Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Hapili Google keeps redirecting


  • This topic is locked This topic is locked
26 replies to this topic

#1 CarolR227

CarolR227

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 20 April 2012 - 10:39 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 1.6.0_25
Run by Carol at 21:45:54 on 2012-04-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3739 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
Err:510
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\spool\DRIVERS\x64\3\fppdis4.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Bandoo\Bandoo.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\WINDOWS\RAVCpl64.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Software Informer\softinfo.exe
C:\Windows\system32\WerCon.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\aol\1273715729\ee\aolsoftware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Carol\Documents\Downloads\Programs\Defogger.exe
C:\Program Files (x86)\AOL Desktop 9.6b\waol.exe
C:\Program Files (x86)\AOL Desktop 9.6b\shellmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
Err:510
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60347
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No File
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120419213834.dll
BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI9130~1\Datamngr\BROWSE~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB: {2E5E800E-6AC0-411E-940A-369530A35E43} - No File
TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Software Informer] "C:\Program Files (x86)\Software Informer\softinfo.exe" -autorun
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [fsm]
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [drivermgr] C:\Users\Carol\AppData\Roaming\devicemgrpro.exe
uRun: [scvci] rundll32.exe "C:\Users\Carol\AppData\Local\Temp\scvci.dll",EnumExposureCompNext
uRun: [AdobeBridge]
uRun: [AllMyNotes] C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe -autostartup
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6b\AOL.EXE" -b
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\HP\KBD\KbdStub.EXE
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI9130~1\Datamngr\DATAMN~1.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1273715729\ee\AOLSoftware.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Carol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files (x86)\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: Crawler Search - tbr:iemenu
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {035E680E-B668-472F-91F3-E850BCC5051F} - C:\Program Files (x86)\Inbox\Notes\CNotes.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{0FBC74EA-7DB1-468F-9A84-41F4A50572C0} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{A61FDEA7-4131-41D7-88AA-6577776E5CA7} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
AppInit_DLLs: c:\progra~2\wi9130~1\datamngr\datamngr.dll c:\progra~2\wi9130~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO-X64: AOL Toolbar Launcher - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120419213834.dll
BHO-X64: scriptproxy - No File
BHO-X64: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI9130~1\Datamngr\BROWSE~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO-X64: Bandoo IE Plugin - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
TB-X64: {2E5E800E-6AC0-411E-940A-369530A35E43} - No File
TB-X64: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB-X64: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\HP\KBD\KbdStub.EXE
mRun-x64: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI9130~1\Datamngr\DATAMN~1.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1273715729\ee\AOLSoftware.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {035E680E-B668-472F-91F3-E850BCC5051F} - C:\Program Files (x86)\Inbox\Notes\CNotes.exe
AppInit_DLLs-X64: c:\progra~2\wi9130~1\datamngr\datamngr.dll c:\progra~2\wi9130~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
Err:510
.
FF - ProfilePath - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extentions.y2layers.installId - 2a24a62e-59db-4421-9927-d9d3e1fd0fac
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
FF - user.js: extensions.BabylonToolbar_i.id - ba18cd73000000000000001644ccc75d
FF - user.js: extensions.BabylonToolbar_i.hardId - ba18cd73000000000000001644ccc75d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15406
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:20:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109930
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
Err:510
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-8-18 198240]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-26 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-26 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-7-26 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-26 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-26 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 pdfFactory4;pdfFactory Pro 4;C:\WINDOWS\System32\spool\drivers\x64\3\fppdis4.exe [2011-1-15 763904]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-29 918880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-2 136176]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-28 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-2 136176]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-5-10 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
Err:510
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.txt=
.
Err:510
.
04/20/12 02:38 AM 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
04/20/12 12:45 AM -------- d-----w- C:\ProgramData\Visan
04/18/12 09:35 PM -------- d-----w- C:\Program Files (x86)\FileStream
04/13/12 05:11 AM 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
04/13/12 05:10 AM 78848 ----a-w- C:\Windows\System32\imagehlp.dll
04/13/12 05:10 AM 5632 ----a-w- C:\Windows\System32\wmi.dll
04/13/12 05:10 AM 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
04/13/12 05:10 AM 219136 ----a-w- C:\Windows\System32\wintrust.dll
04/13/12 05:10 AM 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
04/13/12 05:10 AM 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
04/13/12 05:10 AM 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
04/13/12 04:32 AM -------- d-----w- C:\Program Files\iPod
04/13/12 04:32 AM -------- d-----w- C:\Program Files\iTunes
04/13/12 04:32 AM -------- d-----w- C:\Program Files (x86)\iTunes
04/13/12 04:19 AM -------- d-----w- C:\Program Files (x86)\AllMyNotes Organizer
04/05/12 06:35 PM 45056 ----a-w- C:\Windows\SysWow64\sstunst3.exe
04/05/12 06:35 PM 573440 ----a-w- C:\Windows\SysWow64\Backcountry Gallery.scr
04/04/12 05:53 AM 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
04/04/12 05:53 AM 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
04/03/12 08:49 PM -------- d-----w- C:\Program Files (x86)\EZ Cards Creator
04/03/12 08:45 PM -------- d-----w- C:\Users\Carol\AppData\Roaming\Clip Art Collection
04/02/12 12:27 AM -------- d-----w- C:\Users\Carol\AppData\Roaming\PDAppFlex
04/02/12 12:27 AM -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
03/30/12 05:47 AM -------- d-----w- C:\Program Files (x86)\AOL Desktop 9.6b
03/30/12 05:43 AM -------- d-----w- C:\Program Files (x86)\AOL Desktop 9.6a
03/30/12 05:28 AM 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
03/30/12 05:27 AM -------- d-----w- C:\Program Files (x86)\ATI
03/30/12 05:19 AM -------- d-----w- C:\ATI
03/30/12 05:12 AM -------- d-----w- C:\Users\Carol\AppData\Roaming\Blitware
03/30/12 05:12 AM -------- d-----w- C:\Program Files (x86)\Driver Robot
03/30/12 04:41 AM 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
03/30/12 04:37 AM -------- d-----w- C:\Users\Carol\AppData\Local\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}
03/30/12 04:36 AM 210051234 ----a-w- C:\Users\Carol\AppData\Roaming\devicemgrpro.exe
03/30/12 04:02 AM -------- d-----w- C:\ProgramData\UAB
03/30/12 04:02 AM -------- d-----w- C:\Users\Carol\AppData\Local\PC_Drivers_Headquarters
03/30/12 04:02 AM -------- d-----w- C:\ProgramData\Driver Manager
03/30/12 04:01 AM -------- d-----w- C:\Program Files (x86)\Driver Manager
03/30/12 03:54 AM -------- d-----w- C:\ProgramData\AVG Secure Search
03/30/12 03:54 AM -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
03/30/12 03:54 AM -------- d-----w- C:\Program Files (x86)\AVG Secure Search
03/30/12 03:53 AM 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
03/30/12 03:53 AM -------- d-----w- C:\Users\Carol\AppData\Local\SlimWare Utilities Inc
03/30/12 03:53 AM -------- d--h--w- C:\ProgramData\Common Files
03/30/12 03:53 AM -------- d-----w- C:\Program Files (x86)\DriverUpdate
03/30/12 03:38 AM -------- d-----w- C:\Users\Carol\AppData\Local\ElevatedDiagnostics
03/28/12 04:37 AM -------- d-----w- C:\Windows\System32\wbem\Framework\root\CPUThermometer
03/28/12 04:37 AM -------- d-----w- C:\Windows\System32\wbem\Framework\root
03/28/12 04:37 AM -------- d-----w- C:\Windows\System32\wbem\Framework
03/27/12 02:43 AM -------- d-----w- C:\Program Files (x86)\Lavalys
03/26/12 01:42 AM 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
03/26/12 01:42 AM -------- d-----w- C:\Program Files\CPUID
03/26/12 01:42 AM -------- d-----w- C:\Program Files (x86)\Ask.com
.
Err:510
.
04/17/12 09:34 PM 5642 --sha-w- C:\ProgramData\KGyGaAvL.sys
04/14/12 03:28 PM 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
02/28/12 11:30 AM 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
02/28/12 11:25 AM 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
02/28/12 11:25 AM 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
02/28/12 11:25 AM 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
02/28/12 11:25 AM 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
02/28/12 10:07 AM 385024 ----a-w- C:\Windows\SysWow64\html.iec
02/28/12 08:12 AM 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
02/28/12 08:08 AM 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
02/28/12 07:10 AM 947472 ----a-w- C:\Windows\SysWow64\msjava.dll
02/28/12 06:34 AM 1147392 ----a-w- C:\Windows\System32\wininet.dll
02/28/12 06:30 AM 56832 ----a-w- C:\Windows\System32\licmgr10.dll
02/28/12 06:30 AM 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
02/28/12 06:30 AM 77312 ----a-w- C:\Windows\System32\iesetup.dll
02/28/12 06:30 AM 132096 ----a-w- C:\Windows\System32\iesysprep.dll
02/28/12 05:41 AM 479232 ----a-w- C:\Windows\System32\html.iec
02/28/12 05:00 AM 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
02/28/12 04:58 AM 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
02/23/12 06:40 PM 5276432 ----a-w- C:\Windows\uninst.exe
02/14/12 04:49 PM 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
02/14/12 04:49 PM 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
02/14/12 03:45 PM 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
02/14/12 03:45 PM 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
02/13/12 02:38 PM 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
02/13/12 02:12 PM 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
02/13/12 02:06 PM 834048 ----a-w- C:\Windows\System32\d2d1.dll
02/13/12 02:03 PM 1555968 ----a-w- C:\Windows\System32\DWrite.dll
02/13/12 01:47 PM 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
02/13/12 01:44 PM 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
02/08/12 01:13 AM 149640 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
02/07/12 04:02 PM 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
02/02/12 03:34 PM 2765824 ----a-w- C:\Windows\System32\win32k.sys
.
Err:510

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 21 April 2012 - 07:37 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 21 April 2012 - 05:51 PM

Thanks for responding.

When I attempt to run ComboFix it hangs up at "Attempting to establish restore point". It stays there for hours and won't go any further.

Carol

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 21 April 2012 - 06:01 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

if nothing happens in 30min come back and let me know

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 21 April 2012 - 08:16 PM

When I attempt to run it in safe mode it tells me that access is denied and that I need administrator approval. I then run it as administrator and I get the same message. I run it in command prompt as admin and still get the same message. what do I do next?

Thanks for your help.

Carol

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 21 April 2012 - 08:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 21 April 2012 - 09:35 PM

The TDSSKiller shows no threats found but will not allow me to copy it. Here is a copy of the aswMBR log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 20:59:54
-----------------------------
20:59:54.350 OS Version: Windows x64 6.0.6002 Service Pack 2
20:59:54.350 Number of processors: 4 586 0x203
20:59:54.350 ComputerName: CAROL-PC1 UserName: Carol
20:59:57.122 Initialize success
21:00:47.959 AVAST engine defs: 12042101
21:01:20.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
21:01:20.674 Disk 0 Vendor: NVIDIA__ Size: 715404MB BusType: 8
21:01:20.703 Disk 0 MBR read successfully
21:01:20.706 Disk 0 MBR scan
21:01:20.711 Disk 0 unknown MBR code
21:01:20.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 703926 MB offset 63
21:01:20.752 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11476 MB offset 1441640970
21:01:20.816 Disk 0 scanning C:\Windows\system32\drivers
21:01:37.507 Service scanning
21:01:45.325 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
21:02:05.319 Modules scanning
21:02:05.329 Disk 0 trace - called modules:
21:02:05.353 ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys acpi.sys storport.sys hal.dll nvstor64.sys
21:02:05.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800638d790]
21:02:05.364 3 CLASSPNP.SYS[fffffa6000795c33] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8005e4bb20]
21:02:05.371 5 nvrd64.sys[fffffa60009b25d0] -> nt!IofCallDriver -> [0xfffffa8004e719e0]
21:02:05.379 7 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8005e41860]
21:02:08.271 AVAST engine scan C:\Windows
21:02:29.335 AVAST engine scan C:\Windows\system32
21:12:13.374 AVAST engine scan C:\Windows\system32\drivers
21:13:02.487 AVAST engine scan C:\Users\Carol
21:23:02.005 Disk 0 MBR has been saved successfully to "C:\Users\Carol\Documents\MBR.dat"
21:23:02.016 The log file has been saved successfully to "C:\Users\Carol\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 20:59:54
-----------------------------
20:59:54.350 OS Version: Windows x64 6.0.6002 Service Pack 2
20:59:54.350 Number of processors: 4 586 0x203
20:59:54.350 ComputerName: CAROL-PC1 UserName: Carol
20:59:57.122 Initialize success
21:00:47.959 AVAST engine defs: 12042101
21:01:20.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
21:01:20.674 Disk 0 Vendor: NVIDIA__ Size: 715404MB BusType: 8
21:01:20.703 Disk 0 MBR read successfully
21:01:20.706 Disk 0 MBR scan
21:01:20.711 Disk 0 unknown MBR code
21:01:20.714 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 703926 MB offset 63
21:01:20.752 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11476 MB offset 1441640970
21:01:20.816 Disk 0 scanning C:\Windows\system32\drivers
21:01:37.507 Service scanning
21:01:45.325 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
21:02:05.319 Modules scanning
21:02:05.329 Disk 0 trace - called modules:
21:02:05.353 ntoskrnl.exe CLASSPNP.SYS disk.sys nvrd64.sys acpi.sys storport.sys hal.dll nvstor64.sys
21:02:05.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800638d790]
21:02:05.364 3 CLASSPNP.SYS[fffffa6000795c33] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8005e4bb20]
21:02:05.371 5 nvrd64.sys[fffffa60009b25d0] -> nt!IofCallDriver -> [0xfffffa8004e719e0]
21:02:05.379 7 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8005e41860]
21:02:08.271 AVAST engine scan C:\Windows
21:02:29.335 AVAST engine scan C:\Windows\system32
21:12:13.374 AVAST engine scan C:\Windows\system32\drivers
21:13:02.487 AVAST engine scan C:\Users\Carol
21:23:02.005 Disk 0 MBR has been saved successfully to "C:\Users\Carol\Documents\MBR.dat"
21:23:02.016 The log file has been saved successfully to "C:\Users\Carol\Documents\aswMBR.txt"
21:29:34.901 Disk 0 MBR has been saved successfully to "C:\Users\Carol\Documents\MBR.dat"
21:29:34.908 The log file has been saved successfully to "C:\Users\Carol\Documents\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 21 April 2012 - 10:04 PM

Hello


I would like to know which browsers are redirecting and check all that are installed



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 21 April 2012 - 10:09 PM

I have IE and Mozilla Firefox installed. It is Mozilla that is redirecting.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 21 April 2012 - 10:27 PM

hello


I want you to uninstall it and if asked about user data or settings remove that also

reinstall firefox and see if it still redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 21 April 2012 - 11:30 PM

Okay, but it doesn't redirect all the time so it might be a few days before I know for certain if that solves the problem.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 21 April 2012 - 11:57 PM

Hello


OK keep me posted and in the mean time I will check for a few things


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 22 April 2012 - 02:01 AM

OTL logfile created on: 4/22/2012 1:50:01 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Carol\Documents\Downloads\Programs
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.76 Gb Available Physical Memory | 62.71% Memory free
17.91 Gb Paging File | 15.29 Gb Available in Paging File | 85.35% Paging File free
Paging file location(s): c:\pagefile.sys 12282 12282 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.43 Gb Total Space | 482.06 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive D: | 11.21 Gb Total Space | 1.15 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: CAROL-PC1 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carol\Documents\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\aol\1273715729\ee\aolsoftware.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.)
PRC - C:\WINDOWS\SysWOW64\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{9427041a-a8dc-4d06-9a68-93873486e957}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (pdfFactory4) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\fppdis4.exe (FinePrint Software, LLC)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Bandoo Coordinator) -- C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\DRIVERS\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\avgidseha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LVUVC64) Logitech Webcam C160(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (wanatw) WAN Miniport (ATW) -- C:\Windows\SysNative\DRIVERS\wanatw64.sys (America Online, Inc.)
DRV - (mcdbus) -- C:\WINDOWS\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{9926A87A-087C-46D8-8CF9-1D9DC214A537}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=2&systemid=101&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol-chromesbox-en-us&tb_uuid=20100513015651616&tb_oid=13-05-2010&tb_mrud=10-02-2011
IE - HKLM\..\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9926A87A-087C-46D8-8CF9-1D9DC214A537}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=2&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm036YYus&ptb=AF7236F5-6F74-44D2-96A6-FDB74E7FF46B&psa=&ind=2012020702&ptnrS=YKxdm036YYus&si=767xxxxx1f&st=sb&n=77ecffde&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.crawler.com/homepage.aspx?tbid=60347
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=ba18cd73000000000000001644ccc75d
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=YLC&o=102400&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QA&apn_dtid=YYYYYYYYUS&apn_uid=B4D21A9C-067C-4351-8D9F-365762560282&apn_sauid=156B612B-A64A-4700-9EB2-C643F2CBC3BA
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{5E16CD6F-E176-D55B-CF3E-10C647B785C9}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8E6A2005-A188-409D-A474-354D0D8BA1FC}&mid=2d18ced3ac2647d087e8d14acce4e9e6-e6bc52fbdb8f806995af3373cce1e1f3ecb29ee7&lang=en&ds=ts026&pr=sa&d=2012-03-29 22:54:16&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{9926A87A-087C-46D8-8CF9-1D9DC214A537}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=374563&p={searchTerms}
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=2&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm036YYus&ptb=AF7236F5-6F74-44D2-96A6-FDB74E7FF46B&psa=&ind=2012020702&ptnrS=YKxdm036YYus&si=767xxxxx1f&st=sb&n=77ecffde&searchfor={searchTerms}
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{DD2FF794-CB76-2726-F5E6-1807534DB7FE}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111105&iesrc={referrer:source}
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 3.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6980
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: rsDownloader@163.com:2.0.3
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.45
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.3


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.9.0.23: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/21 20:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~2\Crawler\firefox\ [2011/04/02 18:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin [2012/02/23 16:11:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/21 20:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/21 20:24:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 23:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 13:42:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/21 20:26:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\ffox@bandoo.com [2011/11/05 23:26:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Carol\AppData\Roaming\IDM\idmmzcc5 [2012/04/15 14:35:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}: C:\Users\Carol\AppData\Local\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}\ [2012/03/29 23:37:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Carol\AppData\Roaming\IDM\idmmzcc5 [2012/04/15 14:35:50 | 000,000,000 | ---D | M]

[2012/02/23 14:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\Mozilla\Extensions
[2012/04/20 14:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions
[2012/03/23 22:44:25 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/05/13 22:37:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/18 16:19:31 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2012/03/17 16:41:05 | 000,000,000 | ---D | M] (Productivity 3.1 Community Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{9427041a-a8dc-4d06-9a68-93873486e957}
[2011/12/21 01:28:56 | 000,000,000 | ---D | M] (TotalRecipeSearch) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
[2011/11/05 23:26:05 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\ffox@bandoo.com
[2012/03/18 16:19:44 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/11/25 23:46:39 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\m3ffxtbr@mywebsearch.com
[2011/10/31 23:24:05 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\plugin@yontoo.com
[2010/10/18 00:12:45 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\searchtoolbar@zugo.com
[2011/04/29 17:40:44 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\support@ancestry.com
[2012/04/21 14:42:21 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\toolbar@ask.com
[2011/03/09 17:06:34 | 000,002,277 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\aol-search.xml
[2012/03/17 17:12:02 | 000,002,574 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\askcom.xml
[2011/11/04 21:07:34 | 000,001,945 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\bing-zugo.xml
[2011/11/06 11:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\conduit.xml
[2011/06/24 22:28:54 | 000,001,463 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\crawlersrch.xml
[2010/07/26 17:41:10 | 000,010,059 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\mywebsearch.xml
[2011/12/12 01:01:39 | 000,002,520 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\SearchResults.xml
[2012/04/21 23:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/30 00:52:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/30 15:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com
[2011/10/30 15:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2012/03/29 23:37:01 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\CAROL\APPDATA\LOCAL\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}
[2012/04/15 14:35:50 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\CAROL\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll
[2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/03/29 22:54:11 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/07 14:20:03 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/12 01:01:39 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: WorldWinner Firefox Launcher Plugin (Enabled) = C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Bandoo = C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: Click to call with Skype = C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2011/05/13 03:06:03 | 000,434,037 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14940 more lines...
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1273715729\ee\AOLSoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [AllMyNotes] C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe (Vladonai Software (http://www.vladonai.com))
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [drivermgr] C:\Users\Carol\AppData\Roaming\devicemgrpro.exe ()
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [scvci] C:\Users\Carol\AppData\Local\Temp\scvci.dll ()
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: &AOL Toolbar Search - c:\Program Files (x86)\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files (x86)\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Desktop Notes - {035E680E-B668-472F-91F3-E850BCC5051F} - C:\Program Files (x86)\Inbox\Notes\CNotes.exe (Crawler.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FBC74EA-7DB1-468F-9A84-41F4A50572C0}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A61FDEA7-4131-41D7-88AA-6577776E5CA7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tbr - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi9130~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi9130~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Carol\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Carol\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 20:25:54 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\AVG2012
[2012/04/21 20:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/04/21 20:24:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/04/21 20:24:09 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/04/21 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/21 20:24:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/04/21 20:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/04/21 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/04/21 20:02:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/21 12:25:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/21 12:25:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/21 12:25:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/21 12:25:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/21 12:22:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/20 22:36:09 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\attach
[2012/04/19 19:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/04/18 19:11:24 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\SamsungSCL906camcorderphotos1
[2012/04/18 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\FrameShop
[2012/04/18 16:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileStream FrameShop
[2012/04/18 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileStream
[2012/04/13 00:11:09 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 00:10:40 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/13 00:10:40 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 00:10:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 23:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/12 23:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/12 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/12 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/12 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\AllMyNotes
[2012/04/12 23:19:06 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AllMyNotes Organizer
[2012/04/12 23:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AllMyNotes Organizer
[2012/04/12 23:02:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 23:02:30 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 23:02:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/12 23:02:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/04/12 23:02:29 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 23:02:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 23:02:29 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/12 23:02:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/12 23:02:29 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 23:02:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 23:02:29 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/04/12 23:02:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/04/12 23:02:29 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 23:02:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 23:02:29 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/04/12 23:02:29 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/04/12 23:02:29 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/12 23:02:28 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/04/12 23:02:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/12 23:02:28 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/04/12 23:02:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/04/12 23:02:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/04/12 23:02:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/04/12 23:02:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/04/12 23:02:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 23:02:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/04/12 23:02:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/12 23:02:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/12 23:02:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/09 12:28:13 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\Easter2012004
[2012/04/05 13:35:40 | 000,045,056 | ---- | C] (Stardust Software) -- C:\Windows\SysWow64\sstunst3.exe
[2012/04/05 13:35:36 | 000,573,440 | ---- | C] (Stardust Software) -- C:\Windows\SysWow64\Backcountry Gallery.scr
[2012/04/03 15:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Cards Creator
[2012/04/03 15:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EZ Cards Creator
[2012/04/03 15:45:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\Clip Art Collection
[2012/04/02 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\AAAJACK'SSPEECH1961
[2012/04/01 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\PDAppFlex
[2012/04/01 19:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/04/01 19:26:34 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\Adobe
[2012/04/01 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/30 00:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.6b
[2012/03/30 00:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.6a
[2012/03/30 00:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/30 00:28:07 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/03/30 00:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2012/03/30 00:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/30 00:19:11 | 000,000,000 | ---D | C] -- C:\ATI
[2012/03/30 00:12:42 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\Blitware
[2012/03/30 00:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Robot
[2012/03/30 00:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Robot
[2012/03/29 23:41:11 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/29 23:41:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/29 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}
[2012/03/29 23:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/03/29 23:02:34 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\PC_Drivers_Headquarters
[2012/03/29 23:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Manager
[2012/03/29 23:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
[2012/03/29 23:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Manager
[2012/03/29 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\SlimWare Utilities Inc
[2012/03/29 22:53:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/29 22:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2012/03/29 22:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[2012/03/29 22:38:00 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\ElevatedDiagnostics
[2012/03/28 15:22:49 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\butterflies
[2012/03/27 23:38:56 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\Visual Studio 2010
[2012/03/26 21:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2012/03/26 21:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2012/03/25 20:42:50 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012/03/25 20:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/03/25 20:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/03/25 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/22 01:43:07 | 000,004,146 | ---- | M] () -- C:\Users\Carol\Documents\Mozilla Bookmarks.rtf
[2012/04/22 01:34:55 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 01:34:55 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 01:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 01:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 00:07:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 00:03:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED6F5FD7-E830-4569-902C-9AF48F38DE5F}.job
[2012/04/21 23:43:50 | 000,000,914 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/21 23:43:50 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/21 23:40:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/21 23:38:00 | 005,186,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/21 23:37:52 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2012/04/21 23:36:26 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/04/21 23:35:27 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\FppLicense4.ini
[2012/04/21 23:34:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 23:34:44 | 2146,668,543 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/21 21:33:16 | 000,004,289 | ---- | M] () -- C:\Users\Carol\Documents\aswMBR1.csv
[2012/04/21 21:29:34 | 000,000,512 | ---- | M] () -- C:\Users\Carol\Documents\MBR.dat
[2012/04/21 20:39:13 | 000,001,607 | ---- | M] () -- C:\Users\Carol\Documents\TDSSKiller.rtf
[2012/04/21 20:27:50 | 061,123,090 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/21 20:24:43 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/21 20:24:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/21 20:24:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/20 22:36:09 | 000,005,387 | ---- | M] () -- C:\Users\Carol\Documents\attach.zip
[2012/04/20 22:11:06 | 000,017,902 | ---- | M] () -- C:\Users\Carol\Documents\Attach.csv
[2012/04/20 21:20:44 | 000,000,000 | ---- | M] () -- C:\Users\Carol\defogger_reenable
[2012/04/20 17:27:01 | 000,896,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/20 17:27:01 | 000,740,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/20 17:27:01 | 000,156,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/20 02:43:27 | 000,000,116 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2012/04/20 02:42:31 | 000,058,975 | ---- | M] () -- C:\Users\Carol\Documents\WinUtilities DiskDefrag Report (2012-04-20 002517).mht
[2012/04/18 19:11:24 | 000,325,897 | ---- | M] () -- C:\Users\Carol\Documents\SamsungSCL906camcorderphotos1.zip
[2012/04/18 16:36:02 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\FrameShop.lnk
[2012/04/17 18:39:06 | 000,002,573 | ---- | M] () -- C:\Users\Carol\Documents\samsung SCL906 camcorder DESCRIPTION FOR EBAY.rtf
[2012/04/17 17:33:47 | 000,018,758 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2012/04/17 16:34:10 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/04/16 19:54:57 | 000,000,252 | ---- | M] () -- C:\Users\Carol\Documents\1940 Census Alton.rtf
[2012/04/14 10:28:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 10:28:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 10:28:08 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 23:35:18 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/12 23:35:18 | 000,001,866 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/12 23:33:24 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/12 23:24:05 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012/04/12 23:19:06 | 000,001,940 | ---- | M] () -- C:\Users\Carol\Desktop\AllMyNotes Organizer.lnk
[2012/04/11 15:39:54 | 000,018,011 | ---- | M] () -- C:\Users\Carol\Documents\Satin Allmond Krylon K02437.jpg
[2012/04/11 15:37:42 | 000,018,002 | ---- | M] () -- C:\Users\Carol\Documents\Honeydew Krylon K02335.jpg
[2012/04/09 12:28:13 | 000,281,468 | ---- | M] () -- C:\Users\Carol\Documents\Easter2012004.zip
[2012/04/07 13:54:36 | 000,000,615 | ---- | M] () -- C:\Users\Carol\Documents\stan.rtf
[2012/04/06 19:50:46 | 004,857,506 | ---- | M] () -- C:\Users\Carol\Documents\Alton, IL Map 1940 Census Districts.jpg
[2012/04/05 22:32:09 | 000,045,056 | ---- | M] (Stardust Software) -- C:\Windows\SysWow64\sstunst3.exe
[2012/04/05 22:32:06 | 025,509,419 | ---- | M] () -- C:\Windows\SysWow64\Backcountry Gallery.ibx
[2012/04/05 22:32:06 | 007,373,956 | ---- | M] () -- C:\Windows\SysWow64\Backcountry Gallery.mbx
[2012/04/05 22:32:06 | 000,573,440 | ---- | M] (Stardust Software) -- C:\Windows\SysWow64\Backcountry Gallery.scr
[2012/04/05 21:37:27 | 000,005,812 | ---- | M] () -- C:\Users\Carol\Documents\Nikon N50.rtf
[2012/04/05 13:53:48 | 003,918,654 | ---- | M] () -- C:\Windows\Backcountry Gallery Wallpaper.bmp
[2012/04/04 20:01:03 | 002,184,597 | ---- | M] () -- C:\Users\Carol\Documents\amh.pdf
[2012/04/04 00:07:34 | 000,000,220 | ---- | M] () -- C:\Users\Carol\Documents\Amazon.rtf
[2012/04/03 16:05:13 | 000,013,312 | ---- | M] () -- C:\Users\Carol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/03 15:49:14 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\EZ Cards Creator.lnk
[2012/04/02 13:35:19 | 000,326,839 | ---- | M] () -- C:\Users\Carol\Documents\AAAJACK'SSPEECH1961.zip
[2012/04/02 01:36:31 | 000,107,035 | ---- | M] () -- C:\Users\Carol\Documents\P1040479.jpg
[2012/04/01 20:49:36 | 000,104,348 | ---- | M] () -- C:\Users\Carol\Documents\P1040482.jpg
[2012/04/01 20:47:33 | 000,103,667 | ---- | M] () -- C:\Users\Carol\Documents\P1040510.jpg
[2012/03/30 14:06:00 | 000,631,944 | ---- | M] () -- C:\Users\Carol\Documents\Ola Langacker Robertson 1948.pdf
[2012/03/30 00:49:28 | 000,000,963 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2012/03/30 00:49:28 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.6.lnk
[2012/03/30 00:31:31 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012/03/30 00:27:46 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2012/03/30 00:12:40 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Driver Robot.lnk
[2012/03/29 23:36:41 | 210,051,234 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\devicemgrpro.exe
[2012/03/29 23:01:39 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Driver Manager.lnk
[2012/03/29 22:53:50 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2012/03/29 20:17:56 | 000,001,517 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2012/03/28 13:03:54 | 000,174,309 | ---- | M] () -- C:\Users\Carol\Documents\CharlesFMorrowMaryEGrahammarriageinfo.jpg
[2012/03/27 19:16:50 | 000,024,086 | ---- | M] () -- C:\Users\Carol\Documents\readme.ods
[2012/03/26 21:43:14 | 000,000,939 | ---- | M] () -- C:\Users\Carol\Desktop\EVEREST Home Edition.lnk
[2012/03/26 11:28:32 | 000,069,868 | ---- | M] () -- C:\Users\Carol\Documents\Brenda and Gerald Boucher.jpg
[2012/03/25 23:20:02 | 000,035,170 | ---- | M] () -- C:\Users\Carol\Documents\HD9850 Processor stats.ods
[2012/03/25 20:42:51 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 00:00:29 | 000,004,146 | ---- | C] () -- C:\Users\Carol\Documents\Mozilla Bookmarks.rtf
[2012/04/21 23:43:50 | 000,000,914 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/21 23:43:50 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/21 23:43:50 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/21 21:33:14 | 000,004,289 | ---- | C] () -- C:\Users\Carol\Documents\aswMBR1.csv
[2012/04/21 21:23:02 | 000,000,512 | ---- | C] () -- C:\Users\Carol\Documents\MBR.dat
[2012/04/21 20:39:13 | 000,001,607 | ---- | C] () -- C:\Users\Carol\Documents\TDSSKiller.rtf
[2012/04/21 20:27:50 | 061,123,090 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/21 20:24:43 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/04/21 20:24:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/04/21 20:24:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/04/21 20:07:35 | 2146,668,543 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/21 12:25:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/21 12:25:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/21 12:25:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/21 12:25:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/21 12:25:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/20 22:36:09 | 000,005,387 | ---- | C] () -- C:\Users\Carol\Documents\attach.zip
[2012/04/20 22:11:04 | 000,017,902 | ---- | C] () -- C:\Users\Carol\Documents\Attach.csv
[2012/04/20 21:20:44 | 000,000,000 | ---- | C] () -- C:\Users\Carol\defogger_reenable
[2012/04/20 02:42:30 | 000,058,975 | ---- | C] () -- C:\Users\Carol\Documents\WinUtilities DiskDefrag Report (2012-04-20 002517).mht
[2012/04/18 19:11:23 | 000,325,897 | ---- | C] () -- C:\Users\Carol\Documents\SamsungSCL906camcorderphotos1.zip
[2012/04/18 16:36:02 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\FrameShop.lnk
[2012/04/17 12:15:51 | 000,002,573 | ---- | C] () -- C:\Users\Carol\Documents\samsung SCL906 camcorder DESCRIPTION FOR EBAY.rtf
[2012/04/15 21:47:43 | 000,000,252 | ---- | C] () -- C:\Users\Carol\Documents\1940 Census Alton.rtf
[2012/04/12 23:33:24 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/12 23:24:05 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2012/04/12 23:19:06 | 000,001,940 | ---- | C] () -- C:\Users\Carol\Desktop\AllMyNotes Organizer.lnk
[2012/04/11 15:39:53 | 000,018,011 | ---- | C] () -- C:\Users\Carol\Documents\Satin Allmond Krylon K02437.jpg
[2012/04/11 15:37:39 | 000,018,002 | ---- | C] () -- C:\Users\Carol\Documents\Honeydew Krylon K02335.jpg
[2012/04/09 12:28:11 | 000,281,468 | ---- | C] () -- C:\Users\Carol\Documents\Easter2012004.zip
[2012/04/07 13:54:36 | 000,000,615 | ---- | C] () -- C:\Users\Carol\Documents\stan.rtf
[2012/04/06 19:50:45 | 004,857,506 | ---- | C] () -- C:\Users\Carol\Documents\Alton, IL Map 1940 Census Districts.jpg
[2012/04/05 21:37:27 | 000,005,812 | ---- | C] () -- C:\Users\Carol\Documents\Nikon N50.rtf
[2012/04/05 13:53:31 | 003,918,654 | ---- | C] () -- C:\Windows\Backcountry Gallery Wallpaper.bmp
[2012/04/05 13:35:37 | 007,373,956 | ---- | C] () -- C:\Windows\SysWow64\Backcountry Gallery.mbx
[2012/04/05 13:35:36 | 025,509,419 | ---- | C] () -- C:\Windows\SysWow64\Backcountry Gallery.ibx
[2012/04/04 20:01:02 | 002,184,597 | ---- | C] () -- C:\Users\Carol\Documents\amh.pdf
[2012/04/04 00:07:34 | 000,000,220 | ---- | C] () -- C:\Users\Carol\Documents\Amazon.rtf
[2012/04/03 15:49:14 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\EZ Cards Creator.lnk
[2012/04/02 13:35:17 | 000,326,839 | ---- | C] () -- C:\Users\Carol\Documents\AAAJACK'SSPEECH1961.zip
[2012/04/01 20:53:39 | 000,107,035 | ---- | C] () -- C:\Users\Carol\Documents\P1040479.jpg
[2012/04/01 20:49:36 | 000,104,348 | ---- | C] () -- C:\Users\Carol\Documents\P1040482.jpg
[2012/04/01 20:47:32 | 000,103,667 | ---- | C] () -- C:\Users\Carol\Documents\P1040510.jpg
[2012/04/01 19:24:02 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/04/01 19:22:52 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/04/01 19:21:40 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/04/01 19:20:52 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/04/01 19:17:45 | 000,001,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/04/01 19:17:32 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/03/30 14:06:00 | 000,631,944 | ---- | C] () -- C:\Users\Carol\Documents\Ola Langacker Robertson 1948.pdf
[2012/03/30 00:44:55 | 000,000,963 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2012/03/30 00:27:46 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2012/03/30 00:12:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job
[2012/03/30 00:12:40 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Driver Robot.lnk
[2012/03/29 23:41:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 23:36:37 | 210,051,234 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\devicemgrpro.exe
[2012/03/29 23:01:39 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Driver Manager.lnk
[2012/03/29 22:54:03 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2012/03/29 22:53:58 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/03/29 22:53:50 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2012/03/28 13:03:53 | 000,174,309 | ---- | C] () -- C:\Users\Carol\Documents\CharlesFMorrowMaryEGrahammarriageinfo.jpg
[2012/03/27 19:16:47 | 000,024,086 | ---- | C] () -- C:\Users\Carol\Documents\readme.ods
[2012/03/26 21:43:14 | 000,000,939 | ---- | C] () -- C:\Users\Carol\Desktop\EVEREST Home Edition.lnk
[2012/03/26 11:28:32 | 000,069,868 | ---- | C] () -- C:\Users\Carol\Documents\Brenda and Gerald Boucher.jpg
[2012/03/25 23:20:00 | 000,035,170 | ---- | C] () -- C:\Users\Carol\Documents\HD9850 Processor stats.ods
[2012/03/25 20:42:51 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/02/23 12:33:28 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/11 19:01:08 | 000,009,124 | -HS- | C] () -- C:\Users\Carol\AppData\Local\54e0w245m2huy6u70n6ac
[2011/12/11 19:01:08 | 000,009,124 | -HS- | C] () -- C:\ProgramData\54e0w245m2huy6u70n6ac
[2011/10/21 10:44:27 | 000,001,460 | ---- | C] () -- C:\Users\Carol\AppData\Local\d3d9caps64.dat
[2011/09/17 10:09:12 | 000,013,312 | ---- | C] () -- C:\Users\Carol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/06/04 23:02:34 | 000,891,776 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 18:05:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/10 16:38:32 | 000,004,954 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/11 19:18:02 | 000,010,240 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2011/03/12 00:40:39 | 000,000,024 | -H-- | C] () -- C:\Windows\msrgctb.ini
[2011/03/12 00:40:39 | 000,000,024 | -H-- | C] () -- C:\Windows\msrgcta.ini
[2011/03/09 16:30:06 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/02/27 17:40:18 | 000,000,268 | RH-- | C] () -- C:\Users\Carol\AppData\Roaming\Woodwinds
[2011/02/27 17:40:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet
[2011/02/27 17:40:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011/02/27 17:37:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows
[2011/02/27 17:37:58 | 000,000,268 | RH-- | C] () -- C:\Users\Carol\AppData\Roaming\Widgets
[2011/02/27 17:37:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/02/24 00:03:48 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2011/01/21 20:13:05 | 000,207,259 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/01/21 13:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011/01/09 00:44:47 | 000,000,190 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/12/17 01:51:21 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2010/11/25 03:19:39 | 000,000,000 | ---- | C] () -- C:\Windows\LucisPro.INI
[2010/10/07 19:28:31 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/15 21:45:41 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/07/09 01:31:02 | 000,168,724 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/27 21:36:14 | 000,000,088 | RHS- | C] () -- C:\ProgramData\8E4247ABF9.sys
[2010/06/27 21:36:13 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/12 23:00:29 | 000,018,758 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2010/05/12 20:34:01 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/11 10:43:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/10 14:19:51 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/05/10 14:19:11 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/05/10 14:18:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/05/10 11:50:03 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:39413AC3

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 22 April 2012 - 08:33 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
    O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found.
    O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [fsm] File not found
    O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found
    O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tbr - No CLSID value found
    O18 - Protocol\Handler\tbr - No CLSID value found
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:39413AC3  
    PRC - C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
    PRC - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    SRV - (Bandoo Coordinator) -- C:\Program Files (x86)\Bandoo\Bandoo.exe (Bandoo Media Inc.)
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
    IE:64bit: - HKLM\..\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=2&systemid=101&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
    IE - HKLM\..\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=2&systemid=101&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm036YYus&ptb=AF7236F5-6F74-44D2-96A6-FDB74E7FF46B&psa=&ind=2012020702&ptnrS=YKxdm036YYus&si=767xxxxx1f&st=sb&n=77ecffde&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.crawler.com/homepage.aspx?tbid=60347
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109930&babsrc=SP_ss&mntrId=ba18cd73000000000000001644ccc75d
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=YLC&o=102400&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QA&apn_dtid=YYYYYYYYUS&apn_uid=B4D21A9C-067C-4351-8D9F-365762560282&apn_sauid=156B612B-A64A-4700-9EB2-C643F2CBC3BA
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=2&systemid=101&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
    IE - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm036YYus&ptb=AF7236F5-6F74-44D2-96A6-FDB74E7FF46B&psa=&ind=2012020702&ptnrS=YKxdm036YYus&si=767xxxxx1f&st=sb&n=77ecffde&searchfor={searchTerms}
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 3.1 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
    FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.5
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.5
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
    FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.45
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.3
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~2\Crawler\firefox\ [2011/04/02 18:06:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\ffox@bandoo.com [2011/11/05 23:26:05 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}: C:\Users\Carol\AppData\Local\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}\ [2012/03/29 23:37:01 | 000,000,000 | ---D | M]
    [2012/03/17 16:41:05 | 000,000,000 | ---D | M] (Productivity 3.1 Community Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{9427041a-a8dc-4d06-9a68-93873486e957}
    [2011/11/05 23:26:05 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\ffox@bandoo.com
    [2011/11/25 23:46:39 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\m3ffxtbr@mywebsearch.com
    [2011/10/31 23:24:05 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\plugin@yontoo.com
    [2010/10/18 00:12:45 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\searchtoolbar@zugo.com
    [2012/04/21 14:42:21 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\toolbar@ask.com
    [2012/03/17 17:12:02 | 000,002,574 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\askcom.xml
    [2011/11/04 21:07:34 | 000,001,945 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\bing-zugo.xml
    [2011/11/06 11:37:50 | 000,000,935 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\conduit.xml
    [2011/06/24 22:28:54 | 000,001,463 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\crawlersrch.xml
    [2010/07/26 17:41:10 | 000,010,059 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\mywebsearch.xml
    [2011/12/12 01:01:39 | 000,002,520 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\SearchResults.xml
    [2011/10/30 15:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com
    [2011/10/30 15:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
    [2012/03/29 23:37:01 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\CAROL\APPDATA\LOCAL\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}
    [2006/03/22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
    [2012/03/07 14:20:03 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2011/12/12 01:01:39 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
    O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [drivermgr] C:\Users\Carol\AppData\Roaming\devicemgrpro.exe ()
    O4 - HKU\S-1-5-21-2341666821-150254017-1730323384-1000..\Run: [scvci] C:\Users\Carol\AppData\Local\Temp\scvci.dll ()
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~2\wi9130~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~2\wi9130~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
    [2012/03/25 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2011/12/11 19:01:08 | 000,009,124 | -HS- | C] () -- C:\Users\Carol\AppData\Local\54e0w245m2huy6u70n6ac
    [2011/12/11 19:01:08 | 000,009,124 | -HS- | C] () -- C:\ProgramData\54e0w245m2huy6u70n6ac
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CarolR227

CarolR227
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 22 April 2012 - 02:06 PM

The computer seems to be running okay, now. It isn't redirecting. Hopefully, it is fixed. I really appreciate all your help!




========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2E5E800E-6AC0-411E-940A-369530A35E43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ deleted successfully.
File Protocol\Handler\tbr - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ not found.
File Protocol\Handler\tbr - No CLSID value found not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:39413AC3 deleted successfully.
No active process named Program Files was found!
No active process named Program Files was found!
Service Bandoo Coordinator stopped successfully!
Service Bandoo Coordinator deleted successfully!
C:\Program Files (x86)\Bandoo\Bandoo.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}\ not found.
HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2341666821-150254017-1730323384-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B525B64-7687-4F3B-83BF-A377E46AB3B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\PROGRA~2\Crawler\firefox\ not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\ffox@bandoo.com not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}: C:\Users\Carol\AppData\Local\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}\ not found.
Folder C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
Folder C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\ffox@bandoo.com\ not found.
Folder C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\m3ffxtbr@mywebsearch.com\ not found.
Folder C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\plugin@yontoo.com\ not found.
Folder C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\searchtoolbar@zugo.com\ not found.
Folder C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\extensions\toolbar@ask.com\ not found.
File C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\askcom.xml not found.
File C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\bing-zugo.xml not found.
File C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\conduit.xml not found.
File C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\crawlersrch.xml not found.
File C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\mywebsearch.xml not found.
File C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j8774wq5.default\searchplugins\SearchResults.xml not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com folder moved successfully.
C:\USERS\CAROL\APPDATA\LOCAL\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}\chrome\content folder moved successfully.
C:\USERS\CAROL\APPDATA\LOCAL\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26}\chrome folder moved successfully.
C:\USERS\CAROL\APPDATA\LOCAL\{1D6FF1CA-7A22-11E1-826D-B8AC6F996F26} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.
C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Windows\CurrentVersion\Run\\drivermgr deleted successfully.
C:\Users\Carol\AppData\Roaming\devicemgrpro.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2341666821-150254017-1730323384-1000\Software\Microsoft\Windows\CurrentVersion\Run\\scvci deleted successfully.
C:\Users\Carol\AppData\Local\Temp\scvci.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi9130~1\datamngr\datamngr.dll deleted successfully.
c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi9130~1\datamngr\iebho.dll deleted successfully.
c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bandoo\bndhook.dll deleted successfully.
c:\Program Files (x86)\Bandoo\BndHook.dll moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Users\Carol\AppData\Local\54e0w245m2huy6u70n6ac moved successfully.
C:\ProgramData\54e0w245m2huy6u70n6ac moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Carol\Documents\Downloads\Programs\cmd.bat deleted successfully.
C:\Users\Carol\Documents\Downloads\Programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Carol
->Java cache emptied: 1515764 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Carol
->Flash cache emptied: 2852547 bytes

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.40.0 log created on 04222012_135731




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users