Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problems that may have to do with visicom_antiphishing.exe


  • This topic is locked This topic is locked
52 replies to this topic

#1 Rent_Treznor

Rent_Treznor

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 07 June 2012 - 05:48 PM

Hi,

My laptop had quite a few bsod's recently and they would usually occur right after a java update was taking place. I tried checking my hard drive with both chkdsk /f and chkdsk /r commands, but neither of them would start on reboot. My laptop isn't that old, so I just assumed the virus corrupted my autocheck file. Plus, I think the visicom_antiphishing.exe is redirecting my google searches to random sites. Any help will be much appreciated.

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 11 June 2012 - 07:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 11 June 2012 - 03:32 PM

OTL logfile created on: 6/11/2012 2:58:15 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Eric Wong\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 77.75% Memory free
6.12 Gb Paging File | 5.66 Gb Available in Paging File | 92.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 95.94 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 9.03 Gb Free Space | 61.64% Space Free | Partition Type: NTFS

Computer Name: ERICWONG-PC | User Name: Eric Wong | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/11 14:55:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Eric Wong\Desktop\OTL.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/09 20:36:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 22:18:56 | 000,229,376 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\browserhighlighter@ebay.com\_components\Shim10.dll
MOD - [2012/03/09 20:36:08 | 001,911,736 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/20 17:45:53 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/01/20 21:24:02 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atalk.dll -- (ispwdsvc)
SRV - [2012/06/07 07:13:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/04/04 13:42:28 | 000,662,096 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/10 09:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 09:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/09/07 15:27:04 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Stopped] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/08/14 23:03:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/03 14:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/06/07 16:01:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/12/27 20:45:07 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/19 17:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/12/30 21:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 21:23:20 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/04/12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AEAB2992-1CB0-40DD-8FD6-1841096F0F45}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=5C24703180E9AFF30066034FD0C04041&tbp=homepage
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes,DefaultScope = {19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={6072E0D5-6002-4adb-9C2E-27BF68007B10}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{32564CED-2EF8-466A-900C-38D268CF8C4A}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=5C24703180E9AFF30066034FD0C04041&q={searchTerms}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{8F1E2C3C-6514-475b-BCC4-A1E7FE8D813D}: "URL" = http://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{AA51F0EC-0832-4925-8F1B-5214420B9D2A}: "URL" = http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{AEAB2992-1CB0-40DD-8FD6-1841096F0F45}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\{E7CE32B6-146A-4CD5-848F-DFD2B4115022}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^YY^US&apn_uid=083ed923-1b2d-4af3-b520-b981963c9bb7&apn_sauid=9D86EF2A-0622-4236-A3D3-376E1D1E17E5
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.order.2: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Plasmoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://plasmoo.com"
FF - prefs.js..extensions.enabledItems: {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.035
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: caaphishtoolbar@ca.com:2.0.0.111
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..keyword.URL: "http://plasmoo.com/index.htm?SearchMashine=true&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eric Wong\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric Wong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric Wong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/13 11:59:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/24 22:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/20 22:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/20 22:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/06/07 15:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 09:53:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 10:01:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2009/09/14 17:01:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Eric Wong\AppData\Roaming\Move Networks [2009/11/01 13:43:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/24 22:29:16 | 000,000,000 | ---D | M]

[2009/09/07 15:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Extensions
[2012/06/07 09:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions
[2010/05/02 12:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/02 12:22:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/07 09:53:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/06/07 09:53:06 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2012/06/07 09:53:38 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/08/16 10:34:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/06/07 09:53:40 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/06/11 14:52:41 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\browserhighlighter@ebay.com
[2011/08/15 05:57:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\engine@conduit.com
[2011/05/01 14:55:09 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\engine@plasmoo.com
[2012/06/07 09:52:48 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\plugin@yontoo.com
[2012/06/07 08:15:44 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\extensions\toolbar@ask.com
[2009/09/14 16:16:56 | 000,004,212 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\aim-search.xml
[2012/06/11 14:52:25 | 000,002,576 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\askcom.xml
[2011/01/23 02:46:01 | 000,001,832 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\bing.xml
[2011/01/22 23:52:30 | 000,000,863 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\conduit.xml
[2009/12/27 20:49:04 | 000,002,055 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\daemon-search.xml
[2009/12/14 23:25:17 | 000,005,413 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\fast-browser-search.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Eric Wong\AppData\Roaming\Mozilla\Firefox\Profiles\k9ermor5.default\searchplugins\plasmoo.xml
[2012/03/16 16:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 20:14:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/12/14 23:32:38 | 000,000,000 | ---D | M] ("My.Freeze.com NetAssistant") -- C:\Program Files\Mozilla Firefox\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483}
[2011/08/22 17:09:29 | 000,368,735 | ---- | M] () (No name found) -- C:\USERS\ERIC WONG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9ERMOR5.DEFAULT\EXTENSIONS\{0200C2A9-70DA-4F6D-B527-F5F7D7877228}.XPI
[2011/08/14 06:35:34 | 000,145,972 | ---- | M] () (No name found) -- C:\USERS\ERIC WONG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9ERMOR5.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
[2012/03/09 20:36:40 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006/10/26 16:13:26 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/02/28 17:52:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/03/09 20:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/07 09:53:05 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/03/09 20:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: DivX HiQ = C:\Users\Eric Wong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 <video> = C:\Users\Eric Wong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120607102305.dll (McAfee, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\Run: [HomefeedMicrosoft] c:\users\eric wong\appdata\local\microsoft\feeds\microsoft feeds~\homefeedmicrosoft.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\Run: [YourBarra] c:\users\eric wong\music\itunes\itunes media\music\habib koité and bamada\muso ko\yourbarra.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [AzadBlockschrift] C:\Users\Eric Wong\Desktop\001804 - Azad - ''Blockschrift'' [2007]_www.FRURap.ru\Azad - ''Blockschrift'' [2007]_www.FRURap.ru\AzadBlockschrift.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [BlackboardTerminology] C:\Users\Eric Wong\AppData\Local\Temp\svchost.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [BlackboardTerminology23281] c:\users\ericwo~1\appdata\local\temp\svchost.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [HomefeedMicrosoft] c:\users\eric wong\appdata\local\microsoft\feeds\microsoft feeds~\homefeedmicrosoft.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [LayouthNavigation] C:\Users\Eric Wong\AppData\Local\SupportSoft\dellcomms\Eric Wong\data\6498fe34-1874-4ead-9b2b-8a58f4cb58c1\68c94370-8778-4728-811e-41d155fd12c6.3\LayouthNavigation.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [MicrosoftHomefeed] c:\users\eric wong\appdata\local\microsoft\feeds\microsoft feeds~\homefeedmicrosoft.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [NavigationLayouth10530] c:\users\eric wong\appdata\local\supportsoft\dellcomms\eric wong\data\6498fe34-1874-4ead-9b2b-8a58f4cb58c1\68c94370-8778-4728-811e-41d155fd12c6.3\layouthnavigation.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [TerminologyBlackboard] c:\users\eric wong\appdata\local\temp\svchost.exe File not found
O4 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000..\RunServices: [YourBarra] C:\Users\Eric Wong\Music\iTunes\iTunes Media\Music\Habib Koité and Bamada\Muso Ko\YourBarra.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Eric Wong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1339997576-1639469754-3082320652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Eric Wong\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eric Wong\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC062657-C7C1-415D-8D33-5B8220202402}: DhcpNameServer = 192.168.2.1 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA1D4D9F-A73C-416C-A9E0-F464508331D9}: DhcpNameServer = 192.168.2.1 209.18.47.62
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{069d12b8-9c4f-11de-8fc1-0025644f65a3}\Shell - "" = AutoRun
O33 - MountPoints2\{069d12b8-9c4f-11de-8fc1-0025644f65a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3234b739-cea3-11de-a777-0025644f65a3}\Shell - "" = AutoRun
O33 - MountPoints2\{3234b739-cea3-11de-a777-0025644f65a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{409dc981-2cef-11df-b32e-0025644f65a3}\Shell - "" = AutoRun
O33 - MountPoints2\{409dc981-2cef-11df-b32e-0025644f65a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5e5951e3-9b59-11de-affd-0025644f65a3}\Shell - "" = AutoRun
O33 - MountPoints2\{5e5951e3-9b59-11de-affd-0025644f65a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8f70a74f-bdd2-11de-b54f-0025644f65a3}\Shell - "" = AutoRun
O33 - MountPoints2\{8f70a74f-bdd2-11de-b54f-0025644f65a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9f40d3ed-9f66-11de-9fc0-0025644f65a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9f40d3ed-9f66-11de-9fc0-0025644f65a3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: AzadBlockschrift - hkey= - key= - File not found
MsConfig - StartUpReg: BarraYour - hkey= - key= - File not found
MsConfig - StartUpReg: BitTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DW6 - hkey= - key= - File not found
MsConfig - StartUpReg: LayouthNavigation - hkey= - key= - File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: OA009Cfg.exe - hkey= - key= - C:\Windows\OA009Cfg.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: tbhSystray - hkey= - key= - C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: CX88AUD - File not found
NetSvcs: ispwdsvc - %systemroot%\system32\atalk.dll File not found
NetSvcs: a016bus - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 17:17:05 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/11 14:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/11 14:55:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Eric Wong\Desktop\OTL.exe
[2012/06/07 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Eric Wong\AppData\Roaming\uTorrent
[2012/06/07 10:53:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/07 10:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/07 10:52:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/07 10:23:05 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2012/06/07 10:23:02 | 000,169,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2012/06/07 10:23:02 | 000,064,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2012/06/07 10:23:01 | 000,340,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012/06/07 10:23:01 | 000,180,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012/06/07 10:23:01 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012/06/07 10:23:01 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012/06/07 10:23:01 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2012/06/07 10:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2012/06/07 10:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/06/07 10:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/06/07 09:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/07 09:53:09 | 000,000,000 | ---D | C] -- C:\Users\Eric Wong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/06/07 09:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/06/07 09:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_031
[2012/06/07 09:52:48 | 000,000,000 | ---D | C] -- C:\Users\Eric Wong\AppData\Local\blekkotb_031
[2012/06/07 09:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/06/07 09:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/06/07 09:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/07 09:19:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/07 09:02:46 | 000,151,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[8 C:\Users\Eric Wong\Documents\*.tmp files -> C:\Users\Eric Wong\Documents\*.tmp -> ]
[434 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[282 C:\Users\Eric Wong\AppData\Local\Temp\*.tmp files -> C:\Users\Eric Wong\AppData\Local\Temp\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Eric Wong\*.tmp files -> C:\Users\Eric Wong\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/11 14:57:17 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/06/11 14:55:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Eric Wong\Desktop\OTL.exe
[2012/06/11 14:55:15 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/11 14:55:15 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/11 14:50:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 14:46:21 | 000,001,356 | ---- | M] () -- C:\Users\Eric Wong\AppData\Local\d3d9caps.dat
[2012/06/11 14:22:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51AA6E0C-6691-4B60-830E-9E7D04CFF81E}.job
[2012/06/11 14:21:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 14:21:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 23:31:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 23:29:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1339997576-1639469754-3082320652-1000UA.job
[2012/06/07 20:31:05 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 20:29:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1339997576-1639469754-3082320652-1000Core.job
[2012/06/07 16:01:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/06/07 15:58:13 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\SpeedOptimizer Startup.job
[2012/06/07 15:58:12 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/06/07 10:54:21 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 09:53:10 | 000,001,059 | ---- | M] () -- C:\Users\Eric Wong\Desktop\Revo Uninstaller.lnk
[2012/06/07 00:27:02 | 339,446,411 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/06 22:11:16 | 000,002,064 | ---- | M] () -- C:\Users\Eric Wong\Desktop\Google Chrome.lnk
[2012/06/06 22:11:16 | 000,002,026 | ---- | M] () -- C:\Users\Eric Wong\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/06 22:01:35 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[8 C:\Users\Eric Wong\Documents\*.tmp files -> C:\Users\Eric Wong\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Eric Wong\*.tmp files -> C:\Users\Eric Wong\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 10:54:21 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 10:30:45 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/06/07 09:53:10 | 000,001,059 | ---- | C] () -- C:\Users\Eric Wong\Desktop\Revo Uninstaller.lnk
[2012/06/07 09:27:33 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/06/07 09:27:33 | 000,001,815 | ---- | C] () -- C:\Users\Eric Wong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/06/07 02:17:58 | 000,115,712 | ---- | C] () -- C:\Windows\Temp\16853.@
[2012/06/07 02:17:58 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\16448.@
[2012/06/07 02:17:58 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\15988.@
[2012/06/07 02:17:57 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\15174.@
[2012/06/07 02:17:57 | 000,001,536 | ---- | C] () -- C:\Windows\Temp\14665.@
[2012/06/07 02:17:57 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\15579.@
[2012/06/07 02:06:10 | 000,115,712 | ---- | C] () -- C:\Windows\Temp\29329.@
[2012/06/07 02:06:09 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\26528.@
[2012/06/07 02:06:09 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\29075.@
[2012/06/07 02:06:09 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\28516.@
[2012/06/07 02:06:09 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\27752.@
[2012/06/07 02:06:08 | 000,001,536 | ---- | C] () -- C:\Windows\Temp\25407.@
[2012/05/16 20:22:23 | 000,115,200 | ---- | C] () -- C:\Windows\Temp\467.@
[2012/05/16 20:22:23 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\32216.@
[2012/05/16 20:22:22 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\28852.@
[2012/05/16 20:22:22 | 000,066,560 | ---- | C] () -- C:\Windows\Temp\31400.@
[2012/05/16 20:22:22 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\30482.@
[2012/05/16 20:22:21 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\28242.@
[2012/03/16 20:08:06 | 000,115,686 | ---- | C] () -- C:\Windows\System32\itldvupd.dat
[2012/03/16 20:08:06 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/03/09 17:38:48 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\9392.@
[2012/03/09 17:38:48 | 000,073,216 | ---- | C] () -- C:\Windows\Temp\10868.@
[2012/03/09 17:38:48 | 000,066,048 | ---- | C] () -- C:\Windows\Temp\10104.@
[2012/03/09 17:38:48 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\10460.@
[2012/03/09 17:38:48 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\8932.@
[2012/03/09 17:38:48 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\9748.@
[2012/03/09 17:32:49 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\17546.@
[2012/03/09 17:32:49 | 000,073,216 | ---- | C] () -- C:\Windows\Temp\19023.@
[2012/03/09 17:32:49 | 000,066,048 | ---- | C] () -- C:\Windows\Temp\18311.@
[2012/03/09 17:32:49 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\18667.@
[2012/03/09 17:32:49 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\17187.@
[2012/03/09 17:32:49 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\17902.@
[2012/01/26 11:02:45 | 000,077,312 | ---- | C] () -- C:\Windows\Temp\15222.@
[2012/01/26 11:02:45 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\14814.@
[2012/01/26 11:02:45 | 000,011,264 | ---- | C] () -- C:\Windows\Temp\14357.@
[2012/01/26 11:02:44 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\13390.@
[2012/01/26 11:02:44 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\12982.@
[2012/01/26 11:02:44 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\13746.@
[2012/01/26 10:54:29 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\347.@
[2012/01/26 10:54:29 | 000,077,312 | ---- | C] () -- C:\Windows\Temp\2283.@
[2012/01/26 10:54:29 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\1875.@
[2012/01/26 10:54:29 | 000,011,264 | ---- | C] () -- C:\Windows\Temp\804.@
[2012/01/26 10:54:29 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\703.@
[2012/01/26 10:54:28 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\32706.@
[2011/12/27 10:30:30 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\9885.@
[2011/12/27 10:30:30 | 000,077,312 | ---- | C] () -- C:\Windows\Temp\11057.@
[2011/12/27 10:30:30 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\10649.@
[2011/12/27 10:30:30 | 000,011,264 | ---- | C] () -- C:\Windows\Temp\10346.@
[2011/12/27 10:30:30 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\9581.@
[2011/12/27 10:30:30 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\10039.@
[2011/12/27 10:21:37 | 000,224,768 | ---- | C] () -- C:\Windows\Temp\6009.@
[2011/12/27 10:21:37 | 000,077,312 | ---- | C] () -- C:\Windows\Temp\7485.@
[2011/12/27 10:21:37 | 000,012,800 | ---- | C] () -- C:\Windows\Temp\7028.@
[2011/12/27 10:21:37 | 000,011,264 | ---- | C] () -- C:\Windows\Temp\6620.@
[2011/12/27 10:21:37 | 000,002,048 | ---- | C] () -- C:\Windows\Temp\5653.@
[2011/12/27 10:21:37 | 000,001,024 | ---- | C] () -- C:\Windows\Temp\6212.@
[2011/12/26 16:03:54 | 000,097,792 | ---- | C] () -- C:\Users\Eric Wong\AppData\Local\Temp\30450.@
[2011/12/26 16:03:54 | 000,012,800 | ---- | C] () -- C:\Users\Eric Wong\AppData\Local\Temp\30143.@
[2011/12/26 16:03:53 | 000,224,768 | ---- | C] () -- C:\Users\Eric Wong\AppData\Local\Temp\29225.@
[2011/12/26 16:03:53 | 000,011,264 | ---- | C] () -- C:\Users\Eric Wong\AppData\Local\Temp\29836.@
[2011/12/26 16:03:53 | 000,002,048 | ---- | C] () -- C:\Users\Eric Wong\AppData\Local\Temp\28869.@
[2011/12/26 16:03:53 | 000,001,024 | ---- | C] () -- C:\Users\Eric Wong\AppData\Local\Temp\29431.@
[2011/01/22 23:43:33 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/11/19 17:33:03 | 000,000,010 | ---- | C] () -- C:\Users\Eric Wong\AppData\Roaming\install
[2010/10/29 22:25:18 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2010/08/25 22:14:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/25 22:14:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/18 17:29:30 | 000,001,176 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/07/16 09:19:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/04/11 12:59:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 12:59:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 12:59:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\$Recycle.Bin\S-1-5-21-1339997576-1639469754-3082320652-1000\$RIPLDD4\Windows\System32\wininit.exe
[2008/01/19 03:51:08 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\$Recycle.Bin\S-1-5-21-1339997576-1639469754-3082320652-1000\$RIPLDD4\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\$Recycle.Bin\S-1-5-21-1339997576-1639469754-3082320652-1000\$RIPLDD4\Windows\System32\winlogon.exe
[2008/01/19 03:52:42 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\$Recycle.Bin\S-1-5-21-1339997576-1639469754-3082320652-1000\$RIPLDD4\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB50903$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 12 June 2012 - 08:35 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 13 June 2012 - 03:22 PM

I'm sorry that I didn't attach any combofix logs yet, but I have to get passed this issue in order to get the logs. I first ran combofix in safe mode and it said it detected real time ca anti virus scanners running in the background. The problem is that I uninstalled my CA antivirus package a while ago and I even deleted all content in the CA folder and used supportbridge.exe to get rid of the other content in the registry. I continued to run combofix despite the real time scanner message and after half a day or so, it still couldn't get passed the "scanning for infected files" stage. If the real time scanners are causing the problem, then I'm stuck, because I can't find a way to disable them.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 14 June 2012 - 11:19 AM

Hi,

now, this should not affect your scan time and since it is no longer installed, you can ignore it. Could you please abort the scan, reboot and try again. Let me know if it takes moe than an hour.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 15 June 2012 - 12:13 PM

Ok, I redid the combofix scan for infected files and left it on for approximately a day. When I came back, there was a message saying that combofix had detected a rootkit and needs to reboot. So I rebooted in both safe mode and normal mode, but the mouse and keyboard won't function on the login screen. I even tried using the system restore that the combofix made, but it seems that the system restore function on my computer was corrupted. I have an inkling that the logs were made, I just can't get anywhere without the mouse and keyboard functionality.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 18 June 2012 - 03:26 AM

Hi,

sorry for the delay. I had to travel over the week-end.

Do you have an alternate keyboard you could try to use? They keyboard is working on the boot menu right? To select safe mode/normal mode?

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Startup Repair
[/list]
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 24 June 2012 - 02:06 PM

I apologize for the wait. The one laptop which had my login info was being repaired and I couldn't remember my password off the top of my head. Currently, I'm running the installation disc and the system repair, so I will reply with the results.

#10 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 25 June 2012 - 10:30 PM

Ok, so I tried to do a startup repair with my windows vista installation disc and I was still surprised that it couldn't fix the boot up errors automatically. I think another instance of the same OS was installed somehow when I was trying to repair, so at boot up I currently have two OS's to choose from. The working OS I reckon is using a recovery hard drive to operate, but I can still access all my previous files, it's just that now they relocated from drive C: to D:. The corrupted OS that I mentioned before I don't think has changed because it still won't allow me to use my keyboard and mousepad. Unfortunately, I cannot find any combofix logs for you to analyze.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 26 June 2012 - 05:35 AM

Hi,

did startup repair say that it could not fix the issue? Did it tell you what the problem was?

For the ComboFix log, please check fi there's a ComboFix.txt in the root of D:\ and if there isn't please let me know if there's a folder called ComboFix there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 29 June 2012 - 02:05 PM

The advanced options in the startup didn't find a root cause. As for the root of the D:\, I couldn't find the combofix.txt, but there is a combofix folder in the directory.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 01 July 2012 - 07:26 AM

Hi,

can you zip that folder and attach it for me? (If it is too big please upload it here: link

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Rent_Treznor

Rent_Treznor
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 01 July 2012 - 01:07 PM

Sorry, but my zip file exceeds the 5mb limit for your link.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:02 PM

Posted 02 July 2012 - 03:51 AM

Hi,

How big is it exactly? If you are comfortable with that, please upload it to a filesharer of your choice, for example 4shared.com, and give me the link to it. Be sure to keep the removal link, so that you can delete it once I have the files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users