-4B51-903A-964312E85641}
2012-02-03 22:36:49 -------- d-----w- c:\users\todd\appdata\local\{D4324E72-603A-497E-B51E-8D35F07620A6}
2012-02-03 13:23:11 -------- d-----w- c:\users\todd\appdata\local\{7D14D9E0-2595-4492-8336-96ACDEBB5C4E}
2012-02-03 11:32:24 -------- d-----w- c:\users\todd\appdata\local\{E4537A4E-D500-49B2-B260-FA5BCFC254CD}
2012-02-02 12:15:23 -------- d-----w- c:\users\todd\appdata\local\{669705DA-30F7-4082-B020-60664D6FC0AC}
2012-02-02 11:44:37 -------- d-----w- c:\users\todd\appdata\roaming\Avira
2012-02-02 11:43:29 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-02 11:43:29 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-02 11:43:16 -------- d-----w- c:\programdata\Avira
2012-02-02 11:43:16 -------- d-----w- c:\program files\Avira
2012-02-02 03:14:12 -------- d-----w- c:\users\todd\appdata\local\{5AC01B76-A41C-4099-81E4-B03CA17E59BF}
2012-02-02 02:54:08 -------- d-----w- c:\users\todd\appdata\roaming\AVG
2012-02-01 22:31:27 -------- d-----w- c:\users\todd\appdata\local\{E05B233C-1AA8-4AC3-A1EF-FEEFFD827A0B}
2012-02-01 20:20:41 -------- d-----w- c:\users\todd\appdata\local\{F9B1BC94-3B2A-43B7-BC28-5ABFA240FCC8}
2012-02-01 20:20:13 -------- d-----w- c:\users\todd\appdata\local\{B1EB8CA0-4667-4521-A0BD-11FC96B7F99B}
2012-02-01 13:01:04 -------- d-----w- c:\users\todd\appdata\local\{BFD59D19-0E1A-4E9B-8C2C-E049FABEEF49}
2012-02-01 13:00:44 -------- d-----w- c:\users\todd\appdata\local\{F1A7A3A2-2924-47E0-9DA1-5D45841AD329}
2012-02-01 11:34:34 -------- d-----w- c:\users\todd\appdata\local\{54C43CCE-B7F1-43FD-9D48-5980F6908BAB}
2012-02-01 11:34:06 -------- d-----w- c:\users\todd\appdata\local\{9A6B85EB-8DB8-4107-96AD-4088BBDDEB83}
2012-01-30 11:34:26 -------- d-----w- c:\users\todd\appdata\local\{760F00C4-0F8A-4FFB-B2B9-A23037BD4CFE}
2012-01-29 16:09:57 -------- d-----w- C:\Data
2012-01-29 14:40:45 -------- d-----w- c:\users\todd\appdata\local\{920EA861-05F3-4386-B7F3-D58607ABAD7F}
2012-01-29 14:40:11 -------- d-----w- c:\users\todd\appdata\local\{F6F657B4-098B-4C12-A23F-7C4B35F7E8C1}
2012-01-27 22:58:12 -------- d-----w- c:\users\todd\appdata\local\{D7ABC94A-1CFD-477B-B2E5-E67483C3D353}
2012-01-27 22:57:40 -------- d-----w- c:\users\todd\appdata\local\{C32CF5D3-A87F-499D-8700-1C31DA10566D}
2012-01-26 21:22:49 -------- d-----w- c:\users\todd\appdata\local\{71BC8435-287A-4468-9605-EAC5D95D4208}
2012-01-26 10:30:12 -------- d-----w- c:\users\todd\appdata\local\{7FA5AFAB-87BF-40CE-827C-38DCAACB3FF6}
2012-01-26 10:29:38 -------- d-----w- c:\users\todd\appdata\local\{AE6265C8-D5E9-4EB3-9706-C47F4E24C703}
2012-01-26 10:27:31 -------- d-----w- c:\programdata\boost_interprocess
2012-01-24 21:40:36 -------- d-----w- c:\users\todd\appdata\roaming\DVDVideoSoft
2012-01-24 21:40:14 -------- d-----w- c:\program files\Conduit
2012-01-24 21:40:11 -------- d-----w- c:\program files\DVDVideoSoftTB
2012-01-24 21:39:44 -------- d-----w- c:\users\todd\appdata\roaming\DVDVideoSoftIEHelpers
2012-01-24 21:39:00 -------- d-----w- c:\program files\DVDVideoSoft
2012-01-24 21:39:00 -------- d-----w- c:\program files\common files\DVDVideoSoft
2012-01-24 21:26:23 -------- d-----w- c:\users\todd\appdata\local\Ilivid Player
2012-01-24 21:25:32 -------- dc-h--w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-01-24 21:25:17 -------- d-----w- c:\program files\iLivid
2012-01-24 21:24:30 -------- d-----w- c:\program files\Windows iLivid Toolbar
2012-01-24 19:00:17 -------- d-----w- c:\users\todd\appdata\local\{ABD77353-6066-41B8-8F7D-9E237E6750F0}
2012-01-21 15:41:29 -------- d-----w- c:\users\todd\appdata\local\{0B196723-EF21-4B88-934F-1D70327B3EF2}
2012-01-21 15:35:20 -------- d-----w- c:\users\todd\appdata\local\{69B998F4-93FC-4665-BB05-1E29D1EF9123}
2012-01-19 03:47:03 -------- d-----w- c:\users\todd\appdata\local\{217F6F54-B666-4381-9138-2F3097FD246E}
2012-01-19 03:46:30 -------- d-----w- c:\users\todd\appdata\local\{B8597BBD-86CB-47B5-B66A-2B1C0076AA55}
2012-01-19 02:43:40 -------- d-----w- c:\users\todd\appdata\local\{459C8F1A-48D1-4360-B1D0-FDD0CA8C7039}
2012-01-19 01:04:07 98816 ----a-w- c:\windows\sed.exe
2012-01-19 01:04:07 518144 ----a-w- c:\windows\SWREG.exe
2012-01-19 01:04:07 256000 ----a-w- c:\windows\PEV.exe
2012-01-19 01:04:07 208896 ----a-w- c:\windows\MBR.exe
2012-01-18 22:29:48 -------- d-----w- c:\users\todd\appdata\local\{C5E60B49-F3AC-44FB-9D82-4C2FF41EC28B}
2012-01-18 03:39:37 -------- d-----w- c:\users\todd\appdata\local\{1316E855-3E09-44F6-8A4C-A1DF2EDD7FC5}
2012-01-18 03:31:35 -------- d-----w- c:\users\todd\appdata\local\{CBD48E3E-670B-4E0E-9E80-A08B82E7EEDB}
2012-01-18 03:21:01 -------- d-----w- c:\users\todd\appdata\local\{98A01D18-663D-4693-BE40-31AA92842C2E}
2012-01-18 02:52:15 -------- d-----w- c:\users\todd\appdata\local\{9A9DC9AE-742F-4FF9-BBFE-A676C5727BE5}
2012-01-18 01:29:14 -------- d-----w- c:\users\todd\appdata\local\{9A36B507-1E03-4CE3-A9A0-2D3A64DBFC01}
2012-01-17 22:29:37 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-17 22:29:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 22:29:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-17 22:29:37 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-17 22:29:37 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 22:29:36 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 11:08:20 -------- d-----w- c:\users\todd\appdata\local\{F1A0B213-CA1F-4798-A4E4-DE45A3FD73FC}
2012-01-11 18:40:53 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 18:40:52 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 18:40:51 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:40:50 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:40:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 18:40:47 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 18:40:45 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:40:44 497152 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 22:52:59.99 ===============

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:12 AM

Posted 06 February 2012 - 07:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 06 February 2012 - 05:33 PM

OTL logfile created on: 2/6/2012 5:10:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.29% Memory free
4.22 Gb Paging File | 3.36 Gb Available in Paging File | 79.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 189.29 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.00 Gb Free Space | 59.99% Space Free | Partition Type: NTFS
Drive E: | 624.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: FREDRIKSEN | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 17:01:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/12/06 05:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/04/22 07:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/07/27 05:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/07/27 04:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/10/03 11:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 21:31:27 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/10 21:31:27 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/10/14 02:36:13 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/14 02:34:45 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:34:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/27 04:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2012/02/06 17:03:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/27 04:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 04:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/22 09:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 09:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/12 15:50:16 | 000,507,264 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/03/20 10:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/10/18 17:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - No CLSID value found


IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080312
IE - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="

FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Guffins.com/Plugin: C:\Program Files\GuffinsEI\Installr\1.bin\NPu4EISB.dll (Guffins)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Todd\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Todd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/02/20 23:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 21:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/05 00:48:03 | 000,000,000 | ---D | M]

[2012/02/04 18:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Extensions
[2009/01/19 15:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/08/04 17:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/04 18:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions
[2010/06/20 19:09:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/30 17:31:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/10 20:34:10 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/01/24 16:40:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/01/08 10:35:27 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2012/02/05 00:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/24 16:39:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/08/01 09:06:44 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/09/29 14:20:01 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/28 15:39:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/28 12:26:43 | 000,000,000 | ---D | M] (SmileBox EN Community Toolbar) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{f897eb0e-a3a4-46c3-80eb-2729699d8892}(229)
[2011/12/24 21:22:42 | 000,000,000 | ---D | M] (ShopToWin8) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}(230)
[2010/03/23 08:31:38 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\ChoiceGuard@Microsoft
[2010/09/18 18:29:26 | 000,000,000 | ---D | M] (FBLayouts) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\fblayouts@hotlayouts2u.com
[2011/08/15 21:04:00 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\plugin@yontoo.com
[2011/12/30 08:58:52 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\extensions\wecarereminder@bryan
[2010/04/02 11:19:06 | 000,001,490 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\AIM Search.xml
[2009/07/04 21:54:09 | 000,004,207 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\aim-search.xml
[2012/01/29 11:09:07 | 000,002,342 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\aol-search.xml
[2011/01/02 19:03:18 | 000,002,333 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\askcom.xml
[2010/09/14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\BearShareWebSearch.xml
[2011/01/25 15:40:28 | 000,001,919 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\bing-zugo.xml
[2009/09/08 17:41:54 | 000,000,557 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\bing.xml
[2012/01/22 13:20:10 | 000,000,931 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\conduit.xml
[2009/08/01 09:06:46 | 000,005,407 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\fast-browser-search.xml
[2011/10/02 13:52:29 | 000,002,169 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\MyStart Search.xml
[2011/10/02 18:33:03 | 000,009,932 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\mywebsearch.xml
[2011/03/20 22:35:16 | 000,003,295 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\search-results.xml
[2012/01/24 16:24:31 | 000,002,519 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\Search_Results.xml
[2009/05/28 14:15:19 | 000,000,246 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\jpb1mfdf.default\searchplugins\Yoog Search.xml
[2012/02/04 18:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/24 20:33:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/10 13:43:08 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
() (No name found) -- C:\USERS\TODD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPB1MFDF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TODD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JPB1MFDF.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/09/14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/24 16:24:31 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (FBLayouts Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\FBLayouts\fblayouts.dll (HotLayouts2U)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDtoiPodConverter_upgrade] C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe (E-Z soft)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Users\LaurenHannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAEA4A5D-D35B-42FF-BCC0-EAE95EA59FA1}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/06/20 04:42:28 | 000,000,039 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2b3b0427-e7e5-11e0-a64a-001d098850e3}\Shell - "" = AutoRun
O33 - MountPoints2\{2b3b0427-e7e5-11e0-a64a-001d098850e3}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 22:01:31 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{CF0CF528-0AA6-44FF-914B-12789AB7F44F}
[2012/02/04 21:51:40 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{95573B7F-9707-42B3-B473-CA6F6C588F90}
[2012/02/04 21:49:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/04 21:04:25 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{9B1E4933-7CF6-411F-BE84-C617410EDCDB}
[2012/02/04 21:03:45 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{DC2F115F-F86B-4A87-A599-2D9F926E548C}
[2012/02/04 18:07:51 | 000,000,000 | ---D | C] -- C:\SupportSoft
[2012/02/04 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{9902D47C-E44C-4980-A6B1-0CEE0052F933}
[2012/02/04 16:14:47 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{E7F5E99A-A415-4CE9-BD56-78C05A006187}
[2012/02/04 10:27:10 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{093C8817-5F5B-4307-87A6-8E41D52E3044}
[2012/02/04 10:08:05 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{E8C509F0-46DB-40A8-B245-B31D9F12149D}
[2012/02/04 10:01:58 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{848C40BE-8C3F-4AA1-BF89-A8ED9DC6304A}
[2012/02/04 09:39:11 | 000,000,000 | --SD | C] -- C:\ComboFix2
[2012/02/04 09:35:53 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{69DB8366-9719-4C81-BA4D-1B80CCC4394C}
[2012/02/03 21:41:03 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{2AA55150-C8DC-45E4-BADF-915375E5F693}
[2012/02/03 18:05:43 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{1EFD7A81-8313-4B51-903A-964312E85641}
[2012/02/03 17:36:49 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{D4324E72-603A-497E-B51E-8D35F07620A6}
[2012/02/03 08:23:11 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{7D14D9E0-2595-4492-8336-96ACDEBB5C4E}
[2012/02/03 06:32:24 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{E4537A4E-D500-49B2-B260-FA5BCFC254CD}
[2012/02/02 07:15:23 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{669705DA-30F7-4082-B020-60664D6FC0AC}
[2012/02/02 06:44:37 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\Avira
[2012/02/02 06:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/02/02 06:43:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/02/02 06:43:29 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/02 06:43:29 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/02/02 06:43:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/02/02 06:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/02/02 06:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/02/01 22:14:12 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{5AC01B76-A41C-4099-81E4-B03CA17E59BF}
[2012/02/01 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\AVG
[2012/02/01 17:31:27 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{E05B233C-1AA8-4AC3-A1EF-FEEFFD827A0B}
[2012/02/01 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{F9B1BC94-3B2A-43B7-BC28-5ABFA240FCC8}
[2012/02/01 15:20:13 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{B1EB8CA0-4667-4521-A0BD-11FC96B7F99B}
[2012/02/01 08:01:04 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{BFD59D19-0E1A-4E9B-8C2C-E049FABEEF49}
[2012/02/01 08:00:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{F1A7A3A2-2924-47E0-9DA1-5D45841AD329}
[2012/02/01 06:34:34 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{54C43CCE-B7F1-43FD-9D48-5980F6908BAB}
[2012/02/01 06:34:06 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{9A6B85EB-8DB8-4107-96AD-4088BBDDEB83}
[2012/01/30 06:34:26 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{760F00C4-0F8A-4FFB-B2B9-A23037BD4CFE}
[2012/01/29 11:09:57 | 000,000,000 | ---D | C] -- C:\Data
[2012/01/29 09:40:45 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{920EA861-05F3-4386-B7F3-D58607ABAD7F}
[2012/01/29 09:40:11 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{F6F657B4-098B-4C12-A23F-7C4B35F7E8C1}
[2012/01/27 17:58:12 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{D7ABC94A-1CFD-477B-B2E5-E67483C3D353}
[2012/01/27 17:57:40 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{C32CF5D3-A87F-499D-8700-1C31DA10566D}
[2012/01/26 16:22:49 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{71BC8435-287A-4468-9605-EAC5D95D4208}
[2012/01/26 05:30:12 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{7FA5AFAB-87BF-40CE-827C-38DCAACB3FF6}
[2012/01/26 05:29:38 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{AE6265C8-D5E9-4EB3-9706-C47F4E24C703}
[2012/01/26 05:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/01/24 20:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/24 16:40:36 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\DVDVideoSoft
[2012/01/24 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/01/24 16:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2012/01/24 16:39:44 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/24 16:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/01/24 16:39:00 | 000,000,000 | ---D | C] -- C:\Users\Todd\Documents\DVDVideoSoft
[2012/01/24 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012/01/24 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012/01/24 16:27:30 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Roaming\vlc
[2012/01/24 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\Ilivid Player
[2012/01/24 16:25:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2012/01/24 16:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2012/01/24 16:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/01/24 16:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/01/24 14:00:17 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{ABD77353-6066-41B8-8F7D-9E237E6750F0}
[2012/01/21 10:41:29 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{0B196723-EF21-4B88-934F-1D70327B3EF2}
[2012/01/21 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{69B998F4-93FC-4665-BB05-1E29D1EF9123}
[2012/01/18 22:47:03 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{217F6F54-B666-4381-9138-2F3097FD246E}
[2012/01/18 22:46:30 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{B8597BBD-86CB-47B5-B66A-2B1C0076AA55}
[2012/01/18 21:43:40 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{459C8F1A-48D1-4360-B1D0-FDD0CA8C7039}
[2012/01/18 20:04:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/18 20:04:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/18 20:04:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/18 20:04:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/18 19:59:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/18 17:29:48 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{C5E60B49-F3AC-44FB-9D82-4C2FF41EC28B}
[2012/01/17 22:39:37 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{1316E855-3E09-44F6-8A4C-A1DF2EDD7FC5}
[2012/01/17 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{CBD48E3E-670B-4E0E-9E80-A08B82E7EEDB}
[2012/01/17 22:21:01 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{98A01D18-663D-4693-BE40-31AA92842C2E}
[2012/01/17 21:52:15 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{9A9DC9AE-742F-4FF9-BBFE-A676C5727BE5}
[2012/01/17 20:29:14 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{9A36B507-1E03-4CE3-A9A0-2D3A64DBFC01}
[2012/01/12 06:08:20 | 000,000,000 | ---D | C] -- C:\Users\Todd\AppData\Local\{F1A0B213-CA1F-4798-A4E4-DE45A3FD73FC}
[2012/01/11 13:40:52 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 13:40:50 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 13:40:48 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 13:40:45 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 13:40:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 17:15:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{665C0C49-AC7D-495B-A19B-04C1B3B2CB07}.job
[2012/02/06 17:03:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/06 17:03:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 17:03:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 17:03:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 17:03:32 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 22:51:10 | 000,000,905 | ---- | M] () -- C:\Users\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 21:36:45 | 000,000,512 | ---- | M] () -- C:\Users\Todd\Desktop\MBR.dat
[2012/02/03 06:36:31 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/03 06:36:31 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 06:44:05 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/02/01 22:18:26 | 057,068,132 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/01 17:34:27 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 08:54:08 | 087,917,769 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2012/01/30 18:47:59 | 000,497,390 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/25 21:56:51 | 000,000,832 | ---- | M] () -- C:\Users\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/25 21:56:51 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/24 20:42:28 | 000,568,832 | ---- | M] () -- C:\Users\Todd\Desktop\richard.MSWMM
[2012/01/24 20:33:22 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 16:39:26 | 000,000,994 | ---- | M] () -- C:\Users\Todd\Desktop\DVDVideoSoft Free Studio.lnk
[2012/01/24 16:39:16 | 000,001,153 | ---- | M] () -- C:\Users\Todd\Desktop\Free YouTube to MP3 Converter.lnk
[2012/01/24 16:25:30 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2012/01/18 22:15:07 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/17 21:18:33 | 000,008,973 | ---- | M] () -- C:\ProgramData\7ba6ee75
[2012/01/17 21:18:33 | 000,008,942 | ---- | M] () -- C:\Users\Todd\AppData\Roaming\5fddc5ac
[2012/01/17 21:18:33 | 000,008,821 | ---- | M] () -- C:\Users\Todd\AppData\Local\ee20e3c3
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 21:36:45 | 000,000,512 | ---- | C] () -- C:\Users\Todd\Desktop\MBR.dat
[2012/02/02 06:44:05 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/24 20:33:22 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/24 20:30:49 | 000,568,832 | ---- | C] () -- C:\Users\Todd\Desktop\richard.MSWMM
[2012/01/24 16:39:26 | 000,000,994 | ---- | C] () -- C:\Users\Todd\Desktop\DVDVideoSoft Free Studio.lnk
[2012/01/24 16:39:16 | 000,001,153 | ---- | C] () -- C:\Users\Todd\Desktop\Free YouTube to MP3 Converter.lnk
[2012/01/24 16:25:30 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2012/01/18 20:04:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/18 20:04:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/18 20:04:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/18 20:04:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/18 20:04:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/17 15:07:56 | 000,008,973 | ---- | C] () -- C:\ProgramData\7ba6ee75
[2012/01/17 15:07:56 | 000,008,942 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\5fddc5ac
[2012/01/17 15:07:56 | 000,008,821 | ---- | C] () -- C:\Users\Todd\AppData\Local\ee20e3c3
[2011/08/14 19:45:23 | 000,270,848 | ---- | C] () -- C:\Windows\unwise.exe
[2011/08/14 19:42:57 | 000,000,060 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/12/26 10:02:20 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/26 10:02:20 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\Bundle
[2010/12/26 09:57:50 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/26 09:57:50 | 000,000,000 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\Brother
[2010/04/28 15:07:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/03 12:55:16 | 000,000,408 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/02/14 12:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/02/14 12:19:28 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010/02/14 12:19:28 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010/01/30 11:08:10 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/11/02 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/16 22:59:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/16 22:59:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/01 16:16:34 | 000,000,680 | ---- | C] () -- C:\Users\Todd\AppData\Local\d3d9caps.dat
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/13 18:46:34 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/13 18:46:34 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/22 15:08:00 | 000,000,443 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/01/23 20:08:46 | 000,000,030 | ---- | C] () -- C:\Windows\System32\hgset.ini
[2009/01/23 20:08:45 | 000,085,293 | ---- | C] () -- C:\Windows\System32\cont_adsoftinc-remove.exe
[2009/01/04 15:09:42 | 000,000,602 | ---- | C] () -- C:\Windows\ka.ini
[2009/01/02 11:38:49 | 000,000,848 | ---- | C] () -- C:\Windows\disney.ini
[2008/10/31 02:01:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/11 19:12:02 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2008/08/09 15:32:59 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT
[2008/08/08 13:33:00 | 000,008,306 | ---- | C] () -- C:\Users\Todd\AppData\Roaming\wklnhst.dat
[2008/07/27 20:45:20 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2008/07/27 19:39:54 | 000,080,896 | ---- | C] () -- C:\Users\Todd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/12 01:28:07 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/12 01:28:07 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/03/12 01:28:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,351,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/26 22:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\sandbox\Package_for_KB941649~31bf3856ad364e35~x86~~6.0.2.1\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/12 01:18:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/26 21:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\sandbox\Package_for_KB941649~31bf3856ad364e35~x86~~6.0.2.1\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/03/12 01:18:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 369 bytes -> C:\ProgramData\TEMP:B72729D8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:81AA7C39
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:49CABE45
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C76BA037
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E21D3CA0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:33384BC0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B28D896C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:13DF9DD1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C210B4D5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:483AC68A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CE6885F1
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:00811B66

< End of report >







OTL Extras logfile created on: 2/6/2012 5:10:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.29% Memory free
4.22 Gb Paging File | 3.36 Gb Available in Paging File | 79.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 189.29 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.00 Gb Free Space | 59.99% Space Free | Partition Type: NTFS
Drive E: | 624.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: FREDRIKSEN | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21D9B76A-99AD-42A7-8C60-8F1AD104D348}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{3813DF49-0D63-417F-8A44-CB993D771228}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{39E8BB08-093F-43F4-8537-7B58CDC78337}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DA91F13-46F4-471E-873D-E2836AEF9774}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{781E84F0-02C3-4624-ACE6-95613510672A}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{8FA9C0DF-4E70-47B3-A9C0-686406615812}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{9B181163-68CE-4362-AC2D-1DF4EF31A432}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BA2BEA35-F89E-4288-9EBA-0DBAF42DACA3}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{D1A4522B-C0DA-4502-8E66-D33187288121}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{D2E9C140-C59B-4B66-A0C0-681762DAEA25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B9E9F15-43C9-4DB5-ADB2-446FE34DFD13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E826BE1-8F95-40EF-8B25-1454B99B66FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{439D431B-8D74-411F-89E0-F472AE48820D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E8E8BFB-0DDF-4E76-AC1D-5E75B31E1B6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{50ABC4AD-F936-4288-847D-4C12C033517D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{85743B5F-D673-4AD0-92BD-C5835B845AE7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8991F4B2-8B99-4110-A463-3733FB57C9E9}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{9096ABD8-0FD8-49D1-B00D-E28E7D9E3390}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{93C25D90-D92F-42E0-960E-6FBF7065E61B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{9A329C90-6212-41FD-A408-8C6C9ED748F6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B164051C-AB3E-4997-AD56-45110B3C4F99}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{C07BD6D5-7BAA-4212-B013-B7CC02D39134}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{CD311ACD-B0CB-4973-BBEE-8DC6A8C1650F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{CE9571C8-18C2-4A7C-A729-A9A4757DE34B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF93226C-14AE-47F0-9835-FBC6B391FA91}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"TCP Query User{3D6859BC-4042-4EAC-8419-983D5CF81CC8}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{744400D8-1ED3-4F4F-8194-F689096A1F0B}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"TCP Query User{A0BAB98E-EBF4-4AD8-A039-E3CD8369F1A4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D644D950-E802-4F12-A4DD-554402D88694}E:\life\life.exe" = protocol=6 | dir=in | app=e:\life\life.exe |
"TCP Query User{DCA6908F-6DE3-46E5-98AD-F634CF61C95F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{0461CEB9-EDC7-4EA7-AC62-7837F948594D}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"UDP Query User{25E236C9-B1AE-4FA6-9F47-1A6EB010B3B0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{961E15B7-1253-4063-A313-59047AF373A5}E:\life\life.exe" = protocol=17 | dir=in | app=e:\life\life.exe |
"UDP Query User{AFC53F54-CCA4-49FE-9A8B-1E613B452978}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{D2C8DCF2-F37A-4294-B133-71D856B6D038}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF501B5-A37F-467F-8C91-303884F64D9A}" = PC CIF Camer@
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AT&T WorldNet Software" = AT&T WorldNet Setup
"ATT-SST" = AT&T Service & Support Tool
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON Printer Software
"FBLayouts" = FBLayouts Plugin
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"iLivid" = iLivid
"InstallShield_{4BF501B5-A37F-467F-8C91-303884F64D9A}" = PC CIF Camer@
"JS1G2001" = JumpStart 1st Grade 2001
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"SpongeBob SquarePants" = SpongeBob SquarePants® Operation Krabby Patty
"TBSB05288.TBSB05288Toolbar" = ECO Bar
"TomTom HOME" = TomTom HOME 2.8.2.2264
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-130462885-1753284759-2683629059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:12 AM

Posted 06 February 2012 - 06:49 PM

Hi,

I'm seeing a ton of dubious toolbars and firefox add-ons. Do you use add-ons? If so which did you install?

Please rerun a scan with FSS and post it here.

regrads myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:12 AM

Posted 06 February 2012 - 06:52 PM

Hi,

I'm seeing a ton of dubious toolbars and firefox add-ons. Do you use add-ons? If so which did you install?

Please rerun a scan with FSS and post it here.

regrads myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 06 February 2012 - 07:31 PM

I think the kids download that crap. :(




Farbar Service Scanner Version: 04-02-2012 01
Ran by Todd (administrator) on 06-02-2012 at 19:29:03
Running from "F:\"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-08-16 22:59] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-08-16 22:58] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:12 AM

Posted 07 February 2012 - 06:52 AM

Hi,

do you know if said kids also use the toolbars? Cause if they don't (and it's likely that stuff is usually installed alongside other programs), I would recommend removing most of it.

In the mean time please download and run restoreBFE: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

then reboot and post a new log of FSS.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 February 2012 - 07:18 AM

Farbar Service Scanner Version: 04-02-2012 01
Ran by Todd (administrator) on 07-02-2012 at 07:15:50
Running from "F:\"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-08-16 22:59] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-08-16 22:58] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:12 AM

Posted 07 February 2012 - 07:46 AM

Hi,

that was quite some progress :) Let's see if this steps helps:

please download PsExec. Extract it and drop psexec.exe onto your desktop.

Then please run the following:


Please open an elevated command prompt and type in:
cd C:\users\todd\desktop (if you're not running this from the useraccount dale please replace accordingly. If you prefer to store the psexec.exe elsewhere, please adapt the path accordingly)
psexec -s swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /GE:F



Now merge this following Registry Fix:

Download LEGACY_TDX.reg and save it on your desktop. Do the same for MpsSvc.reg

Locate the files on your desktop right click and select Run as Administrator for each of it, an information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Once the file has run, the information will have merged with your registry so you can delete the .reg files from your desktop as you won't be needing it any more.



Once the reg fix has been successfully merged run this following command from an elevated command prompt:


cd C:\users\todd\desktop
psexec -s swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /RE:F



now reboot and let me know if you can now connect.


Please post a fresh scan with Farbar Service Scanner > Post the resulting log

Edited by myrti, 07 February 2012 - 08:14 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 February 2012 - 09:39 AM

How do I run an elevated command prompt? I can only run as Administrator and cannot overwrite anything. ?

Thanks

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:12 AM

Posted 07 February 2012 - 09:50 AM

Hi,
sorry.

Open your start menu, type cmd in the search box at the bottom. Wait till cmd.exe shows in the results, then right click that and select Run as Adminsitrator. This will open the elevated command prompt.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 February 2012 - 11:37 AM

I will try again when I am home at 5:30 EST. I appreciate your time and help! :thumbup2:

#14 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 February 2012 - 06:12 PM

Hi,
sorry.

Open your start menu, type cmd in the search box at the bottom. Wait till cmd.exe shows in the results, then right click that and select Run as Adminsitrator. This will open the elevated command prompt.

regards myrti




When I open CMD as Administrator, I see:

C:\Windows\system32>


Do I type in cd C:\users\todd\desktop where the cursor prompt is? I can't overwrite/delete the C:\Windows\system32>

Sorry... I am a beginner at this stuff.

#15 34dean

34dean
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 07 February 2012 - 06:18 PM

If I was supposed to type in after the 32> and hit enter, I see:

C:\Users\Todd\Desktop>

When I right click on the two red files, I do not see "Run as Administrator" but do see "Merge". When I click on Merge a warning window pops up asking me if I am sure I want to add information. When I click Yes, I get an error message stating "Cannot import F:\LEGACY_TDX.reg: Error accessing the registry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users