Jump to content

Was told to post these logs here Problem removing virus


jackpot316
 Share

Recommended Posts

I USED MALWAREBYTES and it found a bunch of problems I removed them and rebooted and got the blue screen windows error took hours to get back running had to do a windows repair using my windows xp disc this happened 2 times till I figured out why ....The bugs I was removing was attched to some windows files or regstry settings that caused the fatal error please help me on this I am stuck on this one.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2Run by Administrator at 12:09:31 on 2013-01-19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1548 [GMT -5:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Free Firewall Firewall *Disabled*.============== Running Processes ================.C:Program FilesAVAST SoftwareAvastAvastSvc.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32acs.exeC:WINDOWSExplorer.EXEC:Documents and SettingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASCORE.EXEC:WINDOWSsystem32cisvc.exeC:WINDOWSsystem32inetsrvinetinfo.exeC:Program FilesJavajre7binjqs.exeC:Program FilesAVAST SoftwareAvastavastUI.exeC:Program FilesTP-LINKQSSjswpbapi.exeC:WINDOWSsystem32nvsvc32.exeC:Program FilesPCPitstopPCPitstopScheduleService.exeC:WINDOWSSystem32snmp.exeC:WINDOWSsystem32SearchIndexer.exeC:WINDOWSsystem32wuauclt.exeC:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exeC:Program FilesWindows Media PlayerWMPNetwk.exeC:DOCUME~1ADMINI~1LOCALS~1Tempnsm4.tmpns5.tmpC:WINDOWSsystem32wbemwmiprvse.exeC:WINDOWSSystem32alg.exeC:DOCUME~1ADMINI~1LOCALS~1Tempnsm4.tmpPEV.DATC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k WudfServiceGroupC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSSystem32svchost.exe -k HTTPFilterC:WINDOWSsystem32svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: <No Name>: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - c:program filesutilitychest_49bar1.bin49SrcAs.dlluURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Search Assistant BHO: {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - c:program filesutilitychest_49bar1.bin49SrcAs.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:documents and settingsall usersapplication datarealnetworksrealdownloaderbrowserpluginsierndlbrowserrecordplugin.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroy 2SDHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dllBHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:program filescheckpointzaforcefieldtrustcheckerbinTrustCheckerIEPlugin.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:program filesavg secure search13.2.0.5AVG Secure Search_toolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dllTB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:program filescheckpointzaforcefieldtrustcheckerbinTrustCheckerIEPlugin.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:program filescheck point software technologies ltdzonealarm1.5.20.3zonealarmTlbr.dllTB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - c:program filesutilitychest_49bar1.bin49bar.dllTB: Photopos Toolbar: {59509308-4e15-4619-8e8d-0154e1588cdd} - c:program filesphotopostbphotoposDx.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesavast softwareavastaswWebRepIE.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:program filesavg secure search13.2.0.5AVG Secure Search_toolbar.dllTB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:program filescheckpointzaforcefieldtrustcheckerbinTrustCheckerIEPlugin.dllmRun: [avast] "c:program filesavast softwareavastavastUI.exe" /noguimRun: [iSW] "c:program filescheckpointzaforcefieldForceField.exe" /icon="hidden"mRun: [ZoneAlarm] c:program filescheckpointzonealarmzatray.exemRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartupuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroy 2SDHelper.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350084045015DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342055826156DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dllTCP: NameServer = 101.1.230.1 208.67.220.220TCP: Interfaces{81D8F5D5-5FD9-4BFC-A442-A1C46E890872} : DHCPNameServer = 101.1.230.1 208.67.220.220Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program filescommon filesavg secure searchviprotocolinstaller13.2.0ViProtocol.dllNotify: LBTWlgn - c:program filescommon fileslogishrdbluetoothLBTWlgn.dllNotify: SDWinLogon - SDWinLogon.dllAppInit_DLLs= c:progra~1wi371a~1datamngrdatamngr.dll c:progra~1wi371a~1datamngrIEBHO.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dllSEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:documents and settingsrobbydesktopasstdownloadssuperantispywareSASSEH.DLLLSA: Authentication Packages = msv1_0 nwprovaumASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication24.0.1312.52installersetup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:documents and settingsadministratorapplication datamozillafirefoxprofileso6rias0p.defaultFF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - BingFF - prefs.js: browser.startup.homepage - www.google.comFF - plugin: c:documents and settingsadministratorapplication datamozillapluginsnp-mswmp.dllFF - plugin: c:documents and settingsall usersapplication datarealnetworksrealdownloaderbrowserpluginsmozillapluginsnprndlchromebrowserrecordext.dllFF - plugin: c:documents and settingsall usersapplication datarealnetworksrealdownloaderbrowserpluginsmozillapluginsnprndlhtml5videoshim.dllFF - plugin: c:documents and settingsall usersapplication datarealnetworksrealdownloaderbrowserpluginsmozillapluginsnprndlpepperflashvideoshim.dllFF - plugin: c:documents and settingsall usersapplication datarealnetworksrealdownloaderbrowserpluginsnpdlplugin.dllFF - plugin: c:progra~1meadco~1npmeadax.dllFF - plugin: c:program filesadobereader 11.0readerairnppdf32.dllFF - plugin: c:program filesadobereader 11.0readerbrowsernppdf32(2).dllFF - plugin: c:program filescheckpointzaforcefieldtrustcheckerbinnpFFApi.dllFF - plugin: c:program filescommon filesavg secure searchsitesafetyinstaller13.2.0npsitesafety.dllFF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dllFF - plugin: c:program filesgoogleupdate1.3.21.124npGoogleUpdate3.dllFF - plugin: c:program filesjavajre7binplugin2npjp2.dllFF - plugin: c:program filesmicrosoft silverlight5.1.10411.0npctrlui.dllFF - plugin: c:program filesmozilla firefoxpluginsnprpplugin.dllFF - plugin: c:program filesrealrealplayernetscape6nprpplugin.dllFF - plugin: c:program filestelevisionfanaticbar1.binNP64Stub.dllFF - plugin: c:program filesutilitychest_49bar1.binNP49Stub.dllFF - plugin: c:program fileswindows livephoto galleryNPWLPG.dllFF - plugin: c:windowssystem32adobedirectornp32dsw_1166636.dllFF - plugin: c:windowssystem32adobedirectornp32dsw_1167637.dllFF - plugin: c:windowssystem32adobedirectornp32dsw_1168638.dllFF - plugin: c:windowssystem32macromedflashNPSWF32_11_5_502_146.dllFF - plugin: c:windowssystem32npdeployJava1.dllFF - plugin: c:windowssystem32npptools.dllFF - ExtSQL: 2012-12-16 15:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:documents and settingsadministratorapplication datamozillafirefoxprofileso6rias0p.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF - ExtSQL: 2012-12-19 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:program filescheckpointzaforcefieldTrustCheckerFF - ExtSQL: 2012-12-26 18:30; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:documents and settingsall usersapplication datarealnetworksrealdownloaderbrowserpluginsfirefoxExtFF - ExtSQL: !HIDDEN! 2012-04-15 23:28; 49ffxtbr@UtilityChest_49.com; c:program filesutilitychest_49bar1.bin.---- FIREFOX POLICIES ----FF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.request.max-start-delay - 0FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 8FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: browser.turbo.enabled - trueFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.chrome.favicons - falseFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.cache.memory.capacity - 65536FF - user.js: content.notify.ontimer - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 1800000FF - user.js: content.switch.threshold - 600000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0FF - user.js: extensions.funmoods.hmpg - trueFF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543FF - user.js: extensions.funmoods.dfltSrch - trueFF - user.js: extensions.funmoods.srchPrvdr - SearchFF - user.js: extensions.funmoods.dnsErr - trueFF - user.js: extensions.funmoods_i.newTab - trueFF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543&q=FF - user.js: extensions.funmoods.id - 74EA3A945BD0187AFF - user.js: extensions.funmoods.instlDay - 15666FF - user.js: extensions.funmoods.vrsn - 1.5.23.22FF - user.js: extensions.funmoods.vrsni - 1.5.23.22FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:45:51FF - user.js: extensions.funmoods.prtnrId - funmoodsFF - user.js: extensions.funmoods.prdct - funmoodsFF - user.js: extensions.funmoods.aflt - downloadFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods.tlbrId - baseFF - user.js: extensions.funmoods.instlRef - downloadFF - user.js: extensions.funmoods.dfltLng -FF - user.js: extensions.funmoods.excTlbr - falseFF - user.js: extensions.funmoods.autoRvrt - falseFF - user.js: extensions.funmoods.envrmnt - productionFF - user.js: extensions.funmoods.isdcmntcmplt - trueFF - user.js: extensions.funmoods.mntrvrsn - 1.3.0FF - user.js: network.protocol-handler.warn-external.dnupdate - falseFF - user.js: nglayout.initialpaint.delay - 600FF - user.js: content.notify.interval - 600000.============= SERVICES / DRIVERS ===============.R0 SmartDefragDriver;SmartDefragDriver;c:windowssystem32driversSmartDefragDriver.sys [2012-12-29 14776]R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2012-4-22 738504]R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2012-4-22 361032]R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [2012-9-29 26984]R1 HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;c:windowssystem32driversHMFAxCoreaed040d8b011ae0c1b8fadee8e6de745.sys [2012-12-30 24064]R1 SASDIFSV;SASDIFSV;c:documents and settingsrobbydesktopasstdownloadssuperantispywareSASDIFSV.SYS [2011-2-19 12880]R1 SASKUTIL;SASKUTIL;c:documents and settingsrobbydesktopasstdownloadssuperantispywareSASKUTIL.SYS [2011-2-19 67664]R1 sbaphd;sbaphd;c:windowssystem32driverssbaphd.sys [2012-6-30 21240]R1 Vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2012-11-7 527408]R2 !SASCORE;SAS Core Service;c:documents and settingsrobbydesktopasstdownloadssuperantispywareSASCORE.EXE [2011-2-19 116608]R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2012-4-22 21256]R2 avast! Antivirus;avast! Antivirus;c:program filesavast softwareavastAvastSvc.exe [2012-4-22 44808]R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2011-3-14 54760]R2 jswpbapi;JumpStart Push-Button Service;c:program filestp-linkqssjswpbapi.exe [2011-2-19 188416]R2 LBeepKE;Logitech Beep Suppression Driver;c:windowssystem32driversLBeepKE.sys [2011-3-27 12216]R2 PCPitstop Scheduling;PCPitstop Scheduling;c:program filespcpitstopPCPitstopScheduleService.exe [2011-2-19 86216]R2 Scutum50;Scutum50 NDIS Protocol Driver;c:windowssystem32driversScutum50.sys [2011-12-26 19072]R3 AR9271;Wireless Network Adapter Service;c:windowssystem32driversathuw.sys [2011-2-19 1714176]R3 Egatebus;Egatebus;c:windowssystem32driversegatebus.sys [2006-5-19 15328]R3 Egaterdr;Egaterdr;c:windowssystem32driversegaterdr.sys [2006-5-19 13440]R3 JSWSCIMD;jswscimd Service;c:windowssystem32driversjswscimd.sys [2011-2-19 57440]S0 Lbd;Lbd;c:windowssystem32driverslbd.sys --> c:windowssystem32driversLbd.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]S2 FLPService;File Lock Pro Service;c:program filesfilelockproFLPService.exe [2012-12-30 245736]S2 SpyHunter 4 Service;SpyHunter 4 Service;c:progra~1enigma~1spyhun~1SH4SER~1.EXE [2012-10-8 766400]S2 UtilityChest_49Service;Utility ChestService;c:progra~1utilit~2bar1.bin49barsvc.exe [2012-4-15 42504]S2 vsmon;TrueVector Internet Monitor;c:program filescheckpointzonealarmvsmon.exe -service --> c:program filescheckpointzonealarmvsmon.exe -service [?]S3 Ambfilt;Ambfilt;c:windowssystem32driversambfilt.sys --> c:windowssystem32driversAmbfilt.sys [?]S3 Andbus;LGE Android Platform Composite USB Device;c:windowssystem32driverslgandbus.sys [2010-12-7 14336]S3 AndDiag;LGE Android Platform USB Serial Port;c:windowssystem32driverslganddiag.sys [2010-12-7 20736]S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:windowssystem32driverslgandgps.sys [2010-12-7 20096]S3 ANDModem;LGE Android Platform USB Modem;c:windowssystem32driverslgandmodem.sys [2010-12-7 25088]S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:windowssystem32driverslgandnetdiag.sys [2011-2-23 23168]S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:windowssystem32driverslgandnetgps.sys [2011-2-23 22272]S3 ANDNetModem;LGE AndroidNet USB Modem;c:windowssystem32driverslgandnetmodem.sys [2011-2-23 28032]S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:windowssystem32driverslgandnetndis.sys [2011-2-23 70016]S3 BS_DEF;BS_DEF;c:program filesasusasusupdateBS_DEF.sys [2011-2-20 13312]S3 esgiguard;esgiguard;c:program filesenigma software groupspyhunteresgiguard.sys [2011-5-6 13904]S3 EsgScanner;EsgScanner;c:windowssystem32driversEsgScanner.sys [2012-6-22 19984]S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-4-28 704872]S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:program filestp-linkqssjswpsapi.exe [2011-2-19 360529]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:program filesmicrosoft fix it centerMatsvc.exe [2011-6-13 267568]S3 NAUpdate;@c:program filesneroupdatenasvc.exe,-200;c:program filesneroupdateNASvc.exe [2010-5-4 503080]S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:program fileseeye digital securityretina wireless scannerPCANDIS5_WIFISCAN.SYS [2004-6-3 22131]S3 RalinkRegistryWriter;Ralink Registry Writer;c:program filesralinkcommonRaRegistry.exe [2011-12-26 185632]S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:program filesrealnetworksrealdownloaderrndlresolversvc.exe [2012-11-29 38608]S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:program filesspybot - search & destroy 2SDFSSvc.exe [2012-12-1 1103392]S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:program filesspybot - search & destroy 2SDUpdSvc.exe [2012-12-1 1369624]S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:program filesspybot - search & destroy 2SDWSCSvc.exe [2012-12-1 168384]S3 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:program filescommon filesavg secure searchvtoolbarupdater13.2.0ToolbarUpdater.exe [2012-11-4 711112]S3 WinRM;Windows Remote Management (WS-Management);c:windowssystem32svchost.exe -k WINRM [2006-2-28 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2013-01-19 13:12:25 -------- d-----w- c:documents and settingsall usersapplication dataSUPERAntiSpyware.com2013-01-19 13:12:25 -------- d-----w- c:documents and settingsadministratorapplication dataSUPERAntiSpyware.com2013-01-19 08:33:33 110080 ----a-r- c:documents and settingsadministratorapplication datamicrosoftinstaller{ddabc667-56b3-4122-82b0-2f5782ea2f9a}IconF7A21AF7.exe2013-01-19 08:33:33 110080 ----a-r- c:documents and settingsadministratorapplication datamicrosoftinstaller{ddabc667-56b3-4122-82b0-2f5782ea2f9a}IconD7F16134.exe2013-01-19 08:33:33 110080 ----a-r- c:documents and settingsadministratorapplication datamicrosoftinstaller{ddabc667-56b3-4122-82b0-2f5782ea2f9a}IconCF33A0CE.exe2013-01-19 08:33:27 -------- d-----w- C:sh4ldr2013-01-19 08:33:27 -------- d-----w- c:program filesEnigma Software Group2013-01-19 08:33:07 -------- d-----w- c:windowsDDABC66756B3412282B02F5782EA2F9A.TMP2013-01-19 00:33:18 290560 -c----w- c:windowssystem32dllcacheatmfd.dll2013-01-19 00:32:49 630272 -c----w- c:windowssystem32dllcachemsfeeds.dll2013-01-19 00:32:49 55296 -c----w- c:windowssystem32dllcachemsfeedsbs.dll2013-01-19 00:32:49 247808 -c----w- c:windowssystem32dllcacheieproxy.dll2013-01-19 00:32:48 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll2013-01-19 00:32:48 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll2013-01-19 00:32:48 2000384 -c----w- c:windowssystem32dllcacheiertutil.dll2013-01-19 00:32:48 12800 -c----w- c:windowssystem32dllcachexpshims.dll2013-01-19 00:32:46 11111424 -c----w- c:windowssystem32dllcacheieframe.dll2013-01-19 00:26:23 139784 -c----w- c:windowssystem32dllcacherdpwd.sys2013-01-19 00:19:02 456320 -c----w- c:windowssystem32dllcachemrxsmb.sys2013-01-19 00:18:51 10496 -c----w- c:windowssystem32dllcachendistapi.sys2013-01-19 00:18:01 105472 -c----w- c:windowssystem32dllcachemup.sys2013-01-19 00:17:54 471552 -c----w- c:windowssystem32dllcacheaclayers.dll2013-01-19 00:08:55 40960 -c----w- c:windowssystem32dllcachendproxy.sys2013-01-19 00:08:12 45568 -c----w- c:windowssystem32dllcachewab.exe2013-01-19 00:07:41 590848 -c----w- c:windowssystem32dllcacherpcrt4.dll2013-01-19 00:06:07 978944 -c----w- c:windowssystem32dllcachemfc42.dll2013-01-19 00:06:07 953856 -c----w- c:windowssystem32dllcachemfc40u.dll2013-01-18 23:51:22 617472 -c----w- c:windowssystem32dllcachecomctl32.dll2013-01-18 23:48:55 369664 -c----w- c:windowssystem32dllcacheasp51.dll2013-01-18 23:48:51 257024 -c----w- c:windowssystem32dllcacheinfocomm.dll2013-01-18 23:48:35 3558912 -c----w- c:windowssystem32dllcachemoviemk.exe2013-01-18 23:47:16 456704 -c----w- c:windowssystem32dllcachesmtpsvc.dll2013-01-18 23:47:15 744448 -c----w- c:windowssystem32dllcachehelpsvc.exe2013-01-18 23:42:56 81920 -c----w- c:windowssystem32dllcachefontsub.dll2013-01-18 23:42:56 119808 -c----w- c:windowssystem32dllcachet2embed.dll2013-01-18 23:37:32 153088 -c----w- c:windowssystem32dllcachetriedit.dll2013-01-18 23:31:16 268288 -c----w- c:windowssystem32dllcachehttpext.dll2013-01-18 23:30:44 473600 -c----w- c:windowssystem32dllcachefastprox.dll2013-01-18 23:30:44 401408 -c----w- c:windowssystem32dllcacherpcss.dll2013-01-18 23:30:44 284160 -c----w- c:windowssystem32dllcachepdh.dll2013-01-18 23:30:44 110592 -c----w- c:windowssystem32dllcacheservices.exe2013-01-18 23:30:43 730112 -c----w- c:windowssystem32dllcachelsasrv.dll2013-01-18 23:30:43 718336 -c----w- c:windowssystem32dllcachentdll.dll2013-01-18 23:30:43 617472 -c----w- c:windowssystem32dllcacheadvapi32.dll2013-01-18 23:30:43 453120 -c----w- c:windowssystem32dllcachewmiprvsd.dll2013-01-18 23:30:43 227840 -c----w- c:windowssystem32dllcachewmiprvse.exe2013-01-18 23:30:43 2148864 -c----w- c:windowssystem32dllcachentkrnlmp.exe2013-01-18 23:30:42 2192896 -c----w- c:windowssystem32dllcachentoskrnl.exe2013-01-18 23:30:42 2027520 -c----w- c:windowssystem32dllcachentkrpamp.exe2013-01-18 23:29:36 218112 -c----w- c:windowssystem32dllcachewordpad.exe2013-01-18 23:28:55 74752 -c----w- c:windowssystem32dllcachemsw3prt.dll2013-01-18 23:28:55 104960 -c----w- c:windowssystem32dllcachewin32spl.dll2013-01-18 23:28:54 331776 -c----w- c:windowssystem32dllcachemsadce.dll2013-01-18 23:27:52 272128 -c----w- c:windowssystem32dllcachebthport.sys2013-01-18 23:27:45 203136 -c----w- c:windowssystem32dllcachermcast.sys2013-01-18 17:37:31 79872 -c----w- c:windowssystem32dllcachemsxml6r.dll2013-01-18 17:37:31 1371648 -c----w- c:windowssystem32dllcachemsxml6.dll2013-01-18 17:35:34 294912 ------w- c:program fileswindows media playerdlimport.exe2013-01-18 17:35:32 294912 -c----w- c:windowssystem32dllcachedlimport.exe2013-01-18 02:28:57 79872 -c--a-w- c:windowssystem32dllcacherwia330.dll2013-01-18 02:27:59 10129408 -c--a-w- c:windowssystem32dllcachehwxkor.dll2013-01-18 02:26:47 -------- d-----w- c:program filesmsn gaming zone2013-01-18 02:22:48 7680 -c--a-w- c:windowssystem32dllcacheinetmgr.exe2013-01-18 02:03:45 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll2013-01-18 02:03:45 24661 ----a-w- c:windowssystem32spxcoins.dll2013-01-18 02:03:45 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll2013-01-18 02:03:45 13312 ----a-w- c:windowssystem32irclass.dll2013-01-18 00:08:23 16384 -c--a-w- c:windowssystem32dllcacheisignup.exe2013-01-18 00:08:23 16384 ----a-w- c:program filesinternet explorerconnection wizardisignup.exe2013-01-17 03:10:57 -------- d-----w- c:documents and settingsadministratorapplication dataEFSoftware2013-01-17 03:09:52 -------- d-----w- c:program filesEF Process Manager2013-01-15 04:23:19 -------- d-----w- c:documents and settingsadministratorapplication dataFreshDiagnose2013-01-15 03:32:16 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll2013-01-15 02:16:19 -------- d-----w- c:documents and settingsall usersapplication dataNVIDIA Corporation2013-01-15 02:15:20 1075220 ----a-w- c:windowssystem32nvdrsdb1.bin2013-01-15 02:15:20 1075220 ----a-w- c:windowssystem32nvdrsdb0.bin2013-01-15 02:15:20 1 ----a-w- c:windowssystem32nvdrssel.bin2013-01-15 02:14:33 884072 ----a-w- c:windowssystem32nvhdagenco3220103.dll2013-01-15 02:14:33 28008 ----a-w- c:windowssystem32nvhdap32.dll2013-01-15 02:14:33 124264 ----a-w- c:windowssystem32driversnvhda32.sys2013-01-15 02:14:29 889784 ----a-w- c:windowssystem32nvdispgenco32.dll2013-01-15 02:14:29 7716864 ----a-w- c:windowssystem32nvcuda.dll2013-01-15 02:14:29 6066176 ----a-w- c:windowssystem32nvopencl.dll2013-01-15 02:14:29 2725304 ----a-w- c:windowssystem32nvcuvid.dll2013-01-15 02:14:29 1985976 ----a-w- c:windowssystem32nvcuvenc.dll2013-01-15 02:14:29 19570688 ----a-w- c:windowssystem32nvoglnt.dll2013-01-14 19:47:56 9216 -c--a-w- c:windowssystem32dllcachewamps51.dll2013-01-14 19:46:44 -------- d-----w- c:windowssystem32msmq2013-01-14 19:06:12 16928 ----a-w- c:windowssystem32spmsgXP_2k3.dll2013-01-14 18:57:43 -------- d-----w- c:windowssystem32wbemrepositoryFS2013-01-14 18:57:43 -------- d-----w- c:windowssystem32wbemRepository2013-01-14 18:56:04 -------- d-----w- c:program filesWinPcap2013-01-14 18:56:04 -------- d-----w- c:documents and settingsadministratorapplication dataWireshark2013-01-14 18:54:59 -------- d-----w- c:program filesSavings Sidekick2013-01-14 18:54:59 -------- d-----w- c:documents and settingsall usersapplication dataIBUpdaterService2013-01-14 18:54:58 -------- d-----w- c:program filesFunmoods2013-01-14 18:51:07 -------- d-----w- c:program filesBadaboom2013-01-14 18:51:07 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataBadaboom2013-01-14 18:51:04 -------- d-----w- c:program filesCommViewWiFi2013-01-14 18:49:59 -------- d-----w- c:program filesvReveal2013-01-14 18:49:58 -------- d-----w- c:windowssystem32EVGA2013-01-14 13:46:16 -------- d-----w- c:program filesCoupon Companion Plugin2013-01-14 05:30:20 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataPokki2013-01-14 05:27:01 -------- d-----w- c:documents and settingsadministratorapplication dataAPP_NAME_NON_STRING2013-01-14 05:26:31 -------- d-----w- c:program filesPDF Architect2013-01-14 05:25:45 -------- d-----w- c:program filesPDFCreator(2)2013-01-12 02:46:19 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataDeployment2013-01-12 02:36:32 -------- d-----w- c:documents and settingsadministratorapplication dataMotionDSP2013-01-12 02:28:44 -------- d-----w- c:documents and settingsadministratorapplication dataNVIDIA2013-01-12 02:06:18 -------- d-----w- c:program filesZOTAC FireStorm2013-01-11 18:29:28 32768 ----a-w- c:windowssystem32ativtmxx.dll2013-01-11 18:29:28 23040 ----a-w- c:windowssystem32ativmvxx.ax2013-01-11 18:29:27 9728 ----a-w- c:windowssystem32ativdaxx.ax2013-01-11 18:29:26 63488 ----a-w- c:windowssystem32driversatinxsxx.sys2013-01-11 18:29:24 31744 ----a-w- c:windowssystem32driversatinxbxx.sys2013-01-11 18:29:22 73216 ----a-w- c:windowssystem32driversatintuxx.sys2013-01-11 18:29:21 13824 ----a-w- c:windowssystem32driversatinttxx.sys2013-01-11 18:29:19 28672 ----a-w- c:windowssystem32driversatinsnxx.sys2013-01-11 18:29:18 104960 ----a-w- c:windowssystem32driversatinrvxx.sys2013-01-11 18:29:16 52224 ----a-w- c:windowssystem32driversatinraxx.sys2013-01-11 18:29:14 14336 ----a-w- c:windowssystem32driversatinpdxx.sys2013-01-09 05:02:16 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataApplicationHistory2013-01-09 02:36:10 -------- d-----w- c:program filesMeadCo Neptune2013-01-06 20:32:55 -------- d-----w- c:program filesiPod2013-01-06 20:32:52 -------- d-----w- c:program filesiTunes2013-01-06 20:32:52 -------- d-----w- c:documents and settingsall usersapplication data188F1432-103A-4ffb-80F1-36B633C5C9E12013-01-06 05:09:53 -------- d-----w- c:documents and settingsadministratorapplication dataGlarySoft2013-01-06 05:09:52 -------- d-----w- c:program filesGlary Utilities2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin7.dll2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin6.dll2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin5.dll2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin4.dll2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin3.dll2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin2.dll2013-01-06 04:52:39 159744 ----a-w- c:program filesinternet explorerpluginsnpqtplugin.dll2012-12-30 18:49:38 24064 ----a-w- c:windowssystem32driversHMFAxCoreaed040d8b011ae0c1b8fadee8e6de745.sys2012-12-30 18:49:24 135168 ----a-w- c:windowssystem32Lock.dll2012-12-30 18:49:23 11776 ----a-w- c:windowssystem32reghmf.exe2012-12-30 18:49:23 -------- d-----w- c:program filesFileLockPRO2012-12-30 10:03:13 200704 ----a-w- c:windowssystem32vbalExpBar6.ocx2012-12-30 10:03:11 15360 ----a-w- c:windowssystem32inetfr.DLL2012-12-30 10:03:10 40960 ----a-w- c:windowssystem32SSubTmr6.dll2012-12-30 10:03:10 32768 ----a-w- c:windowssystem32CMDLGFR.DLL2012-12-30 10:03:10 141312 ----a-w- c:windowssystem32MSCMCFR.DLL2012-12-30 10:03:10 119568 ----a-w- c:windowssystem32VB6FR.DLL2012-12-30 10:03:09 484352 ----a-w- c:windowssystem32lame_enc.dll2012-12-30 10:03:09 -------- d-----w- c:documents and settingsadministratorapplication dataFreeBurner2012-12-30 10:01:58 -------- d-----w- c:program filesFree Easy CD DVD Burner2012-12-30 03:06:26 29528 ----a-w- c:windowssystem32SmartDefragBootTime.exe2012-12-30 03:05:05 14776 ----a-w- c:windowssystem32driversSmartDefragDriver.sys2012-12-26 23:30:31 -------- d-----w- c:program filesRealNetworks2012-12-26 23:30:28 -------- d-----w- c:documents and settingsall usersapplication dataRealNetworks2012-12-26 23:29:14 -------- d-----w- c:program filescommon filesxing shared2012-12-26 23:29:05 153296 ----a-w- c:program filesmozilla firefoxpluginsnppl3260.dll2012-12-26 23:28:36 124056 ----a-w- c:program filesmozilla firefoxpluginsnprpplugin.dll2012-12-26 23:28:27 499712 ----a-w- c:windowssystem32msvcp71.dll2012-12-24 10:37:02 -------- d-----w- c:windowstmp2012-12-23 01:14:04 -------- d-----w- C:BATTLESHIP2012-12-23 00:32:22 -------- d-----w- c:documents and settingsall usersapplication dataIdealSoftware2012-12-23 00:30:52 87608 ----a-w- c:documents and settingsadministratorapplication datainst.exe2012-12-23 00:30:52 47360 ----a-w- c:windowssystem32driverspcouffin.sys2012-12-23 00:30:52 47360 ----a-w- c:documents and settingsadministratorapplication datapcouffin.sys2012-12-23 00:30:28 -------- d-----w- c:documents and settingsadministratorlocal settingsapplication dataIdealSoftware2012-12-23 00:30:27 -------- d-----w- c:program filesIdealDVDCopy2012-12-23 00:20:59 -------- d-----w- c:documents and settingsadministratorapplication dataGetRightToGo2012-12-22 23:28:00 -------- d-----w- C:[The Expendables 2].==================== Find3M ====================.2013-01-18 02:16:02 16400 ----a-w- c:windowssystem32driversLNonPnP.sys2013-01-16 03:32:27 106296 ----a-w- c:windowssystem32driversjraid.sys2013-01-16 03:20:06 53248 ----a-w- c:windowssystem32CSVer.dll2013-01-15 03:31:59 143872 ----a-w- c:windowssystem32javacpl.cpl2013-01-15 03:31:58 859552 ----a-w- c:windowssystem32npdeployJava1.dll2013-01-15 03:31:58 780192 ----a-w- c:windowssystem32deployJava1.dll2013-01-09 00:36:14 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-01-09 00:36:14 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe2012-12-29 10:31:25 4154752 ----a-w- c:windowssystem32nv4_disp.dll2012-12-29 10:31:25 2448384 ----a-w- c:windowssystem32nvapi.dll2012-12-29 10:31:25 17551360 ----a-w- c:windowssystem32nvcompiler.dll2012-12-29 10:31:25 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys2012-12-29 10:31:25 1017272 ----a-w- c:windowssystem32nvdispco32.dll2012-12-29 08:07:06 54272 ----a-w- c:windowssystem32nvwddi.dll2012-12-29 08:07:02 157112 ----a-w- c:windowssystem32nvsvc32.exe2012-12-29 08:07:02 15635896 ----a-w- c:windowssystem32nvcpl.dll2012-12-29 08:07:02 108984 ----a-w- c:windowssystem32nvmctray.dll2012-12-29 08:07:01 144312 ----a-w- c:windowssystem32nvcolor.exe2012-12-26 23:28:27 348160 ----a-w- c:windowssystem32msvcr71.dll2012-12-16 12:23:59 290560 ----a-w- c:windowssystem32atmfd.dll2012-12-14 21:49:28 21104 ----a-w- c:windowssystem32driversmbam.sys2012-11-25 17:45:38 0 ----a-w- c:windowsativpsrm.bin2012-11-13 01:25:12 1866368 ----a-w- c:windowssystem32win32k.sys2012-11-06 02:01:39 1371648 ----a-w- c:windowssystem32msxml6.dll2012-11-05 01:46:19 26984 ----a-w- c:windowssystem32driversavgtpx86.sys2012-11-02 02:02:42 375296 ----a-w- c:windowssystem32dpnet.dll2012-11-01 12:17:54 916992 ----a-w- c:windowssystem32wininet.dll2012-11-01 12:17:54 43520 ----a-w- c:windowssystem32licmgr10.dll2012-11-01 12:17:54 1469440 ----a-w- c:windowssystem32inetcpl.cpl2012-11-01 00:35:34 385024 ----a-w- c:windowssystem32html.iec2012-10-30 22:51:58 738504 ----a-w- c:windowssystem32driversaswSnx.sys2012-10-30 22:51:07 41224 ----a-w- c:windowsavastSS.scr2012-10-25 08:12:26 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx2012-10-25 08:12:26 69632 ----a-w- c:windowssystem32QuickTime.qts.============= FINISH: 12:10:01.65 ===============

 

 

Link to comment
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 1/17/2013 9:29:52 PM
System Uptime: 1/19/2013 12:04:31 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 200 GiB total, 101.567 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 78.953 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394NIC139411DC0E411D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394NIC139411DC0E411D800
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}NVNET_DEV02694&10B48CE1&4&000
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}NVNET_DEV02694&10B48CE1&4&000
Service: NVENETFD
.
==== System Restore Points ===================
.
RP1: 1/18/2013 1:03:08 PM - System Checkpoint
RP2: 1/18/2013 1:19:15 PM - Installed Windows Internet Explorer 8.
RP3: 1/18/2013 7:33:33 PM - Software Distribution Service 3.0
RP4: 1/18/2013 9:12:46 PM - Software Distribution Service 3.0
RP5: 1/18/2013 9:24:40 PM - Software Distribution Service 3.0
RP6: 1/18/2013 9:36:29 PM - Software Distribution Service 3.0
RP7: 1/19/2013 3:33:27 AM - Installed SpyHunter
RP8: 1/19/2013 10:15:35 AM - Removed Bing Desktop
.
==== Installed Programs ======================
.
1Click DVD Copy 5.9.3.6
7-Zip 9.20
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AsusUpdate
ATI AVIVO Codecs
avast! Free Antivirus
AVG Security Toolbar
Badaboom 1.2.1.13
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MX700 series
Canon MX700 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CloneCD
CommView for WiFi
Data Lifeguard Tools
DH Driver Cleaner Professional Edition
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.1.1.0 (06/08/2011) Qt Beta
eEye Digital Security Retina Wifi Scanner
EF Process Manager
eReg
EVGA Display Driver
FileHippo.com Update Checker
FileLockPRO
Free Easy Burner V 5.1
FreshDiagnose
FreshUI
FreshVideoDownloader
Funmoods
Glary Utilities 2.51.0.1666
Google Chrome
Google Earth
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Ideal DVD Copy V4.1.2
iLivid
ImgBurn
inSSIDer
inSSIDer 2.0
iolo technologies' System Mechanic 5
iTunes
Java 7 Update 11
Java Auto Updater
Java 6 Update 26
JMicron JMB36X Driver
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LG Outlook Sync
LG United Mobile Drivers
LG Verizon United Drivers
LGE Tool 1.39
LightScribe 1.4.119.1
Logitech SetPoint 6.51
LookInMyPC
Magic DVD Copier Version 5.0.2
Magic DVD Ripper V5.5.2
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NetSpeedMonitor 2.5.4.0 x86
Network Stumbler 0.4.0 (remove only)
NVIDIA Control Panel 310.90
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.11.3
NVIDIA Update Components
Opera 11.50
Opera 11.61
Paint.NET v3.5.10
PC Magnum 1.0.0.19
PC Matic 1.1.0.50
PC Pitstop Driver Alert2 2.0.0.0
PC Pitstop Info Center 1.0.0.16
PC Pitstop Optimize3 3.0
PC Probe II
Photo Pos Pro
Photopos Toolbar
PhotoScape
PIXMA Extended Survey Program
Presto! PageManager 7.15.16
QSS Installation Program
QuickTime
Ralink RT6x Wireless LAN Card
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SlimDrivers
Smart Defrag 2
SolarWinds Network Device Monitor
Spybot - Search & Destroy
SpyHunter
swMSM
System Checkup 3.3
System Requirements Lab
The Weather Channel App
TL-WN822N/TL-WN821N Driver
TP-LINK Wireless Client Utility
Triple Doppler Weather Warn
Tweaking.com - Windows Repair (All in One)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Utility Chest Toolbar
VC 9.0 Runtime
Verizon Wireless Download Manager 2.2.8-SNAPSHOT-r11227
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.3
vReveal
Weather Exchange
Weather Watcher
WebFldrs XP
Windows Essentials Media Codec Pack 3.5 [32-Bit]
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
Windows XP Service Pack 3
WinUtilities 10.53 Free Edition
Xirrus Wi-Fi Inspector
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZOTAC FireStorm
.
==== Event Viewer Messages From Past Week ========
.
1/19/2013 8:59:55 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
1/19/2013 12:09:08 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/19/2013 12:08:44 PM, error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s).
1/19/2013 12:08:44 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
1/19/2013 12:08:44 PM, error: Service Control Manager [7034] - The File Lock Pro Service service terminated unexpectedly. It has done this 1 time(s).
1/19/2013 12:08:43 PM, error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
1/19/2013 12:08:43 PM, error: Service Control Manager [7022] - The File Lock Pro Service service hung on starting.
1/18/2013 9:15:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Media Player 11.
1/17/2013 8:01:42 PM, error: LDMS [3016] - Failed to initialize DmServer service. The service is not running. Error: C0000008
1/17/2013 8:01:42 PM, error: LDMS [3007] - Failed to set service status to 4, Error=C0000008.
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7034] - The Client Service for NetWare service terminated unexpectedly. It has done this 1 time(s).
1/17/2013 7:45:34 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/17/2013 7:45:34 PM, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2013 7:45:34 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2013 7:45:34 PM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2013 7:45:34 PM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
1/17/2013 7:45:34 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147500053 (0x80004015).
1/17/2013 7:45:34 PM, error: Service Control Manager [7024] - The IIS Admin service terminated with service-specific error 2147549183 (0x8000FFFF).
1/17/2013 7:45:34 PM, error: Service Control Manager [7023] - The JumpStart Push-Button Service service terminated with the following error: The class is configured to run as a security id different from the caller
1/17/2013 7:45:34 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
1/17/2013 7:45:34 PM, error: Service Control Manager [7022] - The Network Connections service hung on starting.
1/17/2013 7:45:34 PM, error: Service Control Manager [7022] - The COM+ Event System service hung on starting.
1/17/2013 7:45:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
1/17/2013 7:45:34 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The service has returned a service-specific error code.
1/17/2013 7:45:34 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: After starting, the service hung in a start-pending state.
1/17/2013 7:45:34 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: After starting, the service hung in a start-pending state.
1/17/2013 7:45:34 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The service has returned a service-specific error code.
1/17/2013 7:45:34 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The pipe state is invalid.
1/17/2013 7:45:34 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/17/2013 7:45:34 PM, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The pipe state is invalid.
1/17/2013 7:45:34 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The pipe has been ended.
1/17/2013 7:44:31 PM, error: DCOM [10005] - DCOM got error "%109" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
1/17/2013 7:44:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/17/2013 7:42:24 PM, error: WMPNetworkSvc [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80004002'. In Windows Media Player, turn off media sharing, and then turn it back on.
1/17/2013 7:16:43 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
1/17/2013 7:06:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
1/17/2013 6:50:06 PM, error: DCOM [10005] - DCOM got error "%1083" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/17/2013 10:49:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/17/2013 10:24:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AsIO AswRdr aswSnx aswSP aswTdi atitray ElbyCDIO Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd Tcpip Vsdatant WS2IFSL
1/17/2013 10:24:04 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
1/16/2013 6:06:03 PM, error: Dhcp [1002] - The IP address lease 101.1.230.42 for the Network Card with network address 74EA3A945BD0 has been denied by the DHCP server 101.0.93.1 (The DHCP Server sent a DHCPNACK message).
1/15/2013 10:27:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
1/15/2013 10:27:25 PM, error: Service Control Manager [7023] - The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: The system cannot find the path specified.
1/15/2013 10:27:25 PM, error: Service Control Manager [7000] - The Utility ChestService service failed to start due to the following error: Access is denied.
1/15/2013 10:27:08 PM, error: SMTPSVC [116] - The service metabase path '/LM/SMTPSVC/' could not be opened. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
1/14/2013 9:30:55 PM, error: Service Control Manager [7000] - The Indexing Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
1/14/2013 9:15:29 AM, error: Service Control Manager [7023] - The PDF Architect Service service terminated with the following error: Unspecified error
1/14/2013 4:12:18 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
1/14/2013 3:21:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/14/2013 3:21:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/14/2013 3:19:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AsIO AswRdr aswSnx aswSP aswTdi atitray ElbyCDIO Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd Tcpip Vsdatant
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 3:19:27 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2013 2:54:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AsIO aswSnx aswSP aswTdi atitray ElbyCDIO Fips intelppm Lbd sbaphd
1/14/2013 2:54:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/14/2013 2:49:02 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
1/14/2013 2:48:27 PM, error: PlugPlayManager [11] - The device RootLEGACY_MQAC0000 disappeared from the system without first being prepared for removal.
1/14/2013 2:48:17 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
1/14/2013 12:15:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/14/2013 12:14:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/14/2013 11:05:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/14/2013 10:22:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
1/14/2013 10:21:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}
1/14/2013 1:48:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
1/14/2013 1:45:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AsIO AswRdr aswSnx aswSP aswTdi ElbyCDIO Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd Tcpip Vsdatant
1/13/2013 5:14:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd nvatabus nvraid
1/12/2013 8:38:10 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 74EA3A945BD0. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/12/2013 7:51:16 PM, error: Dhcp [1002] - The IP address lease 101.1.230.3 for the Network Card with network address 74EA3A945BD0 has been denied by the DHCP server 101.0.93.1 (The DHCP Server sent a DHCPNACK message).
1/12/2013 1:14:45 PM, error: Service Control Manager [7034] - The PCPitstop Scheduling service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

Link to comment
Share on other sites

Hi jackpot316,

:wp:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • [*]I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. [*]The fixes are specific to
your problem and should only be used for the issues on this machine. [*]Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. [*]It's often worth reading through these instructions and printing them for ease of reference. [*]If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. [*]Please reply to this thread. Do not start a new topic.

 

 

Oh yeah. You've got a variety of garbage on there. I suspect it is slow as molasses on a cold day.

 

Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link -->
http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

 

 

 

Link to comment
Share on other sites

ComboFix 13-01-17.04 - Administrator 01/20/2013 12:13:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1362 [GMT -5:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAll UsersApplication DataTEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))
.
.
2013-01-20 06:03 . 2013-01-20 06:03 -------- d-----w- c:program filesVS Revo Group
2013-01-20 01:51 . 2013-01-20 01:57 -------- d-----w- c:documents and settingsAll UsersApplication DataSystemExplorer
2013-01-20 01:50 . 2013-01-20 01:50 -------- d-----w- c:program filesSystem Explorer
2013-01-19 22:09 . 2013-01-19 22:10 -------- d-----w- c:program filesERUNT
2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAdministratorAppData
2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-01-19 20:29 . 2013-01-19 20:32 -------- d-----w- c:program filesSpywareBlaster
2013-01-19 20:03 . 2013-01-19 20:25 -------- d-----w- c:program filesEmsisoft HiJackFree
2013-01-19 13:12 . 2013-01-19 13:12 -------- d-----w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2013-01-19 13:12 . 2013-01-19 13:12 -------- d-----w- c:documents and settingsAdministratorApplication DataSUPERAntiSpyware.com
2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconF7A21AF7.exe
2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconD7F16134.exe
2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconCF33A0CE.exe
2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- C:sh4ldr
2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- c:program filesEnigma Software Group
2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- c:windowsDDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-19 00:33 . 2012-12-16 12:23 290560 -c----w- c:windowssystem32dllcacheatmfd.dll
2013-01-19 00:32 . 2012-11-01 12:17 630272 -c----w- c:windowssystem32dllcachemsfeeds.dll
2013-01-19 00:32 . 2012-11-01 12:17 55296 -c----w- c:windowssystem32dllcachemsfeedsbs.dll
2013-01-19 00:32 . 2012-11-01 12:17 247808 -c----w- c:windowssystem32dllcacheieproxy.dll
2013-01-19 00:32 . 2012-11-01 12:17 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll
2013-01-19 00:32 . 2012-11-01 12:17 2000384 -c----w- c:windowssystem32dllcacheiertutil.dll
2013-01-19 00:32 . 2012-11-01 12:17 12800 -c----w- c:windowssystem32dllcachexpshims.dll
2013-01-19 00:32 . 2012-11-01 12:17 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll
2013-01-19 00:32 . 2012-11-01 12:17 11111424 -c----w- c:windowssystem32dllcacheieframe.dll
2013-01-19 00:26 . 2012-07-04 14:05 139784 -c----w- c:windowssystem32dllcacherdpwd.sys
2013-01-19 00:19 . 2011-07-15 13:29 456320 -c----w- c:windowssystem32dllcachemrxsmb.sys
2013-01-19 00:18 . 2011-07-08 14:02 10496 -c----w- c:windowssystem32dllcachendistapi.sys
2013-01-19 00:18 . 2011-04-21 13:37 105472 -c----w- c:windowssystem32dllcachemup.sys
2013-01-19 00:17 . 2011-03-11 14:10 471552 -c----w- c:windowssystem32dllcacheaclayers.dll
2013-01-19 00:08 . 2010-11-02 15:17 40960 -c----w- c:windowssystem32dllcachendproxy.sys
2013-01-19 00:08 . 2010-10-11 14:59 45568 -c----w- c:windowssystem32dllcachewab.exe
2013-01-19 00:07 . 2010-08-16 08:45 590848 -c----w- c:windowssystem32dllcacherpcrt4.dll
2013-01-19 00:06 . 2011-02-08 13:33 978944 -c----w- c:windowssystem32dllcachemfc42.dll
2013-01-19 00:06 . 2010-09-18 06:53 953856 -c----w- c:windowssystem32dllcachemfc40u.dll
2013-01-18 23:51 . 2010-08-23 16:12 617472 -c----w- c:windowssystem32dllcachecomctl32.dll
2013-01-18 23:48 . 2010-06-30 20:38 369664 -c----w- c:windowssystem32dllcacheasp51.dll
2013-01-18 23:48 . 2010-07-27 06:35 257024 -c----w- c:windowssystem32dllcacheinfocomm.dll
2013-01-18 23:48 . 2010-06-18 13:36 3558912 -c----w- c:windowssystem32dllcachemoviemk.exe
2013-01-18 23:47 . 2010-03-05 18:45 456704 -c----w- c:windowssystem32dllcachesmtpsvc.dll
2013-01-18 23:47 . 2010-06-14 14:31 744448 -c----w- c:windowssystem32dllcachehelpsvc.exe
2013-01-18 23:42 . 2010-08-27 08:02 119808 -c----w- c:windowssystem32dllcachet2embed.dll
2013-01-18 23:42 . 2009-10-15 16:28 81920 -c----w- c:windowssystem32dllcachefontsub.dll
2013-01-18 23:37 . 2009-06-21 21:44 153088 -c----w- c:windowssystem32dllcachetriedit.dll
2013-01-18 23:31 . 2009-05-21 18:46 268288 -c----w- c:windowssystem32dllcachehttpext.dll
2013-01-18 23:30 . 2009-03-06 14:22 284160 -c----w- c:windowssystem32dllcachepdh.dll
2013-01-18 23:30 . 2009-02-09 12:10 473600 -c----w- c:windowssystem32dllcachefastprox.dll
2013-01-18 23:30 . 2009-02-09 12:10 401408 -c----w- c:windowssystem32dllcacherpcss.dll
2013-01-18 23:30 . 2009-02-06 11:11 110592 -c----w- c:windowssystem32dllcacheservices.exe
2013-01-18 23:30 . 2012-08-21 13:33 2148864 -c----w- c:windowssystem32dllcachentkrnlmp.exe
2013-01-18 23:30 . 2010-12-20 17:26 730112 -c----w- c:windowssystem32dllcachelsasrv.dll
2013-01-18 23:30 . 2010-12-09 15:15 718336 -c----w- c:windowssystem32dllcachentdll.dll
2013-01-18 23:30 . 2009-02-09 12:10 617472 -c----w- c:windowssystem32dllcacheadvapi32.dll
2013-01-18 23:30 . 2009-02-09 12:10 453120 -c----w- c:windowssystem32dllcachewmiprvsd.dll
2013-01-18 23:30 . 2009-02-06 10:10 227840 -c----w- c:windowssystem32dllcachewmiprvse.exe
2013-01-18 23:30 . 2012-08-21 13:29 2192896 -c----w- c:windowssystem32dllcachentoskrnl.exe
2013-01-18 23:30 . 2012-08-21 12:58 2027520 -c----w- c:windowssystem32dllcachentkrpamp.exe
2013-01-18 23:29 . 2010-07-12 12:55 218112 -c----w- c:windowssystem32dllcachewordpad.exe
2013-01-18 23:28 . 2008-08-28 07:46 74752 -c----w- c:windowssystem32dllcachemsw3prt.dll
2013-01-18 23:28 . 2008-08-28 07:46 104960 -c----w- c:windowssystem32dllcachewin32spl.dll
2013-01-18 23:28 . 2008-05-01 14:33 331776 -c----w- c:windowssystem32dllcachemsadce.dll
2013-01-18 23:27 . 2008-06-13 11:05 272128 -c----w- c:windowssystem32dllcachebthport.sys
2013-01-18 23:27 . 2008-05-08 14:02 203136 -c----w- c:windowssystem32dllcachermcast.sys
2013-01-18 17:37 . 2012-11-06 02:01 1371648 -c----w- c:windowssystem32dllcachemsxml6.dll
2013-01-18 17:37 . 2008-04-14 03:57 79872 -c----w- c:windowssystem32dllcachemsxml6r.dll
2013-01-18 17:35 . 2008-04-14 10:42 294912 ------w- c:program filesWindows Media Playerdlimport.exe
2013-01-18 17:35 . 2008-04-14 10:42 294912 -c----w- c:windowssystem32dllcachedlimport.exe
2013-01-18 02:28 . 2006-02-28 12:00 79872 -c--a-w- c:windowssystem32dllcacherwia330.dll
2013-01-18 02:27 . 2006-02-28 12:00 10129408 -c--a-w- c:windowssystem32dllcachehwxkor.dll
2013-01-18 02:22 . 2006-02-28 12:00 7680 -c--a-w- c:windowssystem32dllcacheinetmgr.exe
2013-01-18 02:03 . 2006-02-28 12:00 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll
2013-01-18 02:03 . 2006-02-28 12:00 24661 ----a-w- c:windowssystem32spxcoins.dll
2013-01-18 02:03 . 2006-02-28 12:00 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll
2013-01-18 02:03 . 2006-02-28 12:00 13312 ----a-w- c:windowssystem32irclass.dll
2013-01-18 00:08 . 2006-02-28 12:00 16384 -c--a-w- c:windowssystem32dllcacheisignup.exe
2013-01-18 00:08 . 2006-02-28 12:00 16384 ----a-w- c:program filesInternet ExplorerConnection Wizardisignup.exe
2013-01-17 03:10 . 2013-01-17 03:10 -------- d-----w- c:documents and settingsAdministratorApplication DataEFSoftware
2013-01-17 03:09 . 2013-01-17 03:09 -------- d-----w- c:program filesEF Process Manager
2013-01-15 04:23 . 2013-01-15 04:25 -------- d-----w- c:documents and settingsAdministratorApplication DataFreshDiagnose
2013-01-15 03:32 . 2013-01-15 03:32 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2013-01-15 02:17 . 2013-01-15 02:17 -------- d-----w- c:program filesAGEIA Technologies
2013-01-15 02:16 . 2013-01-15 02:16 -------- d-----w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation
2013-01-15 02:16 . 2013-01-20 02:28 -------- d-----w- c:documents and settingsUpdatusUser
2013-01-15 02:15 . 2013-01-18 02:13 1075220 ----a-w- c:windowssystem32nvdrsdb1.bin
2013-01-15 02:15 . 2013-01-18 02:13 1 ----a-w- c:windowssystem32nvdrssel.bin
2013-01-15 02:15 . 2013-01-18 02:13 1075220 ----a-w- c:windowssystem32nvdrsdb0.bin
2013-01-15 02:14 . 2012-07-03 15:25 28008 ----a-w- c:windowssystem32nvhdap32.dll
2013-01-15 02:14 . 2012-07-03 15:25 124264 ----a-w- c:windowssystem32driversnvhda32.sys
2013-01-15 02:14 . 2012-07-03 07:37 884072 ----a-w- c:windowssystem32nvhdagenco3220103.dll
2013-01-15 02:14 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-15 02:14 . 2012-12-29 10:31 7716864 ----a-w- c:windowssystem32nvcuda.dll
2013-01-15 02:14 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-15 02:14 . 2012-12-29 10:31 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2013-01-15 02:14 . 2012-12-29 10:31 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2013-01-15 02:14 . 2012-12-29 10:31 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2013-01-14 19:47 . 2006-02-28 12:00 9216 -c--a-w- c:windowssystem32dllcachewamps51.dll
2013-01-14 19:46 . 2013-01-14 19:46 -------- d-----w- c:windowssystem32msmq
2013-01-14 19:06 . 2008-11-07 23:55 16928 ----a-w- c:windowssystem32spmsgXP_2k3.dll
2013-01-14 18:57 . 2013-01-14 18:57 -------- d-----w- c:windowssystem32wbemRepository
2013-01-14 18:56 . 2013-01-14 18:56 -------- d-----w- c:documents and settingsAdministratorApplication DataWireshark
2013-01-14 18:54 . 2013-01-14 18:54 -------- d-----w- c:documents and settingsAll UsersApplication DataIBUpdaterService
2013-01-14 18:51 . 2013-01-14 18:51 -------- d-----w- c:program filesBadaboom
2013-01-14 18:51 . 2013-01-14 18:51 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataBadaboom
2013-01-14 18:51 . 2013-01-19 15:18 -------- d-----w- c:program filesCommViewWiFi
2013-01-14 18:49 . 2013-01-14 18:50 -------- d-----w- c:program filesvReveal
2013-01-14 18:49 . 2013-01-14 18:49 -------- d-----w- c:windowssystem32EVGA
2013-01-14 13:46 . 2013-01-14 18:54 -------- d-----w- c:program filesCoupon Companion Plugin
2013-01-14 05:30 . 2013-01-14 18:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataPokki
2013-01-14 05:27 . 2013-01-14 05:27 -------- d-----w- c:documents and settingsAdministratorApplication DataAPP_NAME_NON_STRING
2013-01-14 05:26 . 2013-01-14 18:54 -------- d-----w- c:program filesPDF Architect
2013-01-14 05:25 . 2013-01-14 18:54 -------- d-----w- c:program filesPDFCreator(2)
2013-01-12 02:46 . 2013-01-12 02:46 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataDeployment
2013-01-12 02:36 . 2013-01-12 02:36 -------- d-----w- c:documents and settingsAdministratorApplication DataMotionDSP
2013-01-12 02:28 . 2013-01-20 05:22 -------- d-----w- c:documents and settingsAdministratorApplication DataNVIDIA
2013-01-12 02:06 . 2013-01-14 18:55 -------- d-----w- c:program filesZOTAC FireStorm
2013-01-11 18:29 . 2008-04-14 10:42 23040 ----a-w- c:windowssystem32ativmvxx.ax
2013-01-11 18:29 . 2008-04-14 10:41 32768 ----a-w- c:windowssystem32ativtmxx.dll
2013-01-11 18:29 . 2008-04-14 10:42 9728 ----a-w- c:windowssystem32ativdaxx.ax
2013-01-11 18:29 . 2004-08-04 03:29 63488 ----a-w- c:windowssystem32driversatinxsxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 31744 ----a-w- c:windowssystem32driversatinxbxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 73216 ----a-w- c:windowssystem32driversatintuxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 13824 ----a-w- c:windowssystem32driversatinttxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 28672 ----a-w- c:windowssystem32driversatinsnxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 104960 ----a-w- c:windowssystem32driversatinrvxx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-18 02:16 . 2011-03-27 07:00 16400 ----a-w- c:windowssystem32driversLNonPnP.sys
2013-01-16 03:32 . 2012-02-04 14:22 106296 ----a-w- c:windowssystem32driversjraid.sys
2013-01-16 03:20 . 2012-10-27 17:11 53248 ----a-w- c:windowssystem32CSVer.dll
2013-01-15 03:31 . 2011-06-12 07:37 143872 ----a-w- c:windowssystem32javacpl.cpl
2013-01-15 03:31 . 2011-12-31 00:02 859552 ----a-w- c:windowssystem32npdeployJava1.dll
2013-01-15 03:31 . 2011-02-28 19:05 780192 ----a-w- c:windowssystem32deployJava1.dll
2013-01-09 00:36 . 2011-11-20 06:55 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2013-01-09 00:36 . 2011-03-14 06:11 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-12-29 10:31 . 2011-12-26 17:19 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2011-07-03 12:52 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2011-07-03 12:52 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2011-02-19 06:13 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 10:31 . 2011-02-19 06:13 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 08:07 . 2011-01-08 00:58 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2011-01-08 00:58 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2011-01-08 00:58 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2011-01-08 00:58 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2011-01-08 00:58 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-26 23:28 . 2003-02-21 09:42 348160 ----a-w- c:windowssystem32msvcr71.dll
2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-08-21 23:42 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-12-01 02:27 . 2012-03-26 13:27 181064 ----a-w- c:windowsPSEXESVC.EXE
2012-11-13 01:25 . 2006-02-28 12:00 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-11 06:47 . 2012-11-11 06:47 53248 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe
2012-11-06 02:01 . 2008-08-30 01:06 1371648 ----a-w- c:windowssystem32msxml6.dll
2012-11-05 01:46 . 2012-09-29 18:55 26984 ----a-w- c:windowssystem32driversavgtpx86.sys
2012-11-02 02:02 . 2006-02-28 12:00 375296 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 12:17 . 2006-02-28 12:00 916992 ----a-w- c:windowssystem32wininet.dll
2012-11-01 12:17 . 2006-02-28 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll
2012-11-01 12:17 . 2006-02-28 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl
2012-11-01 00:35 . 2006-02-28 12:00 385024 ----a-w- c:windowssystem32html.iec
2012-10-30 22:51 . 2012-04-22 16:36 361032 ----a-w- c:windowssystem32driversaswSP.sys
2012-10-30 22:51 . 2012-04-22 16:36 35928 ----a-w- c:windowssystem32driversaswRdr.sys
2012-10-30 22:51 . 2012-04-22 16:35 54232 ----a-w- c:windowssystem32driversaswTdi.sys
2012-10-30 22:51 . 2012-04-22 16:35 738504 ----a-w- c:windowssystem32driversaswSnx.sys
2012-10-30 22:51 . 2012-04-22 16:35 97608 ----a-w- c:windowssystem32driversaswmon2.sys
2012-10-30 22:51 . 2012-04-22 16:35 89752 ----a-w- c:windowssystem32driversaswmon.sys
2012-10-30 22:51 . 2012-04-22 16:36 21256 ----a-w- c:windowssystem32driversaswFsBlk.sys
2012-10-30 22:51 . 2012-04-22 16:35 25256 ----a-w- c:windowssystem32driversaavmker4.sys
2012-10-30 22:51 . 2012-04-22 16:34 41224 ----a-w- c:windowsavastSS.scr
2012-10-30 22:50 . 2012-04-22 16:34 227648 ----a-w- c:windowssystem32aswBoot.exe
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:windowssystem32QuickTime.qts
2012-12-01 15:52 . 2012-12-01 15:52 262112 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 01:14 1796552 ----a-w- c:program filesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{59509308-4e15-4619-8e8d-0154e1588cdd}"= "c:program filesphotopostbphotoposDx.dll" [2012-06-07 86736]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program filesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOTclsid{59509308-4e15-4619-8e8d-0154e1588cdd}]
.
[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:program filesAVAST SoftwareAvastashShell.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136]
"ISW"="c:program filesCheckPointZAForceFieldForceField.exe" [2012-11-02 738984]
"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2012-11-08 73392]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASSEH.DLL" [2013-01-19 113024]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:program filesCommon FilesLogishrdBluetoothLBTWLgn.dll
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk /p ??C:
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=""
.
[HKLM~startupfolderC:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:documents and settingsAdministratorStart MenuProgramsStartupERUNT AutoBackup.lnk
backup=c:windowspssERUNT AutoBackup.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:documents and settingsAdministratorStart MenuProgramsStartupLogitech . Product Registration.lnk
backup=c:windowspssLogitech . Product Registration.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:windowspssBDARemote.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:windowspssLogitech SetPoint.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:windowspssMcAfee Security Scan Plus.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:windowspssRalink Wireless Utility.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:windowspssWindows Search.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk]
backup=c:windowspssCanon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]
backup=c:windowspssHughesNetStatusMeter.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:documents and settingsROBBYStart MenuProgramsStartupLogitech . Product Registration.lnk
backup=c:windowspssLogitech . Product Registration.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk]
backup=c:windowspssTimeLeft.lnkStartup
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg*ForceDelete]
2013-01-19 15:23 574677 ----a-w- c:documents and settingsAdministratorMy DocumentsDownloadsadwcleaner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg36X Raid Configurer]
2012-02-04 14:22 1953792 ----a-w- c:windowssystem32xRaidSetup.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2012-12-18 19:08 946352 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdvanced SystemCare Ultimate]
2012-11-07 20:50 512384 ----a-w- c:program filesIObitAdvanced SystemCare UltimateASCTray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2005-05-03 22:43 69632 ----a-r- c:windowsAlcmtr.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAnyDVD]
2011-07-28 10:33 5242488 ----a-w- c:program filesSlySoftAnyDVDAnyDVDtray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]
2012-11-28 19:13 59280 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAROReminder]
2010-01-20 18:51 2137600 ----a-w- c:program filesAdvanced Registry OptimizerARO.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAsusStartupHelp]
2006-11-15 03:25 363008 ----a-w- c:program filesASUSAASP1.00.17AsRunHelp.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 21:32 94208 ----a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBYR_AGENT]
2012-12-10 04:43 392320 ----a-w- c:lgmobileupgradeLGMOBILEAXBYR_ClientVZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:program filesCanonMyPrinterBJMYPRT.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:program filesCanonSolutionMenuCNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:program filesSlySoftCloneCDCloneCDTray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:windowssystem32ctfmon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadManagerService]
2011-05-18 20:52 94008 ----a-w- c:program filesVerizon Wirelessdistservicerunner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW6]
2011-06-08 14:45 822456 ----a-w- c:program filesThe Weather Channel FWDesktopDesktopWeather.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW7]
2012-07-28 03:04 13003448 ----a-w- c:program filesThe Weather ChannelThe Weather Channel AppTWCApp.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEvtMgr6]
2012-11-04 17:43 1851192 ----a-w- c:program filesLogitechSetPointPSetPoint.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:program filesFileHippo.comUpdateChecker.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
2012-02-13 23:43 136176 ----atw- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInfo Center]
2012-09-01 01:38 27328 ----a-w- c:program filesPCPitstopInfo CenterInfoCenter.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIObit Malware Fighter]
2012-12-25 22:35 4474832 ----a-w- c:program filesIObitIObit Malware FighterIMF.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:program filesiTunesiTunesHelper.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregJMB36X IDE Setup]
2013-01-16 03:32 43608 ----a-w- c:windowsRaidToolxInsIDE.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregjswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:program filesTP-LINKQSSjswtrayutil.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2006-01-13 00:40 155648 ----a-w- c:program filesCommon FilesAheadLibNeroCheck.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2012-12-29 08:07 15635896 ----a-w- c:windowssystem32nvcpl.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2012-12-29 08:07 108984 ----a-w- c:windowssystem32nvmctray.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
2012-12-29 10:31 1982312 ----a-w- c:program filesNVIDIA Corporationnviewnwiz.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Pitstop Optimize Reminder]
2010-08-06 18:57 324848 ----a-w- c:program filesPCPitstopOptimize3Reminder-Optimize3.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Pitstop PC Matic Reminder]
2012-11-15 18:58 325320 ----a-w- c:program filesPCPitstopPC MaticReminder-PCMatic.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:program filesQuickTimeQTTask.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:program filesRivaTuner v2.24 MSI Master Overclocking Arena 2009 editionRivaTuner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregROC_roc_ssl_v12]
2012-11-05 01:46 1020512 ----a-w- c:program filesAVG Secure SearchROC_roc_ssl_v12.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
2008-05-16 18:39 16862720 ----a-r- c:windowsRTHDCPL.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSDTray]
2012-11-13 19:08 3825176 ----a-w- c:program filesSpybot - Search & Destroy 2SDTray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
2007-11-20 22:15 1826816 ----a-r- c:windowsSkyTel.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSlimDrivers]
2012-10-14 20:29 29378432 ----a-w- c:program filesSlimDriversSlimDrivers.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSolarWindsNetworkDeviceMonitor]
2010-03-26 14:59 2441216 ----a-w- c:program filesSolarWindsNetwork Device MonitorUndpMonitor.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybot-S&D Cleaning]
2012-11-13 19:07 3713032 ----a-w- c:program filesSpybot - Search & Destroy 2SDCleaner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpyHunter Security Suite]
2012-10-09 00:21 6286784 ----a-w- c:program filesEnigma Software GroupSpyHunterSpyHunter4.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2011-05-04 17:59 252136 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
2013-01-19 14:00 4763008 ----a-w- c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynchronization Manager]
2008-04-14 10:42 143360 ----a-w- c:windowssystem32mobsync.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
2012-12-26 23:28 295072 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTWCU]
2010-05-21 18:55 561263 ----a-w- c:program filesTP-LINKTP-LINK Wireless Client UtilityTWCU.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUSBDetector]
2003-04-01 15:33 53248 ----a-w- c:usbstorageUSBDetector.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregvProt]
2012-11-09 01:14 997320 ----a-w- c:program filesAVG Secure Searchvprot.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWrtMon.exe]
2006-09-20 12:35 20480 ----a-w- c:windowssystem32spooldriversw32x863WrtMon.exe
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"ctfmon.exe"=c:windowssystem32ctfmon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"TkBellExe"="c:program filesrealrealplayerupdaterealsched.exe" -osboot
"QuickTime Task"="c:program filesQuickTimeqttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Program FilesOperaopera.exe"=
"c:Program FilesWindows LiveMessengerwlcsdk.exe"=
"c:Program FilesWindows LiveSyncWindowsLiveSync.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDTray.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDFSSvc.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDUpdate.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDUpdSvc.exe"=
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:windowssystem32driversSmartDefragDriver.sys [12/29/2012 10:05 PM 14776]
R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [4/22/2012 11:35 AM 738504]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [4/22/2012 11:36 AM 361032]
R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [9/29/2012 1:55 PM 26984]
R1 HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;c:windowssystem32driversHMFAxCoreaed040d8b011ae0c1b8fadee8e6de745.sys [12/30/2012 1:49 PM 24064]
R1 SASDIFSV;SASDIFSV;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASDIFSV.SYS [2/19/2011 12:41 PM 12880]
R1 SASKUTIL;SASKUTIL;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASKUTIL.SYS [2/19/2011 12:41 PM 67664]
R1 sbaphd;sbaphd;c:windowssystem32driverssbaphd.sys [6/30/2012 8:22 AM 21240]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [4/22/2012 11:36 AM 21256]
R2 LBeepKE;Logitech Beep Suppression Driver;c:windowssystem32driversLBeepKE.sys [3/27/2011 2:00 AM 12216]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:windowssystem32driversScutum50.sys [12/26/2011 12:35 AM 19072]
R3 AR9271;Wireless Network Adapter Service;c:windowssystem32driversathuw.sys [2/19/2011 3:22 AM 1714176]
R3 Egatebus;Egatebus;c:windowssystem32driversegatebus.sys [5/19/2006 10:22 AM 15328]
R3 Egaterdr;Egaterdr;c:windowssystem32driversegaterdr.sys [5/19/2006 10:22 AM 13440]
R3 JSWSCIMD;jswscimd Service;c:windowssystem32driversjswscimd.sys [2/19/2011 10:27 AM 57440]
R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [12/22/2012 7:30 PM 47360]
S0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys --> c:windowssystem32DRIVERSLbd.sys [?]
S2 jswpbapi;JumpStart Push-Button Service;c:program filesTP-LINKQSSjswpbapi.exe [2/19/2011 10:27 AM 188416]
S3 !SASCORE;SAS Core Service;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASCORE.EXE [2/19/2011 12:41 PM 116608]
S3 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:program filesIObitAdvanced SystemCare UltimateASCSvc.exe [1/19/2013 3:51 PM 1051088]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys --> c:windowssystem32driversAmbfilt.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:windowssystem32driverslgandbus.sys [12/7/2010 1:22 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:windowssystem32driverslganddiag.sys [12/7/2010 1:23 PM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:windowssystem32driverslgandgps.sys [12/7/2010 1:23 PM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:windowssystem32driverslgandmodem.sys [12/7/2010 1:23 PM 25088]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:windowssystem32driverslgandnetdiag.sys [2/23/2011 2:05 AM 23168]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:windowssystem32driverslgandnetgps.sys [2/23/2011 2:05 AM 22272]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:windowssystem32driverslgandnetmodem.sys [2/23/2011 2:05 AM 28032]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:windowssystem32driverslgandnetndis.sys [2/23/2011 2:05 AM 70016]
S3 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:program filesIObitAdvanced SystemCare UltimateASCAvSvc.exe [1/19/2013 3:51 PM 621008]
S3 BS_DEF;BS_DEF;c:program filesASUSAsusUpdateBS_DEF.sys [2/20/2011 1:36 AM 13312]
S3 esgiguard;esgiguard;c:program filesEnigma Software GroupSpyHunteresgiguard.sys [5/6/2011 4:57 PM 13904]
S3 EsgScanner;EsgScanner;c:windowssystem32driversEsgScanner.sys [6/22/2012 12:01 PM 19984]
S3 FileMonitor;FileMonitor;c:program filesIObitIObit Malware FighterDriverswxp_x86FileMonitor.sys [1/19/2013 3:40 PM 246816]
S3 FLPService;File Lock Pro Service;c:program filesFileLockPROFLPService.exe [12/30/2012 1:49 PM 245736]
S3 IMFservice;IMF Service;c:program filesIObitIObit Malware FighterIMFsrv.exe [1/19/2013 3:40 PM 821592]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:program filesTP-LINKQSSjswpsapi.exe [2/19/2011 10:27 AM 360529]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:program filesMicrosoft Fix it CenterMatsvc.exe [6/13/2011 10:09 PM 267568]
S3 NAUpdate;@c:program filesNeroUpdateNASvc.exe,-200;c:program filesNeroUpdateNASvc.exe [5/4/2010 12:07 PM 503080]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:program fileseEye Digital SecurityRetina Wireless ScannerPCANDIS5_WIFISCAN.SYS [6/3/2004 12:28 PM 22131]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [2/19/2011 12:16 PM 86216]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:program filesRealNetworksRealDownloaderrndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S3 RegFilter;RegFilter;c:program filesIObitIObit Malware FighterDriverswxp_x86RegFilter.sys [1/19/2013 3:40 PM 30408]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:program filesSpybot - Search & Destroy 2SDFSSvc.exe [12/1/2012 10:02 AM 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:program filesSpybot - Search & Destroy 2SDUpdSvc.exe [12/1/2012 10:02 AM 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:program filesSpybot - Search & Destroy 2SDWSCSvc.exe [12/1/2012 10:02 AM 168384]
S3 SpyHunter 4 Service;SpyHunter 4 Service;c:progra~1ENIGMA~1SPYHUN~1SH4SER~1.EXE [10/8/2012 7:21 PM 766400]
S3 SystemExplorerHelpService;System Explorer Service;c:program filesSystem ExplorerserviceSystemExplorerService.exe [1/19/2013 8:50 PM 567256]
S3 UrlFilter;UrlFilter;c:program filesIObitIObit Malware FighterDriverswxp_x86UrlFilter.sys [1/19/2013 3:40 PM 16248]
S3 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe [11/4/2012 8:46 PM 711112]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 23:35 1606760 ----a-w- c:program filesGoogleChromeApplication24.0.1312.52Installersetup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-20 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2011-11-20 00:36]
.
2013-01-20 c:windowsTasksASC6_PerformanceMonitor.job
- c:program filesIObitAdvanced SystemCare UltimateMonitor.exe [2013-01-19 18:21]
.
2013-01-20 c:windowsTasksavast! Emergency Update.job
- c:program filesAVAST SoftwareAvastAvastEmUpdate.exe [2012-07-07 22:50]
.
2013-01-20 c:windowsTasksGlaryInitialize.job
- c:program filesGlary Utilitiesinitialize.exe [2013-01-06 06:22]
.
2013-01-20 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2012-04-22 13:57]
.
2013-01-20 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2012-04-22 13:57]
.
2013-01-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job
- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-02-13 23:43]
.
2013-01-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job
- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-02-13 23:43]
.
2013-01-20 c:windowsTasksPC Performer Manager.job
- c:windowssystem32sc.exe [2006-02-28 10:39]
.
2012-12-29 c:windowsTasksRealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealNetworksRealDownloaderrecordingmanager.exe [2012-11-30 01:33]
.
2013-01-20 c:windowsTasksRealDownloaderRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealNetworksRealDownloaderrealupgrade.exe [2012-11-30 01:31]
.
2013-01-14 c:windowsTasksRealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealNetworksRealDownloaderrealupgrade.exe [2012-11-30 01:31]
.
2013-01-20 c:windowsTasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-20 c:windowsTasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-20 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-20 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-14 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-15 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-20 c:windowsTasksSmartDefragUpdate.job
- c:program filesIObitSmart Defrag 2AutoUpdate.exe [2012-11-05 16:06]
.
2013-01-19 c:windowsTasksUser_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 09:31]
.
2013-01-20 c:windowsTasksWindows Codec Update Service.job
- c:program filesEssentials Codec PackWECPUpdate.exe [2011-02-27 10:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 101.1.230.1 208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program filesCommon FilesAVG Secure SearchViProtocolInstaller13.2.0ViProtocol.dll
FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2012-12-16 15:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-19 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:program filesCheckPointZAForceFieldTrustChecker
FF - ExtSQL: 2012-12-26 18:30; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:documents and settingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt
FF - ExtSQL: 2013-01-19 15:51; ascsurfingprotection@iobit.com; c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultextensionsascsurfingprotection@iobit.com
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543
FF - user.js: extensions.funmoods.id - 74EA3A945BD0187A
FF - user.js: extensions.funmoods.instlDay - 15666
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543&q=
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:45
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Utility Chest Search Scope Monitor - c:progra~1UTILIT~2bar1.bin49srchmn.exe
MSConfigStartUp-UtilityChest_49 Browser Plugin Loader - c:progra~1UTILIT~2bar1.bin49brmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-20 12:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERSS-1-5-21-1644491937-1767777339-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
@Allowed: (Read) (RestrictedCode)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,6c,c6,4c,b2,c5,c7,4f,b1,0d,2c,
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,6c,c6,4c,b2,c5,c7,4f,b1,0d,2c,
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,6c,c6,4c,b2,c5,c7,4f,b1,0d,2c,
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1520)
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3552)
c:windowssystem32WININET.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2013-01-20 12:26:16
ComboFix-quarantined-files.txt 2013-01-20 17:26
ComboFix2.txt 2013-01-20 00:51
.
Pre-Run: 115,194,478,592 bytes free
Post-Run: 115,365,195,776 bytes free
.
- - End Of File - - 5114DDFBBAE10AB9AF0EDDB4C4A7A4B2

Link to comment
Share on other sites

OK... a couple of things.

 

You have two anti Virus programs running. That's a bad thing. They will interfere with each other so neither works correctly. Personally, I won't have anything by IoBit on my system so I would remove Advanced system care and keep AVAST!. But it's your computer so it's your choice... but you must uninstall one of them.

 

Also...

 

It appears that you ran Combofix twice. I'd like to see what it did on the first run. Please look on your computer called C:Qoobox. In that folder should be a file called ComboFix2.txt. If you double click on that file it should open in notepad. Then copy and past the results here please.

Link to comment
Share on other sites

I am only running ADVANCE SYSTEM CARE for another reason not for the anti virus part I forgot that it was still running MY reg antivirus is avast or AVG I switch when I think one is not doing the job so I might be switching. here is the first run ..

 

 

ComboFix 13-01-17.04 - Administrator 01/19/2013 19:27:00.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1427 [GMT -5:00]Running from: c:documents and settingsAdministratorDesktopComboFix.exeAV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}.ADS - system32: deleted 12 bytes in 1 streams. ADS - WINDOWS: deleted 24 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:documents and settingsAdministratorApplication DataPriceGongc:documents and settingsAdministratorApplication DataPriceGongData1.txtc:documents and settingsAdministratorApplication DataPriceGongData2229.txtc:documents and settingsAdministratorApplication DataPriceGongData4489.txtc:documents and settingsAdministratorApplication DataPriceGongDataa.txtc:documents and settingsAdministratorApplication DataPriceGongDatab.txtc:documents and settingsAdministratorApplication DataPriceGongDatac.txtc:documents and settingsAdministratorApplication DataPriceGongDatad.txtc:documents and settingsAdministratorApplication DataPriceGongDatae.txtc:documents and settingsAdministratorApplication DataPriceGongDataf.txtc:documents and settingsAdministratorApplication DataPriceGongDatag.txtc:documents and settingsAdministratorApplication DataPriceGongDatah.txtc:documents and settingsAdministratorApplication DataPriceGongDatai.txtc:documents and settingsAdministratorApplication DataPriceGongDataj.txtc:documents and settingsAdministratorApplication DataPriceGongDatak.txtc:documents and settingsAdministratorApplication DataPriceGongDatal.txtc:documents and settingsAdministratorApplication DataPriceGongDatam.txtc:documents and settingsAdministratorApplication DataPriceGongDatamru.xmlc:documents and settingsAdministratorApplication DataPriceGongDatan.txtc:documents and settingsAdministratorApplication DataPriceGongDatao.txtc:documents and settingsAdministratorApplication DataPriceGongDatap.txtc:documents and settingsAdministratorApplication DataPriceGongDataq.txtc:documents and settingsAdministratorApplication DataPriceGongDatar.txtc:documents and settingsAdministratorApplication DataPriceGongDatas.txtc:documents and settingsAdministratorApplication DataPriceGongDatat.txtc:documents and settingsAdministratorApplication DataPriceGongDatau.txtc:documents and settingsAdministratorApplication DataPriceGongDatav.txtc:documents and settingsAdministratorApplication DataPriceGongDataw.txtc:documents and settingsAdministratorApplication DataPriceGongDatax.txtc:documents and settingsAdministratorApplication DataPriceGongDatay.txtc:documents and settingsAdministratorApplication DataPriceGongDataz.txtc:documents and settingsAdministratorLocal SettingsApplication DataSavings Sidekickc:documents and settingsAll UsersApplication DataTEMPc:program filesDictionaryBossbarc:program filesDictionaryBossbarMessageCOMMON8_step1.gifc:program filesDictionaryBossbarMessageCOMMONindex.htmc:program filesDictionaryBossbarMessageCOMMONrebut4b.htmc:program filesDictionaryBossbarMessageCOMMONshield.pngc:program filesDictionaryBossEIc:program filesSavings Sidekickc:program filesUtilityChest_49bar1.bin49SRcas.dllc:program filesWinPCapc:windowssystem32Cachec:windowssystem32Cache272512937d9e61a4.fbc:windowssystem32Cache287204568329e189.fbc:windowssystem32Cache28bc8f716fd76a47.fbc:windowssystem32Cache2c53092c95605355.fbc:windowssystem32Cache31a0997e9a5b5eb3.fbc:windowssystem32Cache32c84fe32bb74d60.fbc:windowssystem32Cache3917078cb68ec657.fbc:windowssystem32Cache590ba23ce359fd0c.fbc:windowssystem32Cache610289e025a3ee9a.fbc:windowssystem32Cache651c5d3cdbfb8bd1.fbc:windowssystem32Cache6c59ac5e7e7a3ad0.fbc:windowssystem32Cache6d03dad1035885d3.fbc:windowssystem32Cachea8556537add6dfc5.fbc:windowssystem32Cacheab7a19ed19b8e1d9.fbc:windowssystem32Cachead10a52aff5e038d.fbc:windowssystem32Cachec1fa887b03019701.fbc:windowssystem32Cachec4d28dca2e7648be.fbc:windowssystem32Cached201ef9910cd39de.fbc:windowssystem32Cached2e94710a5708128.fbc:windowssystem32Cached79b9dfe81484ec4.fbc:windowssystem32Cached898ff7c31a85632.fbc:windowssystem32Cachee0de16f883bea794.fbc:windowssystem32Cachef998975c9cc711ee.fbc:windowssystem32reghmf.exec:windowssystem32SET90.tmpc:windowssystem32SET9B.tmpc:windowssystem32SET9F.tmpc:windowssystem32SETA1.tmpc:windowssystem32SETA3.tmpc:windowssystem32SETA8.tmpc:windowssystem32SETAE.tmpc:windowssystem32SETC8.tmpc:windowssystem32SETCD.tmpc:windowssystem32URTTempc:windowssystem32URTTempfusion.dllc:windowssystem32URTTempmscoree.dllc:windowssystem32URTTempmscorsn.dllc:windowssystem32URTTempmscorwks.dllc:windowssystem32URTTempmsvcr71.dllc:windowssystem32URTTempregtlib.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------Legacy_TELEVISIONFANATICSERVICE..((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))..2013-01-20 00:42 . 2013-01-20 00:42 -------- d---a-w- c:documents and settingsAll UsersApplication DataTEMP2013-01-19 22:09 . 2013-01-19 22:10 -------- d-----w- c:program filesERUNT2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{D76294E6-03B8-4971-AF2E-3F846161A690}2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAdministratorAppData2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}2013-01-19 20:29 . 2013-01-19 20:32 -------- d-----w- c:program filesSpywareBlaster2013-01-19 20:03 . 2013-01-19 20:25 -------- d-----w- c:program filesEmsisoft HiJackFree2013-01-19 13:12 . 2013-01-19 13:12 -------- d-----w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com2013-01-19 13:12 . 2013-01-19 13:12 -------- d-----w- c:documents and settingsAdministratorApplication DataSUPERAntiSpyware.com2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconF7A21AF7.exe2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconD7F16134.exe2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconCF33A0CE.exe2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- C:sh4ldr2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- c:program filesEnigma Software Group2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- c:windowsDDABC66756B3412282B02F5782EA2F9A.TMP2013-01-19 00:33 . 2012-12-16 12:23 290560 -c----w- c:windowssystem32dllcacheatmfd.dll2013-01-19 00:32 . 2012-11-01 12:17 630272 -c----w- c:windowssystem32dllcachemsfeeds.dll2013-01-19 00:32 . 2012-11-01 12:17 55296 -c----w- c:windowssystem32dllcachemsfeedsbs.dll2013-01-19 00:32 . 2012-11-01 12:17 247808 -c----w- c:windowssystem32dllcacheieproxy.dll2013-01-19 00:32 . 2012-11-01 12:17 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll2013-01-19 00:32 . 2012-11-01 12:17 2000384 -c----w- c:windowssystem32dllcacheiertutil.dll2013-01-19 00:32 . 2012-11-01 12:17 12800 -c----w- c:windowssystem32dllcachexpshims.dll2013-01-19 00:32 . 2012-11-01 12:17 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll2013-01-19 00:32 . 2012-11-01 12:17 11111424 -c----w- c:windowssystem32dllcacheieframe.dll2013-01-19 00:26 . 2012-07-04 14:05 139784 -c----w- c:windowssystem32dllcacherdpwd.sys2013-01-19 00:19 . 2011-07-15 13:29 456320 -c----w- c:windowssystem32dllcachemrxsmb.sys2013-01-19 00:18 . 2011-07-08 14:02 10496 -c----w- c:windowssystem32dllcachendistapi.sys2013-01-19 00:18 . 2011-04-21 13:37 105472 -c----w- c:windowssystem32dllcachemup.sys2013-01-19 00:17 . 2011-03-11 14:10 471552 -c----w- c:windowssystem32dllcacheaclayers.dll2013-01-19 00:08 . 2010-11-02 15:17 40960 -c----w- c:windowssystem32dllcachendproxy.sys2013-01-19 00:08 . 2010-10-11 14:59 45568 -c----w- c:windowssystem32dllcachewab.exe2013-01-19 00:07 . 2010-08-16 08:45 590848 -c----w- c:windowssystem32dllcacherpcrt4.dll2013-01-19 00:06 . 2011-02-08 13:33 978944 -c----w- c:windowssystem32dllcachemfc42.dll2013-01-19 00:06 . 2010-09-18 06:53 953856 -c----w- c:windowssystem32dllcachemfc40u.dll2013-01-18 23:51 . 2010-08-23 16:12 617472 -c----w- c:windowssystem32dllcachecomctl32.dll2013-01-18 23:48 . 2010-06-30 20:38 369664 -c----w- c:windowssystem32dllcacheasp51.dll2013-01-18 23:48 . 2010-07-27 06:35 257024 -c----w- c:windowssystem32dllcacheinfocomm.dll2013-01-18 23:48 . 2010-06-18 13:36 3558912 -c----w- c:windowssystem32dllcachemoviemk.exe2013-01-18 23:47 . 2010-03-05 18:45 456704 -c----w- c:windowssystem32dllcachesmtpsvc.dll2013-01-18 23:47 . 2010-06-14 14:31 744448 -c----w- c:windowssystem32dllcachehelpsvc.exe2013-01-18 23:42 . 2010-08-27 08:02 119808 -c----w- c:windowssystem32dllcachet2embed.dll2013-01-18 23:42 . 2009-10-15 16:28 81920 -c----w- c:windowssystem32dllcachefontsub.dll2013-01-18 23:37 . 2009-06-21 21:44 153088 -c----w- c:windowssystem32dllcachetriedit.dll2013-01-18 23:31 . 2009-05-21 18:46 268288 -c----w- c:windowssystem32dllcachehttpext.dll2013-01-18 23:30 . 2009-03-06 14:22 284160 -c----w- c:windowssystem32dllcachepdh.dll2013-01-18 23:30 . 2009-02-09 12:10 473600 -c----w- c:windowssystem32dllcachefastprox.dll2013-01-18 23:30 . 2009-02-09 12:10 401408 -c----w- c:windowssystem32dllcacherpcss.dll2013-01-18 23:30 . 2009-02-06 11:11 110592 -c----w- c:windowssystem32dllcacheservices.exe2013-01-18 23:30 . 2012-08-21 13:33 2148864 -c----w- c:windowssystem32dllcachentkrnlmp.exe2013-01-18 23:30 . 2010-12-20 17:26 730112 -c----w- c:windowssystem32dllcachelsasrv.dll2013-01-18 23:30 . 2010-12-09 15:15 718336 -c----w- c:windowssystem32dllcachentdll.dll2013-01-18 23:30 . 2009-02-09 12:10 617472 -c----w- c:windowssystem32dllcacheadvapi32.dll2013-01-18 23:30 . 2009-02-09 12:10 453120 -c----w- c:windowssystem32dllcachewmiprvsd.dll2013-01-18 23:30 . 2009-02-06 10:10 227840 -c----w- c:windowssystem32dllcachewmiprvse.exe2013-01-18 23:30 . 2012-08-21 13:29 2192896 -c----w- c:windowssystem32dllcachentoskrnl.exe2013-01-18 23:30 . 2012-08-21 12:58 2027520 -c----w- c:windowssystem32dllcachentkrpamp.exe2013-01-18 23:29 . 2010-07-12 12:55 218112 -c----w- c:windowssystem32dllcachewordpad.exe2013-01-18 23:28 . 2008-08-28 07:46 74752 -c----w- c:windowssystem32dllcachemsw3prt.dll2013-01-18 23:28 . 2008-08-28 07:46 104960 -c----w- c:windowssystem32dllcachewin32spl.dll2013-01-18 23:28 . 2008-05-01 14:33 331776 -c----w- c:windowssystem32dllcachemsadce.dll2013-01-18 23:27 . 2008-06-13 11:05 272128 -c----w- c:windowssystem32dllcachebthport.sys2013-01-18 23:27 . 2008-05-08 14:02 203136 -c----w- c:windowssystem32dllcachermcast.sys2013-01-18 17:37 . 2012-11-06 02:01 1371648 -c----w- c:windowssystem32dllcachemsxml6.dll2013-01-18 17:37 . 2008-04-14 03:57 79872 -c----w- c:windowssystem32dllcachemsxml6r.dll2013-01-18 17:35 . 2008-04-14 10:42 294912 ------w- c:program filesWindows Media Playerdlimport.exe2013-01-18 17:35 . 2008-04-14 10:42 294912 -c----w- c:windowssystem32dllcachedlimport.exe2013-01-18 02:28 . 2006-02-28 12:00 79872 -c--a-w- c:windowssystem32dllcacherwia330.dll2013-01-18 02:27 . 2006-02-28 12:00 10129408 -c--a-w- c:windowssystem32dllcachehwxkor.dll2013-01-18 02:22 . 2006-02-28 12:00 7680 -c--a-w- c:windowssystem32dllcacheinetmgr.exe2013-01-18 02:03 . 2006-02-28 12:00 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll2013-01-18 02:03 . 2006-02-28 12:00 24661 ----a-w- c:windowssystem32spxcoins.dll2013-01-18 02:03 . 2006-02-28 12:00 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll2013-01-18 02:03 . 2006-02-28 12:00 13312 ----a-w- c:windowssystem32irclass.dll2013-01-18 00:08 . 2006-02-28 12:00 16384 -c--a-w- c:windowssystem32dllcacheisignup.exe2013-01-18 00:08 . 2006-02-28 12:00 16384 ----a-w- c:program filesInternet ExplorerConnection Wizardisignup.exe2013-01-17 03:10 . 2013-01-17 03:10 -------- d-----w- c:documents and settingsAdministratorApplication DataEFSoftware2013-01-17 03:09 . 2013-01-17 03:09 -------- d-----w- c:program filesEF Process Manager2013-01-15 04:23 . 2013-01-15 04:25 -------- d-----w- c:documents and settingsAdministratorApplication DataFreshDiagnose2013-01-15 03:32 . 2013-01-15 03:32 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll2013-01-15 02:17 . 2013-01-15 02:17 -------- d-----w- c:program filesAGEIA Technologies2013-01-15 02:16 . 2013-01-15 02:16 -------- d-----w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation2013-01-15 02:16 . 2013-01-15 02:16 -------- d-----w- c:documents and settingsUpdatusUser2013-01-15 02:15 . 2013-01-18 02:13 1075220 ----a-w- c:windowssystem32nvdrsdb1.bin2013-01-15 02:15 . 2013-01-18 02:13 1 ----a-w- c:windowssystem32nvdrssel.bin2013-01-15 02:15 . 2013-01-18 02:13 1075220 ----a-w- c:windowssystem32nvdrsdb0.bin2013-01-15 02:14 . 2012-07-03 15:25 28008 ----a-w- c:windowssystem32nvhdap32.dll2013-01-15 02:14 . 2012-07-03 15:25 124264 ----a-w- c:windowssystem32driversnvhda32.sys2013-01-15 02:14 . 2012-07-03 07:37 884072 ----a-w- c:windowssystem32nvhdagenco3220103.dll2013-01-15 02:14 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll2013-01-15 02:14 . 2012-12-29 10:31 7716864 ----a-w- c:windowssystem32nvcuda.dll2013-01-15 02:14 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll2013-01-15 02:14 . 2012-12-29 10:31 2725304 ----a-w- c:windowssystem32nvcuvid.dll2013-01-15 02:14 . 2012-12-29 10:31 1985976 ----a-w- c:windowssystem32nvcuvenc.dll2013-01-15 02:14 . 2012-12-29 10:31 19570688 ----a-w- c:windowssystem32nvoglnt.dll2013-01-14 19:47 . 2006-02-28 12:00 9216 -c--a-w- c:windowssystem32dllcachewamps51.dll2013-01-14 19:46 . 2013-01-14 19:46 -------- d-----w- c:windowssystem32msmq2013-01-14 19:06 . 2008-11-07 23:55 16928 ----a-w- c:windowssystem32spmsgXP_2k3.dll2013-01-14 18:57 . 2013-01-14 18:57 -------- d-----w- c:windowssystem32wbemRepository2013-01-14 18:56 . 2013-01-14 18:56 -------- d-----w- c:documents and settingsAdministratorApplication DataWireshark2013-01-14 18:54 . 2013-01-14 18:54 -------- d-----w- c:documents and settingsAll UsersApplication DataIBUpdaterService2013-01-14 18:51 . 2013-01-14 18:51 -------- d-----w- c:program filesBadaboom2013-01-14 18:51 . 2013-01-14 18:51 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataBadaboom2013-01-14 18:51 . 2013-01-19 15:18 -------- d-----w- c:program filesCommViewWiFi2013-01-14 18:49 . 2013-01-14 18:50 -------- d-----w- c:program filesvReveal2013-01-14 18:49 . 2013-01-14 18:49 -------- d-----w- c:windowssystem32EVGA2013-01-14 13:46 . 2013-01-14 18:54 -------- d-----w- c:program filesCoupon Companion Plugin2013-01-14 05:30 . 2013-01-14 18:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataPokki2013-01-14 05:27 . 2013-01-14 05:27 -------- d-----w- c:documents and settingsAdministratorApplication DataAPP_NAME_NON_STRING2013-01-14 05:26 . 2013-01-14 18:54 -------- d-----w- c:program filesPDF Architect2013-01-14 05:25 . 2013-01-14 18:54 -------- d-----w- c:program filesPDFCreator(2)2013-01-12 02:46 . 2013-01-12 02:46 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataDeployment2013-01-12 02:36 . 2013-01-12 02:36 -------- d-----w- c:documents and settingsAdministratorApplication DataMotionDSP2013-01-12 02:28 . 2013-01-12 02:28 -------- d-----w- c:documents and settingsAdministratorApplication DataNVIDIA2013-01-12 02:06 . 2013-01-14 18:55 -------- d-----w- c:program filesZOTAC FireStorm2013-01-11 18:29 . 2008-04-14 10:42 23040 ----a-w- c:windowssystem32ativmvxx.ax2013-01-11 18:29 . 2008-04-14 10:41 32768 ----a-w- c:windowssystem32ativtmxx.dll2013-01-11 18:29 . 2008-04-14 10:42 9728 ----a-w- c:windowssystem32ativdaxx.ax2013-01-11 18:29 . 2004-08-04 03:29 63488 ----a-w- c:windowssystem32driversatinxsxx.sys2013-01-11 18:29 . 2004-08-04 03:29 31744 ----a-w- c:windowssystem32driversatinxbxx.sys2013-01-11 18:29 . 2004-08-04 03:29 73216 ----a-w- c:windowssystem32driversatintuxx.sys2013-01-11 18:29 . 2004-08-04 03:29 13824 ----a-w- c:windowssystem32driversatinttxx.sys2013-01-11 18:29 . 2004-08-04 03:29 28672 ----a-w- c:windowssystem32driversatinsnxx.sys2013-01-11 18:29 . 2004-08-04 03:29 104960 ----a-w- c:windowssystem32driversatinrvxx.sys2013-01-11 18:29 . 2004-08-04 03:29 52224 ----a-w- c:windowssystem32driversatinraxx.sys2013-01-11 18:29 . 2004-08-04 03:29 14336 ----a-w- c:windowssystem32driversatinpdxx.sys..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-01-18 02:16 . 2011-03-27 07:00 16400 ----a-w- c:windowssystem32driversLNonPnP.sys2013-01-16 03:32 . 2012-02-04 14:22 106296 ----a-w- c:windowssystem32driversjraid.sys2013-01-16 03:20 . 2012-10-27 17:11 53248 ----a-w- c:windowssystem32CSVer.dll2013-01-15 03:31 . 2011-06-12 07:37 143872 ----a-w- c:windowssystem32javacpl.cpl2013-01-15 03:31 . 2011-12-31 00:02 859552 ----a-w- c:windowssystem32npdeployJava1.dll2013-01-15 03:31 . 2011-02-28 19:05 780192 ----a-w- c:windowssystem32deployJava1.dll2013-01-09 00:36 . 2011-11-20 06:55 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-01-09 00:36 . 2011-03-14 06:11 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2012-12-29 10:31 . 2011-12-26 17:19 1017272 ----a-w- c:windowssystem32nvdispco32.dll2012-12-29 10:31 . 2011-07-03 12:52 2448384 ----a-w- c:windowssystem32nvapi.dll2012-12-29 10:31 . 2011-07-03 12:52 17551360 ----a-w- c:windowssystem32nvcompiler.dll2012-12-29 10:31 . 2011-02-19 06:13 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys2012-12-29 10:31 . 2011-02-19 06:13 4154752 ----a-w- c:windowssystem32nv4_disp.dll2012-12-29 08:07 . 2011-01-08 00:58 54272 ----a-w- c:windowssystem32nvwddi.dll2012-12-29 08:07 . 2011-01-08 00:58 157112 ----a-w- c:windowssystem32nvsvc32.exe2012-12-29 08:07 . 2011-01-08 00:58 15635896 ----a-w- c:windowssystem32nvcpl.dll2012-12-29 08:07 . 2011-01-08 00:58 108984 ----a-w- c:windowssystem32nvmctray.dll2012-12-29 08:07 . 2011-01-08 00:58 144312 ----a-w- c:windowssystem32nvcolor.exe2012-12-26 23:28 . 2003-02-21 09:42 348160 ----a-w- c:windowssystem32msvcr71.dll2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:windowssystem32atmfd.dll2012-12-14 21:49 . 2012-08-21 23:42 21104 ----a-w- c:windowssystem32driversmbam.sys2012-12-01 02:27 . 2012-03-26 13:27 181064 ----a-w- c:windowsPSEXESVC.EXE2012-11-13 01:25 . 2006-02-28 12:00 1866368 ----a-w- c:windowssystem32win32k.sys2012-11-11 06:47 . 2012-11-11 06:47 53248 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe2012-11-06 02:01 . 2008-08-30 01:06 1371648 ----a-w- c:windowssystem32msxml6.dll2012-11-05 01:46 . 2012-09-29 18:55 26984 ----a-w- c:windowssystem32driversavgtpx86.sys2012-11-02 02:02 . 2006-02-28 12:00 375296 ----a-w- c:windowssystem32dpnet.dll2012-11-01 12:17 . 2006-02-28 12:00 916992 ----a-w- c:windowssystem32wininet.dll2012-11-01 12:17 . 2006-02-28 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll2012-11-01 12:17 . 2006-02-28 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl2012-11-01 00:35 . 2006-02-28 12:00 385024 ----a-w- c:windowssystem32html.iec2012-10-30 22:51 . 2012-04-22 16:36 361032 ----a-w- c:windowssystem32driversaswSP.sys2012-10-30 22:51 . 2012-04-22 16:36 35928 ----a-w- c:windowssystem32driversaswRdr.sys2012-10-30 22:51 . 2012-04-22 16:35 54232 ----a-w- c:windowssystem32driversaswTdi.sys2012-10-30 22:51 . 2012-04-22 16:35 738504 ----a-w- c:windowssystem32driversaswSnx.sys2012-10-30 22:51 . 2012-04-22 16:35 97608 ----a-w- c:windowssystem32driversaswmon2.sys2012-10-30 22:51 . 2012-04-22 16:35 89752 ----a-w- c:windowssystem32driversaswmon.sys2012-10-30 22:51 . 2012-04-22 16:36 21256 ----a-w- c:windowssystem32driversaswFsBlk.sys2012-10-30 22:51 . 2012-04-22 16:35 25256 ----a-w- c:windowssystem32driversaavmker4.sys2012-10-30 22:51 . 2012-04-22 16:34 41224 ----a-w- c:windowsavastSS.scr2012-10-30 22:50 . 2012-04-22 16:34 227648 ----a-w- c:windowssystem32aswBoot.exe2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:windowssystem32QuickTime.qts2012-12-01 15:52 . 2012-12-01 15:52 262112 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]2012-11-09 01:14 1796552 ----a-w- c:program filesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]"{59509308-4e15-4619-8e8d-0154e1588cdd}"= "c:program filesphotopostbphotoposDx.dll" [2012-06-07 86736]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program filesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll" [2012-11-09 1796552].[HKEY_CLASSES_ROOTclsid{59509308-4e15-4619-8e8d-0154e1588cdd}].[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOTAVG Secure Search.PugiObj].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]2012-10-30 22:50 121528 ----a-w- c:program filesAVAST SoftwareAvastashShell.dll.[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Advanced SystemCare Ultimate"="c:program filesIObitAdvanced SystemCare UltimateASCTray.exe" [2012-11-07 512384].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136]"ISW"="c:program filesCheckPointZAForceFieldForceField.exe" [2012-11-02 738984]"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2012-11-08 73392]"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2012-12-29 15635896].[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASSEH.DLL" [2013-01-19 113024].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]2010-10-28 10:13 64592 ----a-w- c:program filesCommon FilesLogishrdBluetoothLBTWLgn.dll.[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]BootExecute REG_MULTI_SZ autocheck autochk /p ??C:.[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau.[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]@="".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIMFservice]@="Service".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]@="".[HKLM~startupfolderC:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]path=c:documents and settingsAdministratorStart MenuProgramsStartupERUNT AutoBackup.lnkbackup=c:windowspssERUNT AutoBackup.lnkStartup.[HKLM~startupfolderC:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]path=c:documents and settingsAdministratorStart MenuProgramsStartupLogitech . Product Registration.lnkbackup=c:windowspssLogitech . Product Registration.lnkStartup.[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]backup=c:windowspssBDARemote.lnkCommon Startup.[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]backup=c:windowspssLogitech SetPoint.lnkCommon Startup.[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]backup=c:windowspssMcAfee Security Scan Plus.lnkCommon Startup.[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]backup=c:windowspssRalink Wireless Utility.lnkCommon Startup.[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]backup=c:windowspssWindows Search.lnkCommon Startup.[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk]backup=c:windowspssCanon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnkStartup.[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]backup=c:windowspssHughesNetStatusMeter.lnkStartup.[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]path=c:documents and settingsROBBYStart MenuProgramsStartupLogitech . Product Registration.lnkbackup=c:windowspssLogitech . Product Registration.lnkStartup.[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk]backup=c:windowspssTimeLeft.lnkStartupHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed LauncherHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdvanced SystemCare 3HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdvanced SystemCare 4HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdvanced SystemCare 5HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdvanced SystemCare 6HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregApnUpdaterHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDATAMNGRHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDictionaryBoss Browser Plugin LoaderHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDriverMaxHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDriverMax_RESTARTHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEarthAlertsHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEasyLinkAdvisorHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHughesNet Download Manager.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]c:windowssystem32dumprep 0 -k [X]HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMicrosoft Default ManagerHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSN ToolbarHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmsnmsgrHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmyweatherHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnTrayFwHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNVRaidServiceHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOpwareSE4HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPCShowServerHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRadioRage Search Scope MonitorHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRadioRage_4j Browser Plugin LoaderHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregResChanger 2005HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregROC_roc_dec12HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregROC_ROC_NTHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimerHKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg*ForceDelete]2013-01-19 15:23 574677 ----a-w- c:documents and settingsAdministratorMy DocumentsDownloadsadwcleaner.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg36X Raid Configurer]2012-02-04 14:22 1953792 ----a-w- c:windowssystem32xRaidSetup.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]2012-12-18 19:08 946352 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdvanced SystemCare Ultimate]2012-11-07 20:50 512384 ----a-w- c:program filesIObitAdvanced SystemCare UltimateASCTray.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]2005-05-03 22:43 69632 ----a-r- c:windowsAlcmtr.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAnyDVD]2011-07-28 10:33 5242488 ----a-w- c:program filesSlySoftAnyDVDAnyDVDtray.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]2012-11-28 19:13 59280 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAROReminder]2010-01-20 18:51 2137600 ----a-w- c:program filesAdvanced Registry OptimizerARO.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAsusStartupHelp]2006-11-15 03:25 363008 ----a-w- c:program filesASUSAASP1.00.17AsRunHelp.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]2006-06-01 21:32 94208 ----a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBYR_AGENT]2012-12-10 04:43 392320 ----a-w- c:lgmobileupgradeLGMOBILEAXBYR_ClientVZWNotiAgent.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonMyPrinter]2007-04-04 01:50 1603152 ----a-w- c:program filesCanonMyPrinterBJMYPRT.EXE.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonSolutionMenu]2007-05-15 01:01 644696 ----a-w- c:program filesCanonSolutionMenuCNSLMAIN.EXE.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDTray]2009-01-29 22:20 57344 ----a-w- c:program filesSlySoftCloneCDCloneCDTray.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]2008-04-14 10:42 15360 ----a-w- c:windowssystem32ctfmon.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadManagerService]2011-05-18 20:52 94008 ----a-w- c:program filesVerizon Wirelessdistservicerunner.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW6]2011-06-08 14:45 822456 ----a-w- c:program filesThe Weather Channel FWDesktopDesktopWeather.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW7]2012-07-28 03:04 13003448 ----a-w- c:program filesThe Weather ChannelThe Weather Channel AppTWCApp.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEvtMgr6]2012-11-04 17:43 1851192 ----a-w- c:program filesLogitechSetPointPSetPoint.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFileHippo.com]2012-11-23 08:22 307712 ----a-w- c:program filesFileHippo.comUpdateChecker.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]2012-02-13 23:43 136176 ----atw- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInfo Center]2012-09-01 01:38 27328 ----a-w- c:program filesPCPitstopInfo CenterInfoCenter.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIObit Malware Fighter]2012-12-25 22:35 4474832 ----a-w- c:program filesIObitIObit Malware FighterIMF.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]2012-12-12 18:57 152544 ----a-w- c:program filesiTunesiTunesHelper.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregJMB36X IDE Setup]2013-01-16 03:32 43608 ----a-w- c:windowsRaidToolxInsIDE.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregjswtrayutil]2009-09-24 13:51 32871 ----a-w- c:program filesTP-LINKQSSjswtrayutil.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]2006-01-13 00:40 155648 ----a-w- c:program filesCommon FilesAheadLibNeroCheck.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]2012-12-29 08:07 15635896 ----a-w- c:windowssystem32nvcpl.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]2012-12-29 08:07 108984 ----a-w- c:windowssystem32nvmctray.dll.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]2012-12-29 10:31 1982312 ----a-w- c:program filesNVIDIA Corporationnviewnwiz.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Pitstop Optimize Reminder]2010-08-06 18:57 324848 ----a-w- c:program filesPCPitstopOptimize3Reminder-Optimize3.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Pitstop PC Matic Reminder]2012-11-15 18:58 325320 ----a-w- c:program filesPCPitstopPC MaticReminder-PCMatic.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]2012-10-25 08:12 421888 ----a-w- c:program filesQuickTimeQTTask.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRivaTunerStartupDaemon]2009-08-22 18:25 2781184 ----a-w- c:program filesRivaTuner v2.24 MSI Master Overclocking Arena 2009 editionRivaTuner.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregROC_roc_ssl_v12]2012-11-05 01:46 1020512 ----a-w- c:program filesAVG Secure SearchROC_roc_ssl_v12.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]2008-05-16 18:39 16862720 ----a-r- c:windowsRTHDCPL.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSDTray]2012-11-13 19:08 3825176 ----a-w- c:program filesSpybot - Search & Destroy 2SDTray.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]2007-11-20 22:15 1826816 ----a-r- c:windowsSkyTel.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSlimDrivers]2012-10-14 20:29 29378432 ----a-w- c:program filesSlimDriversSlimDrivers.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSolarWindsNetworkDeviceMonitor]2010-03-26 14:59 2441216 ----a-w- c:program filesSolarWindsNetwork Device MonitorUndpMonitor.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybot-S&D Cleaning]2012-11-13 19:07 3713032 ----a-w- c:program filesSpybot - Search & Destroy 2SDCleaner.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpyHunter Security Suite]2012-10-09 00:21 6286784 ----a-w- c:program filesEnigma Software GroupSpyHunterSpyHunter4.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]2011-05-04 17:59 252136 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]2013-01-19 14:00 4763008 ----a-w- c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSUPERANTISPYWARE.EXE.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynchronization Manager]2008-04-14 10:42 143360 ----a-w- c:windowssystem32mobsync.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]2012-12-26 23:28 295072 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTWCU]2010-05-21 18:55 561263 ----a-w- c:program filesTP-LINKTP-LINK Wireless Client UtilityTWCU.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUSBDetector]2003-04-01 15:33 53248 ----a-w- c:usbstorageUSBDetector.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUtility Chest Search Scope Monitor]2012-04-16 03:28 42536 ----a-w- c:progra~1UTILIT~2bar1.bin49SrchMn.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUtilityChest_49 Browser Plugin Loader]2012-04-16 03:28 30096 ----a-w- c:progra~1UTILIT~2bar1.bin49brmon.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregvProt]2012-11-09 01:14 997320 ----a-w- c:program filesAVG Secure Searchvprot.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWrtMon.exe]2006-09-20 12:35 20480 ----a-w- c:windowssystem32spooldriversw32x863WrtMon.exe.[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]"ctfmon.exe"=c:windowssystem32ctfmon.exe.[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup"TkBellExe"="c:program filesrealrealplayerupdaterealsched.exe" -osboot"QuickTime Task"="c:program filesQuickTimeqttask.exe" -atboottime.[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]"DisableMonitoring"=dword:00000001.[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]"EnableFirewall"= 0 (0x0).[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]"%windir%system32sessmgr.exe"="%windir%Network Diagnosticxpnetdiag.exe"="c:Program FilesOperaopera.exe"="c:Program FilesWindows LiveMessengerwlcsdk.exe"="c:Program FilesWindows LiveSyncWindowsLiveSync.exe"="c:Program FilesSpybot - Search & Destroy 2SDTray.exe"="c:Program FilesSpybot - Search & Destroy 2SDFSSvc.exe"="c:Program FilesSpybot - Search & Destroy 2SDUpdate.exe"="c:Program FilesSpybot - Search & Destroy 2SDUpdSvc.exe"=.[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management.R0 SmartDefragDriver;SmartDefragDriver;c:windowssystem32driversSmartDefragDriver.sys [12/29/2012 10:05 PM 14776]R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [4/22/2012 11:35 AM 738504]R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [4/22/2012 11:36 AM 361032]R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [9/29/2012 1:55 PM 26984]R1 HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;c:windowssystem32driversHMFAxCoreaed040d8b011ae0c1b8fadee8e6de745.sys [12/30/2012 1:49 PM 24064]R1 SASDIFSV;SASDIFSV;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASDIFSV.SYS [2/19/2011 12:41 PM 12880]R1 SASKUTIL;SASKUTIL;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASKUTIL.SYS [2/19/2011 12:41 PM 67664]R1 sbaphd;sbaphd;c:windowssystem32driverssbaphd.sys [6/30/2012 8:22 AM 21240]R2 !SASCORE;SAS Core Service;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASCORE.EXE [2/19/2011 12:41 PM 116608]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:program filesIObitAdvanced SystemCare UltimateASCSvc.exe [1/19/2013 3:51 PM 1051088]R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:program filesIObitAdvanced SystemCare UltimateASCAvSvc.exe [1/19/2013 3:51 PM 621008]R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [4/22/2012 11:36 AM 21256]R2 FLPService;File Lock Pro Service;c:program filesFileLockPROFLPService.exe [12/30/2012 1:49 PM 245736]R2 IMFservice;IMF Service;c:program filesIObitIObit Malware FighterIMFsrv.exe [1/19/2013 3:40 PM 821592]R2 jswpbapi;JumpStart Push-Button Service;c:program filesTP-LINKQSSjswpbapi.exe [2/19/2011 10:27 AM 188416]R2 LBeepKE;Logitech Beep Suppression Driver;c:windowssystem32driversLBeepKE.sys [3/27/2011 2:00 AM 12216]R2 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [2/19/2011 12:16 PM 86216]R2 Scutum50;Scutum50 NDIS Protocol Driver;c:windowssystem32driversScutum50.sys [12/26/2011 12:35 AM 19072]R2 SpyHunter 4 Service;SpyHunter 4 Service;c:progra~1ENIGMA~1SPYHUN~1SH4SER~1.EXE [10/8/2012 7:21 PM 766400]R3 AR9271;Wireless Network Adapter Service;c:windowssystem32driversathuw.sys [2/19/2011 3:22 AM 1714176]R3 Egatebus;Egatebus;c:windowssystem32driversegatebus.sys [5/19/2006 10:22 AM 15328]R3 Egaterdr;Egaterdr;c:windowssystem32driversegaterdr.sys [5/19/2006 10:22 AM 13440]R3 JSWSCIMD;jswscimd Service;c:windowssystem32driversjswscimd.sys [2/19/2011 10:27 AM 57440]R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [12/22/2012 7:30 PM 47360]S0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys --> c:windowssystem32DRIVERSLbd.sys [?]S2 UtilityChest_49Service;Utility ChestService;c:progra~1UTILIT~2bar1.bin49barsvc.exe [4/15/2012 10:28 PM 42504]S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys --> c:windowssystem32driversAmbfilt.sys [?]S3 Andbus;LGE Android Platform Composite USB Device;c:windowssystem32driverslgandbus.sys [12/7/2010 1:22 PM 14336]S3 AndDiag;LGE Android Platform USB Serial Port;c:windowssystem32driverslganddiag.sys [12/7/2010 1:23 PM 20736]S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:windowssystem32driverslgandgps.sys [12/7/2010 1:23 PM 20096]S3 ANDModem;LGE Android Platform USB Modem;c:windowssystem32driverslgandmodem.sys [12/7/2010 1:23 PM 25088]S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:windowssystem32driverslgandnetdiag.sys [2/23/2011 2:05 AM 23168]S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:windowssystem32driverslgandnetgps.sys [2/23/2011 2:05 AM 22272]S3 ANDNetModem;LGE AndroidNet USB Modem;c:windowssystem32driverslgandnetmodem.sys [2/23/2011 2:05 AM 28032]S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:windowssystem32driverslgandnetndis.sys [2/23/2011 2:05 AM 70016]S3 BS_DEF;BS_DEF;c:program filesASUSAsusUpdateBS_DEF.sys [2/20/2011 1:36 AM 13312]S3 esgiguard;esgiguard;c:program filesEnigma Software GroupSpyHunteresgiguard.sys [5/6/2011 4:57 PM 13904]S3 EsgScanner;EsgScanner;c:windowssystem32driversEsgScanner.sys [6/22/2012 12:01 PM 19984]S3 FileMonitor;FileMonitor;c:program filesIObitIObit Malware FighterDriverswxp_x86FileMonitor.sys [1/19/2013 3:40 PM 246816]S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:program filesTP-LINKQSSjswpsapi.exe [2/19/2011 10:27 AM 360529]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:program filesMicrosoft Fix it CenterMatsvc.exe [6/13/2011 10:09 PM 267568]S3 NAUpdate;@c:program filesNeroUpdateNASvc.exe,-200;c:program filesNeroUpdateNASvc.exe [5/4/2010 12:07 PM 503080]S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:program fileseEye Digital SecurityRetina Wireless ScannerPCANDIS5_WIFISCAN.SYS [6/3/2004 12:28 PM 22131]S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:program filesRealNetworksRealDownloaderrndlresolversvc.exe [11/29/2012 8:31 PM 38608]S3 RegFilter;RegFilter;c:program filesIObitIObit Malware FighterDriverswxp_x86RegFilter.sys [1/19/2013 3:40 PM 30408]S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:program filesSpybot - Search & Destroy 2SDFSSvc.exe [12/1/2012 10:02 AM 1103392]S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:program filesSpybot - Search & Destroy 2SDUpdSvc.exe [12/1/2012 10:02 AM 1369624]S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:program filesSpybot - Search & Destroy 2SDWSCSvc.exe [12/1/2012 10:02 AM 168384]S3 UrlFilter;UrlFilter;c:program filesIObitIObit Malware FighterDriverswxp_x86UrlFilter.sys [1/19/2013 3:40 PM 16248]S3 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe [11/4/2012 8:46 PM 711112].[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-01-14 23:35 1606760 ----a-w- c:program filesGoogleChromeApplication24.0.1312.52Installersetup.exe.Contents of the 'Scheduled Tasks' folder.2013-01-19 c:windowsTasksAdobe Flash Player Updater.job- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2011-11-20 00:36].2013-01-20 c:windowsTasksavast! Emergency Update.job- c:program filesAVAST SoftwareAvastAvastEmUpdate.exe [2012-07-07 22:50].2013-01-20 c:windowsTasksGlaryInitialize.job- c:program filesGlary Utilitiesinitialize.exe [2013-01-06 06:22].2013-01-20 c:windowsTasksGoogleUpdateTaskMachineCore.job- c:program filesGoogleUpdateGoogleUpdate.exe [2012-04-22 13:57].2013-01-19 c:windowsTasksGoogleUpdateTaskMachineUA.job- c:program filesGoogleUpdateGoogleUpdate.exe [2012-04-22 13:57].2013-01-19 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-02-13 23:43].2013-01-19 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-02-13 23:43].2013-01-20 c:windowsTasksPC Performer Manager.job- c:windowssystem32sc.exe [2006-02-28 10:39].2012-12-29 c:windowsTasksRealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealNetworksRealDownloaderrecordingmanager.exe [2012-11-30 01:33].2013-01-20 c:windowsTasksRealDownloaderRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealNetworksRealDownloaderrealupgrade.exe [2012-11-30 01:31].2013-01-14 c:windowsTasksRealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealNetworksRealDownloaderrealupgrade.exe [2012-11-30 01:31].2013-01-20 c:windowsTasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30].2013-01-20 c:windowsTasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30].2013-01-20 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-1003.job- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30].2013-01-20 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30].2013-01-14 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30].2013-01-15 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30].2013-01-20 c:windowsTasksSmartDefragUpdate.job- c:program filesIObitSmart Defrag 2AutoUpdate.exe [2012-11-05 16:06].2013-01-19 c:windowsTasksUser_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job- c:windowssystem32msfeedssync.exe [2009-03-08 09:31].2013-01-19 c:windowsTasksWindows Codec Update Service.job- c:program filesEssentials Codec PackWECPUpdate.exe [2011-02-27 10:06]..------- Supplementary Scan -------.uStart Page = hxxp://www.google

Edited by jackpot316
Link to comment
Share on other sites

I am only running ADVANCE SYSTEM CARE for another reason not for the anti virus part I forgot that it was still running MY reg antivirus is avast or AVG I switch when I think one is not doing the job so I might be switching.

But... having it running will interfere with your AVAST!. You need to uninstall it.

 

By the way... what trouble are you having with AVAST!? AVG used to be my favorite but I feel it got so bloated a couple of years ago that I quit using it and quit reccomending it. I use AVAST! on some systems and Microsoft Security Essentials on others. I guess I also have Avira on one system.

 

Anyhow... let's continue on:

 

COMBOFIX-Script

 

[*]Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

 

File::c:windowsDDABC66756B3412282B02F5782EA2F9A.TMPFireFox::FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultFF - user.js: extensions.funmoods.aflt - downloadFF - user.js: extensions.funmoods.autoRvrt - falseFF - user.js: extensions.funmoods.dfltLng -FF - user.js: extensions.funmoods.dfltSrch - trueFF - user.js: extensions.funmoods.dnsErr - trueFF - user.js: extensions.funmoods.envrmnt - productionFF - user.js: extensions.funmoods.excTlbr - falseFF - user.js: extensions.funmoods.hmpg - trueFF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543FF - user.js: extensions.funmoods.id - 74EA3A945BD0187AFF - user.js: extensions.funmoods.instlDay - 15666FF - user.js: extensions.funmoods.instlRef - downloadFF - user.js: extensions.funmoods.isdcmntcmplt - trueFF - user.js: extensions.funmoods.mntrvrsn - 1.3.0FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543FF - user.js: extensions.funmoods.prdct - funmoodsFF - user.js: extensions.funmoods.prtnrId - funmoodsFF - user.js: extensions.funmoods.srchPrvdr - SearchFF - user.js: extensions.funmoods.tlbrId - baseFF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyEyD0B0DtDtCzzyB0AtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=444623543&q=FF - user.js: extensions.funmoods.vrsn - 1.5.23.22FF - user.js: extensions.funmoods.vrsni - 1.5.23.22FF - user.js: extensions.funmoods_i.newTab - trueFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:45Driver::Lbd
[*]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

 

Posted Image

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Link to comment
Share on other sites

ComboFix 13-01-17.04 - Administrator 01/20/2013 23:40:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1255 [GMT -5:00]
Running from: c:documents and settingsAdministratorDesktopComboFix.exe
Command switches used :: c:documents and settingsAdministratorDesktopCFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:windowsDDABC66756B3412282B02F5782EA2F9A.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAll UsersApplication DataTEMP
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------Legacy_LBD
-------Service_Lbd
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-21 01:30 . 2013-01-21 01:44 -------- d-----w- c:program filesRegistryNuke 2012
2013-01-20 06:03 . 2013-01-20 06:03 -------- d-----w- c:program filesVS Revo Group
2013-01-20 01:51 . 2013-01-20 01:57 -------- d-----w- c:documents and settingsAll UsersApplication DataSystemExplorer
2013-01-20 01:50 . 2013-01-20 01:50 -------- d-----w- c:program filesSystem Explorer
2013-01-19 22:09 . 2013-01-19 22:10 -------- d-----w- c:program filesERUNT
2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAdministratorAppData
2013-01-19 20:51 . 2013-01-19 20:51 -------- d-----w- c:documents and settingsAll UsersApplication Data{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-01-19 20:29 . 2013-01-19 20:32 -------- d-----w- c:program filesSpywareBlaster
2013-01-19 20:03 . 2013-01-19 20:25 -------- d-----w- c:program filesEmsisoft HiJackFree
2013-01-19 13:12 . 2013-01-19 13:12 -------- d-----w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2013-01-19 13:12 . 2013-01-19 13:12 -------- d-----w- c:documents and settingsAdministratorApplication DataSUPERAntiSpyware.com
2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconF7A21AF7.exe
2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconD7F16134.exe
2013-01-19 08:33 . 2013-01-19 08:33 110080 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{DDABC667-56B3-4122-82B0-2F5782EA2F9A}IconCF33A0CE.exe
2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- C:sh4ldr
2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- c:program filesEnigma Software Group
2013-01-19 08:33 . 2013-01-19 08:33 -------- d-----w- c:windowsDDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-19 00:33 . 2012-12-16 12:23 290560 -c----w- c:windowssystem32dllcacheatmfd.dll
2013-01-19 00:32 . 2012-11-01 12:17 630272 -c----w- c:windowssystem32dllcachemsfeeds.dll
2013-01-19 00:32 . 2012-11-01 12:17 55296 -c----w- c:windowssystem32dllcachemsfeedsbs.dll
2013-01-19 00:32 . 2012-11-01 12:17 247808 -c----w- c:windowssystem32dllcacheieproxy.dll
2013-01-19 00:32 . 2012-11-01 12:17 521728 -c----w- c:windowssystem32dllcachejsdbgui.dll
2013-01-19 00:32 . 2012-11-01 12:17 2000384 -c----w- c:windowssystem32dllcacheiertutil.dll
2013-01-19 00:32 . 2012-11-01 12:17 12800 -c----w- c:windowssystem32dllcachexpshims.dll
2013-01-19 00:32 . 2012-11-01 12:17 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll
2013-01-19 00:32 . 2012-11-01 12:17 11111424 -c----w- c:windowssystem32dllcacheieframe.dll
2013-01-19 00:26 . 2012-07-04 14:05 139784 -c----w- c:windowssystem32dllcacherdpwd.sys
2013-01-19 00:19 . 2011-07-15 13:29 456320 -c----w- c:windowssystem32dllcachemrxsmb.sys
2013-01-19 00:18 . 2011-07-08 14:02 10496 -c----w- c:windowssystem32dllcachendistapi.sys
2013-01-19 00:18 . 2011-04-21 13:37 105472 -c----w- c:windowssystem32dllcachemup.sys
2013-01-19 00:17 . 2011-03-11 14:10 471552 -c----w- c:windowssystem32dllcacheaclayers.dll
2013-01-19 00:08 . 2010-11-02 15:17 40960 -c----w- c:windowssystem32dllcachendproxy.sys
2013-01-19 00:08 . 2010-10-11 14:59 45568 -c----w- c:windowssystem32dllcachewab.exe
2013-01-19 00:07 . 2010-08-16 08:45 590848 -c----w- c:windowssystem32dllcacherpcrt4.dll
2013-01-19 00:06 . 2011-02-08 13:33 978944 -c----w- c:windowssystem32dllcachemfc42.dll
2013-01-19 00:06 . 2010-09-18 06:53 953856 -c----w- c:windowssystem32dllcachemfc40u.dll
2013-01-18 23:51 . 2010-08-23 16:12 617472 -c----w- c:windowssystem32dllcachecomctl32.dll
2013-01-18 23:48 . 2010-06-30 20:38 369664 -c----w- c:windowssystem32dllcacheasp51.dll
2013-01-18 23:48 . 2010-07-27 06:35 257024 -c----w- c:windowssystem32dllcacheinfocomm.dll
2013-01-18 23:48 . 2010-06-18 13:36 3558912 -c----w- c:windowssystem32dllcachemoviemk.exe
2013-01-18 23:47 . 2010-03-05 18:45 456704 -c----w- c:windowssystem32dllcachesmtpsvc.dll
2013-01-18 23:47 . 2010-06-14 14:31 744448 -c----w- c:windowssystem32dllcachehelpsvc.exe
2013-01-18 23:42 . 2010-08-27 08:02 119808 -c----w- c:windowssystem32dllcachet2embed.dll
2013-01-18 23:42 . 2009-10-15 16:28 81920 -c----w- c:windowssystem32dllcachefontsub.dll
2013-01-18 23:37 . 2009-06-21 21:44 153088 -c----w- c:windowssystem32dllcachetriedit.dll
2013-01-18 23:31 . 2009-05-21 18:46 268288 -c----w- c:windowssystem32dllcachehttpext.dll
2013-01-18 23:30 . 2009-03-06 14:22 284160 -c----w- c:windowssystem32dllcachepdh.dll
2013-01-18 23:30 . 2009-02-09 12:10 473600 -c----w- c:windowssystem32dllcachefastprox.dll
2013-01-18 23:30 . 2009-02-09 12:10 401408 -c----w- c:windowssystem32dllcacherpcss.dll
2013-01-18 23:30 . 2009-02-06 11:11 110592 -c----w- c:windowssystem32dllcacheservices.exe
2013-01-18 23:30 . 2012-08-21 13:33 2148864 -c----w- c:windowssystem32dllcachentkrnlmp.exe
2013-01-18 23:30 . 2010-12-20 17:26 730112 -c----w- c:windowssystem32dllcachelsasrv.dll
2013-01-18 23:30 . 2010-12-09 15:15 718336 -c----w- c:windowssystem32dllcachentdll.dll
2013-01-18 23:30 . 2009-02-09 12:10 617472 -c----w- c:windowssystem32dllcacheadvapi32.dll
2013-01-18 23:30 . 2009-02-09 12:10 453120 -c----w- c:windowssystem32dllcachewmiprvsd.dll
2013-01-18 23:30 . 2009-02-06 10:10 227840 -c----w- c:windowssystem32dllcachewmiprvse.exe
2013-01-18 23:30 . 2012-08-21 13:29 2192896 -c----w- c:windowssystem32dllcachentoskrnl.exe
2013-01-18 23:30 . 2012-08-21 12:58 2027520 -c----w- c:windowssystem32dllcachentkrpamp.exe
2013-01-18 23:29 . 2010-07-12 12:55 218112 -c----w- c:windowssystem32dllcachewordpad.exe
2013-01-18 23:28 . 2008-08-28 07:46 74752 -c----w- c:windowssystem32dllcachemsw3prt.dll
2013-01-18 23:28 . 2008-08-28 07:46 104960 -c----w- c:windowssystem32dllcachewin32spl.dll
2013-01-18 23:28 . 2008-05-01 14:33 331776 -c----w- c:windowssystem32dllcachemsadce.dll
2013-01-18 23:27 . 2008-06-13 11:05 272128 -c----w- c:windowssystem32dllcachebthport.sys
2013-01-18 23:27 . 2008-05-08 14:02 203136 -c----w- c:windowssystem32dllcachermcast.sys
2013-01-18 17:37 . 2012-11-06 02:01 1371648 -c----w- c:windowssystem32dllcachemsxml6.dll
2013-01-18 17:37 . 2008-04-14 03:57 79872 -c----w- c:windowssystem32dllcachemsxml6r.dll
2013-01-18 17:35 . 2008-04-14 10:42 294912 ------w- c:program filesWindows Media Playerdlimport.exe
2013-01-18 17:35 . 2008-04-14 10:42 294912 -c----w- c:windowssystem32dllcachedlimport.exe
2013-01-18 02:28 . 2006-02-28 12:00 79872 -c--a-w- c:windowssystem32dllcacherwia330.dll
2013-01-18 02:27 . 2006-02-28 12:00 10129408 -c--a-w- c:windowssystem32dllcachehwxkor.dll
2013-01-18 02:22 . 2006-02-28 12:00 7680 -c--a-w- c:windowssystem32dllcacheinetmgr.exe
2013-01-18 02:03 . 2006-02-28 12:00 24661 -c--a-w- c:windowssystem32dllcachespxcoins.dll
2013-01-18 02:03 . 2006-02-28 12:00 24661 ----a-w- c:windowssystem32spxcoins.dll
2013-01-18 02:03 . 2006-02-28 12:00 13312 -c--a-w- c:windowssystem32dllcacheirclass.dll
2013-01-18 02:03 . 2006-02-28 12:00 13312 ----a-w- c:windowssystem32irclass.dll
2013-01-18 00:08 . 2006-02-28 12:00 16384 -c--a-w- c:windowssystem32dllcacheisignup.exe
2013-01-18 00:08 . 2006-02-28 12:00 16384 ----a-w- c:program filesInternet ExplorerConnection Wizardisignup.exe
2013-01-17 03:10 . 2013-01-17 03:10 -------- d-----w- c:documents and settingsAdministratorApplication DataEFSoftware
2013-01-17 03:09 . 2013-01-17 03:09 -------- d-----w- c:program filesEF Process Manager
2013-01-15 04:23 . 2013-01-15 04:25 -------- d-----w- c:documents and settingsAdministratorApplication DataFreshDiagnose
2013-01-15 03:32 . 2013-01-15 03:32 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2013-01-15 02:17 . 2013-01-15 02:17 -------- d-----w- c:program filesAGEIA Technologies
2013-01-15 02:16 . 2013-01-15 02:16 -------- d-----w- c:documents and settingsAll UsersApplication DataNVIDIA Corporation
2013-01-15 02:16 . 2013-01-20 02:28 -------- d-----w- c:documents and settingsUpdatusUser
2013-01-15 02:15 . 2013-01-18 02:13 1075220 ----a-w- c:windowssystem32nvdrsdb1.bin
2013-01-15 02:15 . 2013-01-18 02:13 1 ----a-w- c:windowssystem32nvdrssel.bin
2013-01-15 02:15 . 2013-01-18 02:13 1075220 ----a-w- c:windowssystem32nvdrsdb0.bin
2013-01-15 02:14 . 2012-07-03 15:25 28008 ----a-w- c:windowssystem32nvhdap32.dll
2013-01-15 02:14 . 2012-07-03 15:25 124264 ----a-w- c:windowssystem32driversnvhda32.sys
2013-01-15 02:14 . 2012-07-03 07:37 884072 ----a-w- c:windowssystem32nvhdagenco3220103.dll
2013-01-15 02:14 . 2012-12-29 10:31 889784 ----a-w- c:windowssystem32nvdispgenco32.dll
2013-01-15 02:14 . 2012-12-29 10:31 7716864 ----a-w- c:windowssystem32nvcuda.dll
2013-01-15 02:14 . 2012-12-29 10:31 6066176 ----a-w- c:windowssystem32nvopencl.dll
2013-01-15 02:14 . 2012-12-29 10:31 2725304 ----a-w- c:windowssystem32nvcuvid.dll
2013-01-15 02:14 . 2012-12-29 10:31 1985976 ----a-w- c:windowssystem32nvcuvenc.dll
2013-01-15 02:14 . 2012-12-29 10:31 19570688 ----a-w- c:windowssystem32nvoglnt.dll
2013-01-14 19:47 . 2006-02-28 12:00 9216 -c--a-w- c:windowssystem32dllcachewamps51.dll
2013-01-14 19:46 . 2013-01-14 19:46 -------- d-----w- c:windowssystem32msmq
2013-01-14 19:06 . 2008-11-07 23:55 16928 ----a-w- c:windowssystem32spmsgXP_2k3.dll
2013-01-14 18:57 . 2013-01-14 18:57 -------- d-----w- c:windowssystem32wbemRepository
2013-01-14 18:56 . 2013-01-14 18:56 -------- d-----w- c:documents and settingsAdministratorApplication DataWireshark
2013-01-14 18:54 . 2013-01-14 18:54 -------- d-----w- c:documents and settingsAll UsersApplication DataIBUpdaterService
2013-01-14 18:51 . 2013-01-14 18:51 -------- d-----w- c:program filesBadaboom
2013-01-14 18:51 . 2013-01-14 18:51 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataBadaboom
2013-01-14 18:51 . 2013-01-19 15:18 -------- d-----w- c:program filesCommViewWiFi
2013-01-14 18:49 . 2013-01-14 18:50 -------- d-----w- c:program filesvReveal
2013-01-14 18:49 . 2013-01-14 18:49 -------- d-----w- c:windowssystem32EVGA
2013-01-14 13:46 . 2013-01-14 18:54 -------- d-----w- c:program filesCoupon Companion Plugin
2013-01-14 05:30 . 2013-01-14 18:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataPokki
2013-01-14 05:27 . 2013-01-14 05:27 -------- d-----w- c:documents and settingsAdministratorApplication DataAPP_NAME_NON_STRING
2013-01-14 05:26 . 2013-01-14 18:54 -------- d-----w- c:program filesPDF Architect
2013-01-14 05:25 . 2013-01-14 18:54 -------- d-----w- c:program filesPDFCreator(2)
2013-01-12 02:46 . 2013-01-12 02:46 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataDeployment
2013-01-12 02:36 . 2013-01-12 02:36 -------- d-----w- c:documents and settingsAdministratorApplication DataMotionDSP
2013-01-12 02:28 . 2013-01-20 05:22 -------- d-----w- c:documents and settingsAdministratorApplication DataNVIDIA
2013-01-12 02:06 . 2013-01-14 18:55 -------- d-----w- c:program filesZOTAC FireStorm
2013-01-11 18:29 . 2008-04-14 10:42 23040 ----a-w- c:windowssystem32ativmvxx.ax
2013-01-11 18:29 . 2008-04-14 10:41 32768 ----a-w- c:windowssystem32ativtmxx.dll
2013-01-11 18:29 . 2008-04-14 10:42 9728 ----a-w- c:windowssystem32ativdaxx.ax
2013-01-11 18:29 . 2004-08-04 03:29 63488 ----a-w- c:windowssystem32driversatinxsxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 31744 ----a-w- c:windowssystem32driversatinxbxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 73216 ----a-w- c:windowssystem32driversatintuxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 13824 ----a-w- c:windowssystem32driversatinttxx.sys
2013-01-11 18:29 . 2004-08-04 03:29 28672 ----a-w- c:windowssystem32driversatinsnxx.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-18 02:16 . 2011-03-27 07:00 16400 ----a-w- c:windowssystem32driversLNonPnP.sys
2013-01-16 03:32 . 2012-02-04 14:22 106296 ----a-w- c:windowssystem32driversjraid.sys
2013-01-16 03:20 . 2012-10-27 17:11 53248 ----a-w- c:windowssystem32CSVer.dll
2013-01-15 03:31 . 2011-06-12 07:37 143872 ----a-w- c:windowssystem32javacpl.cpl
2013-01-15 03:31 . 2011-12-31 00:02 859552 ----a-w- c:windowssystem32npdeployJava1.dll
2013-01-15 03:31 . 2011-02-28 19:05 780192 ----a-w- c:windowssystem32deployJava1.dll
2013-01-09 00:36 . 2011-11-20 06:55 697864 ----a-w- c:windowssystem32FlashPlayerApp.exe
2013-01-09 00:36 . 2011-03-14 06:11 74248 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-12-29 10:31 . 2011-12-26 17:19 1017272 ----a-w- c:windowssystem32nvdispco32.dll
2012-12-29 10:31 . 2011-07-03 12:52 2448384 ----a-w- c:windowssystem32nvapi.dll
2012-12-29 10:31 . 2011-07-03 12:52 17551360 ----a-w- c:windowssystem32nvcompiler.dll
2012-12-29 10:31 . 2011-02-19 06:13 10686200 ----a-w- c:windowssystem32driversnv4_mini.sys
2012-12-29 10:31 . 2011-02-19 06:13 4154752 ----a-w- c:windowssystem32nv4_disp.dll
2012-12-29 08:07 . 2011-01-08 00:58 54272 ----a-w- c:windowssystem32nvwddi.dll
2012-12-29 08:07 . 2011-01-08 00:58 157112 ----a-w- c:windowssystem32nvsvc32.exe
2012-12-29 08:07 . 2011-01-08 00:58 15635896 ----a-w- c:windowssystem32nvcpl.dll
2012-12-29 08:07 . 2011-01-08 00:58 108984 ----a-w- c:windowssystem32nvmctray.dll
2012-12-29 08:07 . 2011-01-08 00:58 144312 ----a-w- c:windowssystem32nvcolor.exe
2012-12-26 23:28 . 2003-02-21 09:42 348160 ----a-w- c:windowssystem32msvcr71.dll
2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2012-12-14 21:49 . 2012-08-21 23:42 21104 ----a-w- c:windowssystem32driversmbam.sys
2012-12-01 02:27 . 2012-03-26 13:27 181064 ----a-w- c:windowsPSEXESVC.EXE
2012-11-13 01:25 . 2006-02-28 12:00 1866368 ----a-w- c:windowssystem32win32k.sys
2012-11-11 06:47 . 2012-11-11 06:47 53248 ----a-r- c:documents and settingsAdministratorApplication DataMicrosoftInstaller{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ARPPRODUCTICON.exe
2012-11-06 02:01 . 2008-08-30 01:06 1371648 ----a-w- c:windowssystem32msxml6.dll
2012-11-05 01:46 . 2012-09-29 18:55 26984 ----a-w- c:windowssystem32driversavgtpx86.sys
2012-11-02 02:02 . 2006-02-28 12:00 375296 ----a-w- c:windowssystem32dpnet.dll
2012-11-01 12:17 . 2006-02-28 12:00 916992 ----a-w- c:windowssystem32wininet.dll
2012-11-01 12:17 . 2006-02-28 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll
2012-11-01 12:17 . 2006-02-28 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl
2012-11-01 00:35 . 2006-02-28 12:00 385024 ----a-w- c:windowssystem32html.iec
2012-10-30 22:51 . 2012-04-22 16:36 361032 ----a-w- c:windowssystem32driversaswSP.sys
2012-10-30 22:51 . 2012-04-22 16:36 35928 ----a-w- c:windowssystem32driversaswRdr.sys
2012-10-30 22:51 . 2012-04-22 16:35 54232 ----a-w- c:windowssystem32driversaswTdi.sys
2012-10-30 22:51 . 2012-04-22 16:35 738504 ----a-w- c:windowssystem32driversaswSnx.sys
2012-10-30 22:51 . 2012-04-22 16:35 97608 ----a-w- c:windowssystem32driversaswmon2.sys
2012-10-30 22:51 . 2012-04-22 16:35 89752 ----a-w- c:windowssystem32driversaswmon.sys
2012-10-30 22:51 . 2012-04-22 16:36 21256 ----a-w- c:windowssystem32driversaswFsBlk.sys
2012-10-30 22:51 . 2012-04-22 16:35 25256 ----a-w- c:windowssystem32driversaavmker4.sys
2012-10-30 22:51 . 2012-04-22 16:34 41224 ----a-w- c:windowsavastSS.scr
2012-10-30 22:50 . 2012-04-22 16:34 227648 ----a-w- c:windowssystem32aswBoot.exe
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:windowssystem32QuickTime.qts
2012-12-01 15:52 . 2012-12-01 15:52 262112 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 01:14 1796552 ----a-w- c:program filesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{59509308-4e15-4619-8e8d-0154e1588cdd}"= "c:program filesphotopostbphotoposDx.dll" [2012-06-07 86736]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program filesAVG Secure Search13.2.0.5AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOTclsid{59509308-4e15-4619-8e8d-0154e1588cdd}]
.
[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOTCLSID{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:program filesAVAST SoftwareAvastashShell.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avast"="c:program filesAVAST SoftwareAvastavastUI.exe" [2012-10-30 4297136]
"ISW"="c:program filesCheckPointZAForceFieldForceField.exe" [2012-11-02 738984]
"ZoneAlarm"="c:program filesCheckPointZoneAlarmzatray.exe" [2012-11-08 73392]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2012-10-25 421888]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASSEH.DLL" [2013-01-19 113024]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:program filesCommon FilesLogishrdBluetoothLBTWLgn.dll
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk /p ??C:
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalIMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=""
.
[HKLM~startupfolderC:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:documents and settingsAdministratorStart MenuProgramsStartupERUNT AutoBackup.lnk
backup=c:windowspssERUNT AutoBackup.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:documents and settingsAdministratorStart MenuProgramsStartupLogitech . Product Registration.lnk
backup=c:windowspssLogitech . Product Registration.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:windowspssBDARemote.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:windowspssLogitech SetPoint.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:windowspssMcAfee Security Scan Plus.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:windowspssRalink Wireless Utility.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:windowspssWindows Search.lnkCommon Startup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk]
backup=c:windowspssCanon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]
backup=c:windowspssHughesNetStatusMeter.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:documents and settingsROBBYStart MenuProgramsStartupLogitech . Product Registration.lnk
backup=c:windowspssLogitech . Product Registration.lnkStartup
.
[HKLM~startupfolderC:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk]
backup=c:windowspssTimeLeft.lnkStartup
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]
c:windowssystem32dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg*ForceDelete]
2013-01-19 15:23 574677 ----a-w- c:documents and settingsAdministratorMy DocumentsDownloadsadwcleaner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg36X Raid Configurer]
2012-02-04 14:22 1953792 ----a-w- c:windowssystem32xRaidSetup.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2012-12-18 19:08 946352 ----a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAlcmtr]
2005-05-03 22:43 69632 ----a-r- c:windowsAlcmtr.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAnyDVD]
2011-07-28 10:33 5242488 ----a-w- c:program filesSlySoftAnyDVDAnyDVDtray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]
2012-11-28 19:13 59280 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAROReminder]
2010-01-20 18:51 2137600 ----a-w- c:program filesAdvanced Registry OptimizerARO.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAsusStartupHelp]
2006-11-15 03:25 363008 ----a-w- c:program filesASUSAASP1.00.17AsRunHelp.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 21:32 94208 ----a-w- c:program filesCommon FilesAheadLibNMBgMonitor.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBYR_AGENT]
2012-12-10 04:43 392320 ----a-w- c:lgmobileupgradeLGMOBILEAXBYR_ClientVZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:program filesCanonMyPrinterBJMYPRT.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:program filesCanonSolutionMenuCNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:program filesSlySoftCloneCDCloneCDTray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:windowssystem32ctfmon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDownloadManagerService]
2011-05-18 20:52 94008 ----a-w- c:program filesVerizon Wirelessdistservicerunner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW6]
2011-06-08 14:45 822456 ----a-w- c:program filesThe Weather Channel FWDesktopDesktopWeather.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDW7]
2012-07-28 03:04 13003448 ----a-w- c:program filesThe Weather ChannelThe Weather Channel AppTWCApp.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEvtMgr6]
2012-11-04 17:43 1851192 ----a-w- c:program filesLogitechSetPointPSetPoint.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:program filesFileHippo.comUpdateChecker.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
2012-02-13 23:43 136176 ----atw- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregInfo Center]
2012-09-01 01:38 27328 ----a-w- c:program filesPCPitstopInfo CenterInfoCenter.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIObit Malware Fighter]
2012-12-25 22:35 4474832 ----a-w- c:program filesIObitIObit Malware FighterIMF.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:program filesiTunesiTunesHelper.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregJMB36X IDE Setup]
2013-01-16 03:32 43608 ----a-w- c:windowsRaidToolxInsIDE.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregjswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:program filesTP-LINKQSSjswtrayutil.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:program filesMessengermsmsgs.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2006-01-13 00:40 155648 ----a-w- c:program filesCommon FilesAheadLibNeroCheck.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
2012-12-29 08:07 15635896 ----a-w- c:windowssystem32nvcpl.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
2012-12-29 08:07 108984 ----a-w- c:windowssystem32nvmctray.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
2012-12-29 10:31 1982312 ----a-w- c:program filesNVIDIA Corporationnviewnwiz.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Pitstop Optimize Reminder]
2010-08-06 18:57 324848 ----a-w- c:program filesPCPitstopOptimize3Reminder-Optimize3.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPC Pitstop PC Matic Reminder]
2012-11-15 18:58 325320 ----a-w- c:program filesPCPitstopPC MaticReminder-PCMatic.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:program filesQuickTimeQTTask.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:program filesRivaTuner v2.24 MSI Master Overclocking Arena 2009 editionRivaTuner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregROC_roc_ssl_v12]
2012-11-05 01:46 1020512 ----a-w- c:program filesAVG Secure SearchROC_roc_ssl_v12.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRTHDCPL]
2008-05-16 18:39 16862720 ----a-r- c:windowsRTHDCPL.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSDTray]
2012-11-13 19:08 3825176 ----a-w- c:program filesSpybot - Search & Destroy 2SDTray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkyTel]
2007-11-20 22:15 1826816 ----a-r- c:windowsSkyTel.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSlimDrivers]
2012-10-14 20:29 29378432 ----a-w- c:program filesSlimDriversSlimDrivers.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSolarWindsNetworkDeviceMonitor]
2010-03-26 14:59 2441216 ----a-w- c:program filesSolarWindsNetwork Device MonitorUndpMonitor.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybot-S&D Cleaning]
2012-11-13 19:07 3713032 ----a-w- c:program filesSpybot - Search & Destroy 2SDCleaner.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpyHunter Security Suite]
2012-10-09 00:21 6286784 ----a-w- c:program filesEnigma Software GroupSpyHunterSpyHunter4.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2011-05-04 17:59 252136 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
2013-01-19 14:00 4763008 ----a-w- c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSynchronization Manager]
2008-04-14 10:42 143360 ----a-w- c:windowssystem32mobsync.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
2012-12-26 23:28 295072 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTWCU]
2010-05-21 18:55 561263 ----a-w- c:program filesTP-LINKTP-LINK Wireless Client UtilityTWCU.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUSBDetector]
2003-04-01 15:33 53248 ----a-w- c:usbstorageUSBDetector.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregvProt]
2012-11-09 01:14 997320 ----a-w- c:program filesAVG Secure Searchvprot.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWrtMon.exe]
2006-09-20 12:35 20480 ----a-w- c:windowssystem32spooldriversw32x863WrtMon.exe
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"ctfmon.exe"=c:windowssystem32ctfmon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"NvCplDaemon"=RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
"TkBellExe"="c:program filesrealrealplayerupdaterealsched.exe" -osboot
"QuickTime Task"="c:program filesQuickTimeqttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"c:Program FilesOperaopera.exe"=
"c:Program FilesWindows LiveMessengerwlcsdk.exe"=
"c:Program FilesWindows LiveSyncWindowsLiveSync.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDTray.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDFSSvc.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDUpdate.exe"=
"c:Program FilesSpybot - Search & Destroy 2SDUpdSvc.exe"=
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SmartDefragDriver;SmartDefragDriver;c:windowssystem32driversSmartDefragDriver.sys [12/29/2012 10:05 PM 14776]
R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [4/22/2012 11:35 AM 738504]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [4/22/2012 11:36 AM 361032]
R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [9/29/2012 1:55 PM 26984]
R1 HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;HMFAxCoreaed040d8b011ae0c1b8fadee8e6de745;c:windowssystem32driversHMFAxCoreaed040d8b011ae0c1b8fadee8e6de745.sys [12/30/2012 1:49 PM 24064]
R1 SASDIFSV;SASDIFSV;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASDIFSV.SYS [2/19/2011 12:41 PM 12880]
R1 SASKUTIL;SASKUTIL;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASKUTIL.SYS [2/19/2011 12:41 PM 67664]
R1 sbaphd;sbaphd;c:windowssystem32driverssbaphd.sys [6/30/2012 8:22 AM 21240]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [4/22/2012 11:36 AM 21256]
R2 jswpbapi;JumpStart Push-Button Service;c:program filesTP-LINKQSSjswpbapi.exe [2/19/2011 10:27 AM 188416]
R2 LBeepKE;Logitech Beep Suppression Driver;c:windowssystem32driversLBeepKE.sys [3/27/2011 2:00 AM 12216]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:windowssystem32driversScutum50.sys [12/26/2011 12:35 AM 19072]
R3 AR9271;Wireless Network Adapter Service;c:windowssystem32driversathuw.sys [2/19/2011 3:22 AM 1714176]
R3 Egatebus;Egatebus;c:windowssystem32driversegatebus.sys [5/19/2006 10:22 AM 15328]
R3 Egaterdr;Egaterdr;c:windowssystem32driversegaterdr.sys [5/19/2006 10:22 AM 13440]
R3 JSWSCIMD;jswscimd Service;c:windowssystem32driversjswscimd.sys [2/19/2011 10:27 AM 57440]
R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [12/22/2012 7:30 PM 47360]
S3 !SASCORE;SAS Core Service;c:documents and settingsROBBYDesktopasstdownloadsSUPERAntiSpywareSASCORE.EXE [2/19/2011 12:41 PM 116608]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys --> c:windowssystem32driversAmbfilt.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;c:windowssystem32driverslgandbus.sys [12/7/2010 1:22 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:windowssystem32driverslganddiag.sys [12/7/2010 1:23 PM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:windowssystem32driverslgandgps.sys [12/7/2010 1:23 PM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:windowssystem32driverslgandmodem.sys [12/7/2010 1:23 PM 25088]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:windowssystem32driverslgandnetdiag.sys [2/23/2011 2:05 AM 23168]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:windowssystem32driverslgandnetgps.sys [2/23/2011 2:05 AM 22272]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:windowssystem32driverslgandnetmodem.sys [2/23/2011 2:05 AM 28032]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:windowssystem32driverslgandnetndis.sys [2/23/2011 2:05 AM 70016]
S3 BS_DEF;BS_DEF;c:program filesASUSAsusUpdateBS_DEF.sys [2/20/2011 1:36 AM 13312]
S3 esgiguard;esgiguard;c:program filesEnigma Software GroupSpyHunteresgiguard.sys [5/6/2011 4:57 PM 13904]
S3 EsgScanner;EsgScanner;c:windowssystem32driversEsgScanner.sys [6/22/2012 12:01 PM 19984]
S3 FileMonitor;FileMonitor;c:program filesIObitIObit Malware FighterDriverswxp_x86FileMonitor.sys [1/19/2013 3:40 PM 246816]
S3 FLPService;File Lock Pro Service;c:program filesFileLockPROFLPService.exe [12/30/2012 1:49 PM 245736]
S3 IMFservice;IMF Service;c:program filesIObitIObit Malware FighterIMFsrv.exe [1/19/2013 3:40 PM 821592]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:program filesTP-LINKQSSjswpsapi.exe [2/19/2011 10:27 AM 360529]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:program filesMicrosoft Fix it CenterMatsvc.exe [6/13/2011 10:09 PM 267568]
S3 NAUpdate;@c:program filesNeroUpdateNASvc.exe,-200;c:program filesNeroUpdateNASvc.exe [5/4/2010 12:07 PM 503080]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:program fileseEye Digital SecurityRetina Wireless ScannerPCANDIS5_WIFISCAN.SYS [6/3/2004 12:28 PM 22131]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [2/19/2011 12:16 PM 86216]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:program filesRealNetworksRealDownloaderrndlresolversvc.exe [11/29/2012 8:31 PM 38608]
S3 RegFilter;RegFilter;c:program filesIObitIObit Malware FighterDriverswxp_x86RegFilter.sys [1/19/2013 3:40 PM 30408]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;c:program filesSpybot - Search & Destroy 2SDFSSvc.exe [12/1/2012 10:02 AM 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:program filesSpybot - Search & Destroy 2SDUpdSvc.exe [12/1/2012 10:02 AM 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;c:program filesSpybot - Search & Destroy 2SDWSCSvc.exe [12/1/2012 10:02 AM 168384]
S3 SpyHunter 4 Service;SpyHunter 4 Service;c:progra~1ENIGMA~1SPYHUN~1SH4SER~1.EXE [10/8/2012 7:21 PM 766400]
S3 SystemExplorerHelpService;System Explorer Service;c:program filesSystem ExplorerserviceSystemExplorerService.exe [1/19/2013 8:50 PM 567256]
S3 UrlFilter;UrlFilter;c:program filesIObitIObit Malware FighterDriverswxp_x86UrlFilter.sys [1/19/2013 3:40 PM 16248]
S3 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater13.2.0ToolbarUpdater.exe [11/4/2012 8:46 PM 711112]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 23:35 1606760 ----a-w- c:program filesGoogleChromeApplication24.0.1312.52Installersetup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-21 c:windowsTasksAdobe Flash Player Updater.job
- c:windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2011-11-20 00:36]
.
2013-01-21 c:windowsTasksavast! Emergency Update.job
- c:program filesAVAST SoftwareAvastAvastEmUpdate.exe [2012-07-07 22:50]
.
2013-01-21 c:windowsTasksGlaryInitialize.job
- c:program filesGlary Utilitiesinitialize.exe [2013-01-06 06:22]
.
2013-01-21 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2012-04-22 13:57]
.
2013-01-21 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2012-04-22 13:57]
.
2013-01-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job
- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-02-13 23:43]
.
2013-01-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job
- c:documents and settingsROBBYLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2012-02-13 23:43]
.
2013-01-21 c:windowsTasksPC Performer Manager.job
- c:windowssystem32sc.exe [2006-02-28 10:39]
.
2012-12-29 c:windowsTasksRealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealNetworksRealDownloaderrecordingmanager.exe [2012-11-30 01:33]
.
2013-01-21 c:windowsTasksRealDownloaderRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealNetworksRealDownloaderrealupgrade.exe [2012-11-30 01:31]
.
2013-01-21 c:windowsTasksRealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealNetworksRealDownloaderrealupgrade.exe [2012-11-30 01:31]
.
2013-01-21 c:windowsTasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-21 c:windowsTasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-21 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-21 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-21 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-15 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:program filesRealRealUpgraderealupgrade.exe [2012-11-30 20:30]
.
2013-01-21 c:windowsTasksSmartDefragUpdate.job
- c:program filesIObitSmart Defrag 2AutoUpdate.exe [2012-11-05 16:06]
.
2013-01-20 c:windowsTasksUser_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job
- c:windowssystem32msfeedssync.exe [2009-03-08 09:31]
.
2013-01-21 c:windowsTasksWindows Codec Update Service.job
- c:program filesEssentials Codec PackWECPUpdate.exe [2011-02-27 10:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 101.1.230.1 208.67.220.220
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program filesCommon FilesAVG Secure SearchViProtocolInstaller13.2.0ViProtocol.dll
FF - ProfilePath - c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2012-12-16 15:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-19 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:program filesCheckPointZAForceFieldTrustChecker
FF - ExtSQL: 2012-12-26 18:30; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:documents and settingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt
FF - ExtSQL: 2013-01-19 15:51; ascsurfingprotection@iobit.com; c:documents and settingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultextensionsascsurfingprotection@iobit.com
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare Ultimate - c:program filesIObitAdvanced SystemCare UltimateASCTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-20 23:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERSS-1-5-21-1644491937-1767777339-839522115-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
@Allowed: (Read) (RestrictedCode)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,6c,c6,4c,b2,c5,c7,4f,b1,0d,2c,
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,6c,c6,4c,b2,c5,c7,4f,b1,0d,2c,
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,6c,c6,4c,b2,c5,c7,4f,b1,0d,2c,
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WINDOWSsystem32MacromedFlashFlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*1*CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINEsoftwareClassesVideoLAN.VLCPlugin.*2*CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1548)
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2912)
c:windowssystem32WININET.dll
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesAVAST SoftwareAvastAvastSvc.exe
c:windowsSystem32SCardSvr.exe
c:windowssystem32acs.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32inetsrvinetinfo.exe
c:program filesJavajre7binjqs.exe
c:windowsSystem32snmp.exe
c:windowssystem32SearchIndexer.exe
c:program filesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
.
**************************************************************************
.
Completion time: 2013-01-21 00:00:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-21 05:00
ComboFix2.txt 2013-01-20 17:26
ComboFix3.txt 2013-01-20 00:51
.
Pre-Run: 118,248,509,440 bytes free
Post-Run: 118,242,197,504 bytes free
.
- - End Of File - - FA2B8705C0631C101F557FD0701AFD20

Link to comment
Share on other sites

RegistryNuke 2012

 

I do not recommend so called "registry optimizers". There are miniscule improvements that are possible, but there are huge, humongous risks involved. I have tried to help resurrect many systems after people ran them and it is usually easier to just reformat and reinstall the operating system. But as I said... it's your system.

 

AdwCleaner

  • [*]Please download
AdwCleaner by Xplode onto your desktop. [*]Close all open programs and internet browsers. [*]Double click on AdwCleaner.exe to run the tool. [*]Click on Delete. [*]Confirm each time with Ok. [*]Your computer will be rebooted automatically. A text file will open after the restart. [*]Please post the content of that logfile with your next answer. [*]You can find the logfile at C:AdwCleaner[s1].txt as well.

Then...

 

Go ahead and try to run Malwarebytes again. Please also post the resultant log.

Link to comment
Share on other sites

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 18:06:13# Updated 21/01/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Administrator - DEAN-426571A0EA# Boot Mode : Normal# Running from : C:Documents and SettingsAdministratorMy DocumentsDownloadsAdwCleaner(1).exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:Documents and SettingsAdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsbbjciahceamgodcoidkjpchnokgfpphhDeleted on reboot : C:Documents and SettingsAdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscjpglkicenollcignonpgiafdgfeehojFile Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultbprotector_extensions.sqliteFile Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultbprotector_prefs.jsFile Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultsearchpluginsConduit.xmlFile Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultsearchpluginsfunmoods.xmlFile Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultsearchpluginsMyStart Search.xmlFile Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultsearchpluginsSearchResults.xmlFile Deleted : C:user.jsFolder Deleted : C:Documents and SettingsAdministratorApplication DataAVG Secure SearchFolder Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultConduitCommonFolder Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultCT3227982Folder Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultextensions{0cc09160-108c-4759-bab1-5c12c216e005}(2)Folder Deleted : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultextensionsspecialsavings@superfish.comFolder Deleted : C:Documents and SettingsAdministratorLocal SettingsApplication DataAVG Secure SearchFolder Deleted : C:Documents and SettingsAdministratorLocal SettingsApplication DataConduitFolder Deleted : C:Documents and SettingsAdministratorLocal SettingsApplication DataIlivid PlayerFolder Deleted : C:Documents and SettingsAll UsersApplication DataAPNFolder Deleted : C:Documents and SettingsAll UsersApplication DataAVG Secure SearchFolder Deleted : C:Documents and SettingsAll UsersApplication Datablekko toolbarsFolder Deleted : C:Documents and SettingsAll UsersApplication Databoost_interprocessFolder Deleted : C:Documents and SettingsAll UsersApplication DataIBUpdaterServiceFolder Deleted : C:Documents and SettingsAll UsersApplication DataInstallMateFolder Deleted : C:Documents and SettingsAll UsersApplication Datapc performer managerFolder Deleted : C:Documents and SettingsAll UsersStart MenuProgramsIlividFolder Deleted : C:Documents and SettingsrdgApplication DataMozillaFirefoxProfiles52gmnolk.defaultextensionscrossriderapp5060@crossrider.comFolder Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultextensions{90eee664-34b1-422a-a782-779af65cdf6d}Folder Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultextensions{99079a25-328f-4bd4-be04-00955acaa0a7}Folder Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultextensionscrossriderapp5060@crossrider.comFolder Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultextensionsengine@conduit.comFolder Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultextensionsstagedFolder Deleted : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultSearchqutoolbarFolder Deleted : C:Documents and SettingsROBBYApplication DatasearchqubandFolder Deleted : C:Documents and SettingsROBBYApplication DataSearchqutoolbarFolder Deleted : C:Documents and SettingsROBBYLocal SettingsApplication DataConduitFolder Deleted : C:Documents and SettingsROBBYLocal SettingsApplication DataConduitEngineFolder Deleted : C:Documents and SettingsROBBYLocal SettingsApplication DataIlivid PlayerFolder Deleted : C:Documents and SettingsROBBYLocal SettingsApplication DataIncrediMail_MediaBar_4Folder Deleted : C:Program FilesAVG Secure SearchFolder Deleted : C:Program FilesCommon FilesAVG Secure SearchFolder Deleted : C:Program FilesIlividFolder Deleted : C:Program FilesPriceGongFolder Deleted : C:Program FilesSpecialSavings***** [Registry] *****Key Deleted : HKCUSoftwareAVG Secure SearchKey Deleted : HKCUSoftwareInstallCoreKey Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCUSoftwarewecarereminderKey Deleted : HKLMSoftwareAVG Secure SearchKey Deleted : HKLMSOFTWAREClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLMSOFTWAREClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLMSOFTWAREClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLMSOFTWAREClassesAppID{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Deleted : HKLMSOFTWAREClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLMSOFTWAREClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLMSOFTWAREClassesAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLMSOFTWAREClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLMSOFTWAREClassesAppID{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLMSOFTWAREClassesAppIDescort.DLLKey Deleted : HKLMSOFTWAREClassesAppIDescortApp.DLLKey Deleted : HKLMSOFTWAREClassesAppIDescortEng.DLLKey Deleted : HKLMSOFTWAREClassesAppIDescorTlbr.DLLKey Deleted : HKLMSOFTWAREClassesAppIDesrv.EXEKey Deleted : HKLMSOFTWAREClassesAppIDScriptHelper.EXEKey Deleted : HKLMSOFTWAREClassesAppIDViProtocol.DLLKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPIKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.BrowserWndAPI.1Key Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObjKey Deleted : HKLMSOFTWAREClassesAVG Secure Search.PugiObj.1Key Deleted : HKLMSOFTWAREClassesCLSID{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesCLSID{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREClassesCLSID{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLMSOFTWAREClassesCLSID{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLMSOFTWAREClassesCLSID{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}Key Deleted : HKLMSOFTWAREClassesInterface{22B0769F-794B-4422-AC84-47B123C8986D}Key Deleted : HKLMSOFTWAREClassesInterface{255E0B2A-D747-4EEF-B7CE-159D73A3656D}Key Deleted : HKLMSOFTWAREClassesInterface{28ED590D-F5ED-4E05-A87F-1D759F1C6169}Key Deleted : HKLMSOFTWAREClassesInterface{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}Key Deleted : HKLMSOFTWAREClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLMSOFTWAREClassesInterface{771B99AB-636F-4A11-9039-8DFEB927B061}Key Deleted : HKLMSOFTWAREClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLMSOFTWAREClassesInterface{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}Key Deleted : HKLMSOFTWAREClassesInterface{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}Key Deleted : HKLMSOFTWAREClassesInterface{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}Key Deleted : HKLMSOFTWAREClassesInterface{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}Key Deleted : HKLMSOFTWAREClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLMSOFTWAREClassesInterface{CFCD164E-8AC9-478E-9ECC-B616A932016C}Key Deleted : HKLMSOFTWAREClassesInterface{D5961CC0-B442-4567-8030-67E241EF4CC2}Key Deleted : HKLMSOFTWAREClassesInterface{E450067F-1C93-41A7-928E-07E5C2EEC680}Key Deleted : HKLMSOFTWAREClassesInterface{F977D9F2-4BDC-44A6-B508-7C0284C61EED}Key Deleted : HKLMSOFTWAREClassesInterface{FFB96CC1-7EB3-449D-B827-DB661701C6BB}Key Deleted : HKLMSOFTWAREClassesPROTOCOLSHandlerviprotocolKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApiKey Deleted : HKLMSOFTWAREClassesScriptHelper.ScriptHelperApi.1Key Deleted : HKLMSOFTWAREClassesTypeLib{48C9C8B0-A546-46C1-A81F-47A31E623E9D}Key Deleted : HKLMSOFTWAREClassesTypeLib{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}Key Deleted : HKLMSOFTWAREClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLMSOFTWAREClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLMSOFTWAREClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLEKey Deleted : HKLMSOFTWAREClassesViProtocol.ViProtocolOLE.1Key Deleted : HKLMSoftwareFreeze.comKey Deleted : HKLMSoftwareilividKey Deleted : HKLMSoftwareImInstallerKey Deleted : HKLMSoftwareIncrediMail_MediaBar_4Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{26507E72-6C91-497A-8533-095033A65483}Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheAVG Secure SearchKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheilividKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{1820365B-338E-4283-8936-EF1D4E76FD61}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallAVG Secure SearchKey Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividKey Deleted : HKLMSOFTWAREMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginValue Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLMSOFTWAREMozillaFirefoxExtensions [Avg@toolbar]***** [internet Browsers] *****- Internet Explorer v8.0.6001.18702[OK] Registry is clean.- Mozilla Firefox v15.0.1 (en-US)File : C:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultprefs.jsC:Documents and SettingsROBBYApplication DataMozillaFirefoxProfilesb9aos2lf.defaultuser.js ... Deleted !Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7B0a90e718-7560-4c2e-9b00-f2e9b1d[...]Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B0a90e718-7560-4c2e-9b00-f2e9b1d0cf2a%[...]Deleted : user_pref("browser.search.defaultenginename", "Blekko");Deleted : user_pref("browser.search.selectedEngine", "Blekko");Deleted : user_pref("browser.search.order.1", "Blekko");Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=00[...]Deleted : user_pref("browser.search.selectedEngine", "Search The Web");Deleted : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=photopostb&v=3_1&ent=hp");File : C:Documents and SettingsrdgApplication DataMozillaFirefoxProfiles52gmnolk.defaultprefs.jsDeleted : user_pref("browser.search.selectedEngine", "Search The Web");Deleted : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=photopostb&v=3_1&ent=hp");Deleted : user_pref("extensions.crossriderapp5060.adsOldValue", -1);File : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultprefs.jsC:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfileso6rias0p.defaultuser.js ... Deleted !Deleted : user_pref("CT3227982..clientLogIsEnabled", false);Deleted : user_pref("CT3227982..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]Deleted : user_pref("CT3227982..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]Deleted : user_pref("CT3227982.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Deleted : user_pref("CT3227982.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_1000515", true);Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_129973513209987959", true);Deleted : user_pref("CT3227982.BrowserCompStateIsOpen_9221552460232570768", true);Deleted : user_pref("CT3227982.CT3227982", "CT3227982");Deleted : user_pref("CT3227982.CurrentServerDate", "25-11-2012");Deleted : user_pref("CT3227982.DSInstall", true);Deleted : user_pref("CT3227982.DialogsAlignMode", "LTR");Deleted : user_pref("CT3227982.DialogsGetterLastCheckTime", "Fri Nov 23 2012 16:57:58 GMT-0500 (Eastern Standa[...]Deleted : user_pref("CT3227982.DownloadReferralCookieData", "");Deleted : user_pref("CT3227982.EMailNotifierPollDate", "Sat Nov 24 2012 22:19:33 GMT-0500 (Eastern Standard Ti[...]Deleted : user_pref("CT3227982.FirstServerDate", "24-11-2012");Deleted : user_pref("CT3227982.FirstTime", true);Deleted : user_pref("CT3227982.FirstTimeFF3", true);Deleted : user_pref("CT3227982.FirstTimeHiddenVer", true);Deleted : user_pref("CT3227982.FixPageNotFoundErrors", true);Deleted : user_pref("CT3227982.GroupingServerCheckInterval", 1440);Deleted : user_pref("CT3227982.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");Deleted : user_pref("CT3227982.HPChangedManually", false);Deleted : user_pref("CT3227982.HPInstall", true);Deleted : user_pref("CT3227982.HPProtectChoice", true);Deleted : user_pref("CT3227982.HPProtectCount", 1);Deleted : user_pref("CT3227982.HasUserGlobalKeys", true);Deleted : user_pref("CT3227982.HomePageProtectorEnabled", false);Deleted : user_pref("CT3227982.HomepageBeforeUnload", "www.google.com");Deleted : user_pref("CT3227982.Initialize", true);Deleted : user_pref("CT3227982.InitializeCommonPrefs", true);Deleted : user_pref("CT3227982.InstallationAndCookieDataSentCount", 2);Deleted : user_pref("CT3227982.InstallationType", "Unknown");Deleted : user_pref("CT3227982.InstalledDate", "Fri Nov 23 2012 16:58:11 GMT-0500 (Eastern Standard Time)");Deleted : user_pref("CT3227982.InvalidateCache", false);Deleted : user_pref("CT3227982.IsAlertDBUpdated", true);Deleted : user_pref("CT3227982.IsGrouping", false);Deleted : user_pref("CT3227982.IsInitSetupIni", true);Deleted : user_pref("CT3227982.IsMulticommunity", false);Deleted : user_pref("CT3227982.IsOpenThankYouPage", true);Deleted : user_pref("CT3227982.IsOpenUninstallPage", true);Deleted : user_pref("CT3227982.IsProtectorsInit", true);Deleted : user_pref("CT3227982.LanguagePackLastCheckTime", "Sat Nov 24 2012 22:14:38 GMT-0500 (Eastern Standar[...]Deleted : user_pref("CT3227982.LanguagePackReloadIntervalMM", 1440);Deleted : user_pref("CT3227982.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]Deleted : user_pref("CT3227982.LastLogin_3.16.0.3", "Sat Nov 24 2012 22:14:38 GMT-0500 (Eastern Standard Time)[...]Deleted : user_pref("CT3227982.LatestVersion", "3.16.0.3");Deleted : user_pref("CT3227982.Locale", "en");Deleted : user_pref("CT3227982.MCDetectTooltipHeight", "83");Deleted : user_pref("CT3227982.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Deleted : user_pref("CT3227982.MCDetectTooltipWidth", "295");Deleted : user_pref("CT3227982.MyStuffEnabledAtInstallation", true);Deleted : user_pref("CT3227982.OriginalFirstVersion", "3.16.0.3");Deleted : user_pref("CT3227982.RadioIsPodcast", false);Deleted : user_pref("CT3227982.RadioLastCheckTime", "Sat Nov 24 2012 22:14:41 GMT-0500 (Eastern Standard Time)[...]Deleted : user_pref("CT3227982.RadioLastUpdateIPServer", "3");Deleted : user_pref("CT3227982.RadioLastUpdateServer", "3");Deleted : user_pref("CT3227982.RadioMediaID", "9962");Deleted : user_pref("CT3227982.RadioMediaType", "Media Player");Deleted : user_pref("CT3227982.RadioMenuSelectedID", "EBRadioMenu_CT32279829962");Deleted : user_pref("CT3227982.RadioShrinkedFromSetup", false);Deleted : user_pref("CT3227982.RadioStationName", "California%20Rock");Deleted : user_pref("CT3227982.RadioStationURL", "hxxp://feedlive.net/california.asx");Deleted : user_pref("CT3227982.SavedHomepage", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2Xz[...]Deleted : user_pref("CT3227982.SearchCaption", "appbario8 Customized Web Search");Deleted : user_pref("CT3227982.SearchEngineBeforeUnload", "appbario8 Customized Web Search");Deleted : user_pref("CT3227982.SearchFromAddressBarIsInit", true);Deleted : user_pref("CT3227982.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]Deleted : user_pref("CT3227982.SearchInNewTabEnabled", true);Deleted : user_pref("CT3227982.SearchInNewTabIntervalMM", 1440);Deleted : user_pref("CT3227982.SearchInNewTabLastCheckTime", "Sat Nov 24 2012 22:14:33 GMT-0500 (Eastern Stand[...]Deleted : user_pref("CT3227982.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]Deleted : user_pref("CT3227982.SearchProtectorEnabled", true);Deleted : user_pref("CT3227982.SearchProtectorToolbarDisabled", false);Deleted : user_pref("CT3227982.SendProtectorDataViaLogin", true);Deleted : user_pref("CT3227982.ServiceMapLastCheckTime", "Sat Nov 24 2012 22:14:34 GMT-0500 (Eastern Standard [...]Deleted : user_pref("CT3227982.SettingsLastCheckTime", "Sat Nov 24 2012 22:14:32 GMT-0500 (Eastern Standard Ti[...]Deleted : user_pref("CT3227982.SettingsLastUpdate", "1352877736");Deleted : user_pref("CT3227982.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");Deleted : user_pref("CT3227982.ThirdPartyComponentsInterval", 504);Deleted : user_pref("CT3227982.ThirdPartyComponentsLastCheck", "Fri Nov 23 2012 16:57:56 GMT-0500 (Eastern Sta[...]Deleted : user_pref("CT3227982.ThirdPartyComponentsLastUpdate", "1331805997");Deleted : user_pref("CT3227982.ToolbarShrinkedFromSetup", false);Deleted : user_pref("CT3227982.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227982");Deleted : user_pref("CT3227982.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]Deleted : user_pref("CT3227982.UserID", "UN64530832531677383");Deleted : user_pref("CT3227982.ValidationData_Toolbar", 2);Deleted : user_pref("CT3227982.WeatherNetwork", "");Deleted : user_pref("CT3227982.WeatherPollDate", "Sat Nov 24 2012 23:45:03 GMT-0500 (Eastern Standard Time)");Deleted : user_pref("CT3227982.WeatherUnit", "F");Deleted : user_pref("CT3227982.alertChannelId", "1663751");Deleted : user_pref("CT3227982.autoDisableScopes", 0);Deleted : user_pref("CT3227982.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e.:2z527", "2423");Deleted : user_pref("CT3227982.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e06cg5el8:", "6E6D6C6F6C746E6E6E78");Deleted : user_pref("CT3227982.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737275727A7474747E242F4B4947[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]Deleted : user_pref("CT3227982.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]Deleted : user_pref("CT3227982.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]Deleted : user_pref("CT3227982.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]Deleted : user_pref("CT3227982.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]Deleted : user_pref("CT3227982.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]Deleted : user_pref("CT3227982.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]Deleted : user_pref("CT3227982.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]Deleted : user_pref("CT3227982.backendstorage./9b-0?3g>d", "6B6A6C6E6B3F42437A734345462074494E4B257B7A21512A51[...]Deleted : user_pref("CT3227982.backendstorage./9b-0?3g@6:5;", "");Deleted : user_pref("CT3227982.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");Deleted : user_pref("CT3227982.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]Deleted : user_pref("CT3227982.backendstorage./9b/556,bi5a>g", "6E6D696D70706C707272727974");Deleted : user_pref("CT3227982.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");Deleted : user_pref("CT3227982.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]Deleted : user_pref("CT3227982.backendstorage./9b5ba==9cjag", "6E6E6C6B6C7375447A707979497849787A4C4E7D24");Deleted : user_pref("CT3227982.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6F6C746E6D777270737B");Deleted : user_pref("CT3227982.backendstorage./9b9643g3/9e", "6A");Deleted : user_pref("CT3227982.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");Deleted : user_pref("CT3227982.backendstorage./9b<:222h64<", "393F352F3E");Deleted : user_pref("CT3227982.backendstorage./9b<:222h64<l8daj", "6D7070707673747975752A787A727876752022");Deleted : user_pref("CT3227982.backendstorage./9b=+03eh8h8j?:", "4443");Deleted : user_pref("CT3227982.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]Deleted : user_pref("CT3227982.backendstorage./9b?b0d:8aj62<h", "6D");Deleted : user_pref("CT3227982.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");Deleted : user_pref("CT3227982.backendstorage.bday_installdate", "32342D3130");Deleted : user_pref("CT3227982.backendstorage.bday_installfromtoolbar", "796573");Deleted : user_pref("CT3227982.backendstorage.cbcountry_001", "5553");Deleted : user_pref("CT3227982.backendstorage.cbfirsttime", "467269204E6F7620323320323031322031363A35383A32372[...]Deleted : user_pref("CT3227982.backendstorage.cbopenmamsettings", "30");Deleted : user_pref("CT3227982.backendstorage.ct3227982ads1", "25374225323261647325323225334125354225374225323[...]Deleted : user_pref("CT3227982.backendstorage.ct3227982current_term", "");Deleted : user_pref("CT3227982.backendstorage.ct3227982sdate", "3234");Deleted : user_pref("CT3227982.backendstorage.facebbok_user_cuid_1335838043", "34353562303030312D346639662D303[...]Deleted : user_pref("CT3227982.backendstorage.facebbok_user_id", "31333335383338303433");Deleted : user_pref("CT3227982.backendstorage.facebook_conduit_social_sskey_1335838043", "32323742455774303766[...]Deleted : user_pref("CT3227982.backendstorage.facebook_ctid_connect_send_n", "73656E646564");Deleted : user_pref("CT3227982.backendstorage.facebook_first_visit", "6E6F744669727374");Deleted : user_pref("CT3227982.backendstorage.facebook_loggedin", "796573");Deleted : user_pref("CT3227982.backendstorage.facebook_login_refresh", "302E363531323436323638323731393435");Deleted : user_pref("CT3227982.backendstorage.facebook_login_status", "33");Deleted : user_pref("CT3227982.backendstorage.facebook_lust_recievegadet", "");Deleted : user_pref("CT3227982.backendstorage.facebook_mode", "32");Deleted : user_pref("CT3227982.backendstorage.facebook_user_locale", "656E");Deleted : user_pref("CT3227982.backendstorage.facebook_user_name", "3078303035322C3078303036462C3078303036322C[...]Deleted : user_pref("CT3227982.backendstorage.facebook_user_token", "41414141414D4E753949536742414255556275666[...]Deleted : user_pref("CT3227982.backendstorage.facebooknotifications", "31");Deleted : user_pref("CT3227982.backendstorage.hxxp://facebook_conduitapps_com/v3_13.facebook_last_visit_tab", [...]Deleted : user_pref("CT3227982.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]Deleted : user_pref("CT3227982.components.1000034", false);Deleted : user_pref("CT3227982.components.1000082", false);Deleted : user_pref("CT3227982.components.1000234", true);Deleted : user_pref("CT3227982.components.1000515", true);Deleted : user_pref("CT3227982.components.129837883714037255", false);Deleted : user_pref("CT3227982.components.129973513209987959", false);Deleted : user_pref("CT3227982.components.9043685021158420454", false);Deleted : user_pref("CT3227982.components.9221552460232570768", false);Deleted : user_pref("CT3227982.generalConfigFromLogin", "{"ApiMaxAlerts":"12","SocialDomains":"social.c[...]Deleted : user_pref("CT3227982.globalFirstTimeInfoLastCheckTime", "Fri Nov 23 2012 16:58:00 GMT-0500 (Eastern [...]Deleted : user_pref("CT3227982.homepageProtectorEnableByLogin", true);Deleted : user_pref("CT3227982.initDone", true);Deleted : user_pref("CT3227982.isAppTrackingManagerOn", true);Deleted : user_pref("CT3227982.isFirstRadioInstallation", false);Deleted : user_pref("CT3227982.myStuffEnabled", true);Deleted : user_pref("CT3227982.myStuffPublihserMinWidth", 400);Deleted : user_pref("CT3227982.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]Deleted : user_pref("CT3227982.myStuffServiceIntervalMM", 1440);Deleted : user_pref("CT3227982.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]Deleted : user_pref("CT3227982.navigateToUrlOnSearch", false);Deleted : user_pref("CT3227982.revertSettingsEnabled", true);Deleted : user_pref("CT3227982.searchProtectorDialogDelayInSec", 10);Deleted : user_pref("CT3227982.searchProtectorEnableByLogin", true);Deleted : user_pref("CT3227982.testingCtid", "");Deleted : user_pref("CT3227982.toolbarAppMetaDataLastCheckTime", "Sat Nov 24 2012 22:14:38 GMT-0500 (Eastern S[...]Deleted : user_pref("CT3227982.toolbarContextMenuLastCheckTime", "Fri Nov 23 2012 16:58:11 GMT-0500 (Eastern S[...]Deleted : user_pref("CT3227982.usagesFlag", 2);Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&Search[...]Deleted : user_pref("CommunityToolbar.ConduitSearchList", "appbario8 Customized Web Search");Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227982/CT3227982[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1663751/1656277/US", ""0"[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227982", [...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227982",[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", ""572[...]Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:Documents and SettingsAdministratorApp[...]Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://searchfunmoods.com/?f=1&a=downloa[...]Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3227982");Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3227982");Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3227982");Deleted : user_pref("CommunityToolbar.globalUserId", "acc6fb1b-91ec-4209-a069-663f53e847d2");Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227982");Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Nov 23 2012 16:58:1[...]Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Nov 24 2012 22:14:42 GMT-050[...]Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Deleted : user_pref("CommunityToolbar.notifications.locale", "en");Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Nov 24 2012 22:14:38 GMT-0500 (E[...]Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Deleted : user_pref("CommunityToolbar.notifications.userId", "784ac5d2-c694-4c82-a9a3-fdd5cfff299a");Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=downl[...]Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search");Deleted : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&Sea[...]Deleted : user_pref("extensions.crossriderapp5060.5060.InstallationTime", 1353373100);Deleted : user_pref("extensions.crossriderapp5060.5060.active", true);Deleted : user_pref("extensions.crossriderapp5060.5060.addressbar", "");Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundjs", "nn"undefined"!=typeof _GPL_BG_NEW&&[...]Deleted : user_pref("extensions.crossriderapp5060.5060.backgroundver", 7);Deleted : user_pref("extensions.crossriderapp5060.5060.can_run_bg_code", true);Deleted : user_pref("extensions.crossriderapp5060.5060.certdomaininstaller", "");Deleted : user_pref("extensions.crossriderapp5060.5060.changeprevious", false);Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.InstallationTime.value", "1353373100");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_aoi.value", "1353373100");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.expiration", "Sat Nov 24 2012 23:[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.expiration", "Mon Nov 26 2012 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_country_code.value", "%22US%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_crr.value", "1353813267");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_hotfix20111102645.value", "%221%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_parent_zoneid.value", "%2214019%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_pc_20120828.value", "1353707899068");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_product_id.value", "%221224%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie._GPL_zoneid.value", "%22108481%22");Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]Deleted : user_pref("extensions.crossriderapp5060.5060.cookie.dbtest.value", "1353373565335");Deleted : user_pref("extensions.crossriderapp5060.5060.description", "Savings Sidekick");Deleted : user_pref("extensions.crossriderapp5060.5060.domain", "");Deleted : user_pref("extensions.crossriderapp5060.5060.enablesearch", false);Deleted : user_pref("extensions.crossriderapp5060.5060.fbremoteurl", "");Deleted : user_pref("extensions.crossriderapp5060.5060.group", 0);Deleted : user_pref("extensions.crossriderapp5060.5060.homepage", "");Deleted : user_pref("extensions.crossriderapp5060.5060.iframe", false);Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_appVer.value", "38");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_lastVersion.value", "0");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_meta.value", "%7B%7D");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.expiration", "Sun Nov 25[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_nextCheck.value", "true");Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]Deleted : user_pref("extensions.crossriderapp5060.5060.internaldb.Resources_queue.value", "%7B%7D");Deleted : user_pref("extensions.crossriderapp5060.5060.js", "nnif("undefined"!=typeof _GPL_PLUGIN){var _GP[...]Deleted : user_pref("extensions.crossriderapp5060.5060.manifesturl", "");Deleted : user_pref("extensions.crossriderapp5060.5060.name", "Savings Sidekick");Deleted : user_pref("extensions.crossriderapp5060.5060.newtab", "");Deleted : user_pref("extensions.crossriderapp5060.5060.opensearch", "");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.name", "base");Deleted : user_pref("extensions.crossriderapp5060.5060.plugins.plugin_1.ver", 3);- Google Chrome v24.0.1312.52File : C:Documents and SettingsROBBYLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferencesDeleted [l.446] : homepage = "hxxp://isearch.avg.com?cid=%7B0a90e718-7560-4c2e-9b00-f2e9b1d0cf2a%7D&mid=53ab2fa048[...]File : C:Documents and SettingsAdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences[OK] File is clean.- Opera v11.61.1250.0File : C:Documents and SettingsROBBYApplication DataOperaOperaoperaprefs.ini[OK] File is clean.File : C:Documents and SettingsAdministratorApplication DataOperaOperaoperaprefs.iniDeleted : Home URL=hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0AzyyE[...]*************************AdwCleaner[R1].txt - [44769 octets] - [19/01/2013 10:24:50]AdwCleaner[R2].txt - [44830 octets] - [19/01/2013 10:26:28]AdwCleaner[R3].txt - [40615 octets] - [21/01/2013 12:35:26]AdwCleaner[s1].txt - [41384 octets] - [21/01/2013 18:06:13]########## EOF - C:AdwCleaner[s1].txt - [41445 octets] ##########

Link to comment
Share on other sites

what about the 30 of these I did not remove yet?

C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308126.dll (PUP.MyWebSearch)

 

 

 

Malwarebytes Anti-Malware 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.21.10Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Administrator :: DEAN-426571A0EA [administrator]1/21/2013 7:13:08 PMMBAM-log-2013-01-21 (20-36-17).txtScan type: Full scan (C:|D:|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 418551Time elapsed: 1 hour(s), 19 minute(s), 44 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 30C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308126.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308128.exe (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308129.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308130.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308131.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308132.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308133.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308134.exe (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308135.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308136.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308137.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308138.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308139.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308141.exe (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308142.exe (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308143.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308144.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308145.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308146.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308147.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308148.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308149.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308150.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308151.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308153.exe (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308154.exe (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308155.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308156.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308140.dll (PUP.MyWebSearch) -> No action taken.C:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308158.dll (PUP.MyWebSearch) -> No action taken.(end)

Link to comment
Share on other sites

Those are just "ghosts" in your system restore points. Not a problem. We will reset them as part of our cleanup of our tools.

 

Let's get one more scan. This is an online one. It takes quite a while:

 

Go http://go.eset.com/us/online-scanner"]here[/url] to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

 

Also... please update me as to how things seem to be running now.

Link to comment
Share on other sites

C:Documents and SettingsAdministratorMy DocumentsDownloadsAdawareRemovalTool.exe a variant of Win32/SecurityStronghold applicationC:Documents and SettingsAdministratorMy DocumentsDownloadsRN_ErrorsFix_Setup.exe a variant of Win32/RegistryNuke applicationC:Documents and SettingsAdministratorMy Documentsphotopospro_setup.exe Win32/Toolbar.Zugo applicationC:Documents and SettingsROBBYLocal SettingsApplication DataSunJavaDeploymentcache6.0142f70790e-5eb3d694 a variant of Java/Exploit.CVE-2011-3544.AV trojanC:Documents and SettingsROBBYMy Documentsasc-setup.exe multiple threatsC:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308130.dll a variant of Win32/Toolbar.MyWebSearch.A applicationC:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308136.dll probably a variant of Win32/Toolbar.MyWebSearch.F applicationC:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308137.dll probably a variant of Win32/Toolbar.MyWebSearch.B applicationC:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308140.dll probably a variant of Win32/Toolbar.MyWebSearch.P applicationC:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308145.dll probably a variant of Win32/Toolbar.MyWebSearch applicationC:System Volume Information_restore{5B04C688-5DEE-402F-A978-1BE747E7346B}RP14A0308151.dll a variant of Win32/Toolbar.MyWebSearch.P application

Link to comment
Share on other sites

OK... you need to go into add or remove programs in your control panel and uninstall Java 6. It is very vulnerable. If you need Java installed, then Java 7 update 11 is the current one.

 

Go into the Control Panel and double-click the Java Icon. Posted Image

  • [*]Under Temporary Internet Files, click the
Settings... button [*]click the Delete Files button. [*]There are two options in the window to clear the cache - Leave both Checked
  • [*]
Applications and Applets
Trace and Log Files

[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*]Click OK to leave the Temporary Files Settings [*]Click OK to leave the Java Control Panel.

 

 

Now... how are things running?

Link to comment
Share on other sites

OK all of that is done I already had the update I did as you ask above java 6 is gone as far as the comp it seems ok,I did not see much slow down to start with just did not want things on here getting in my info and stealing my acct numbers and I would of not knew about it if I didn't decide to do a scan and seen I had a bunch of bugs I hardly ever have these problems I let my girl friend get on this one a few times and I guess she went somewhere she shouldnt or I could of did it Because I am very quick to download something and try it out and click to fast not reading .....My main problem was when I went to delete it in malewarebytes it messed up my windows were it would not boot and I was getting the blue screen and I had to do a system restore using the windows disc and I was on the edge of doing a complete format that was my next move...I hated to lose all my pics and files I had just about got everything backed up to disc and stiick drives but now it pretty much clean if anything else I need to do just let me know.

Link to comment
Share on other sites

I think you're good to go.

 

I will say that some of the garbage appears to have come through facebook. I don't use facebook so I don't know really how things work there...but do you download stuff through it? If so... I suggest you be more careful of what you click on.

 

Time for some housekeeping

  • [*]Click
START then RUN [*] [*]Now type ComboFix /Uninstall in the runbox and click OK. [*]Note the space between the X and the U, it needs to be there. [*]Posted Image

The above procedure will:

  • [*]Implement some cleanup procedures. [*]Reset System Restore.

 

 

Now to remove most of the tools that we have used in fixing your machine:

  • [*]Make sure you have an Internet Connection. [*]Download
OTC to your desktop and run it [*]A list of tool components used in the cleanup of malware will be downloaded. [*]If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so. [*]Click Yes to begin the cleanup process and remove these components, including this application. [*]You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

 

 

Any tools left at this point (or logs) can simply be deleted.

Please re-enable any security that was disabled.

 


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to comment
Share on other sites

 Share

×
×
  • Create New...