Jump to content

im infected but i did th steps


Recommended Posts

i did thease steps i still need help !!!!

Please do not reply to another users post in the Malware Removal - HijackThis Logs sub-forum.

If you're infected or think you are please start your own topic as needed after reading the information below.

Our program, Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.

Please download, install, update and do a Quick Scan with Malwarebytes' Anti-Malware

If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection.

If you're still experiencing issues after running the above procedures then please follow the instructions below.

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult.

Download DDS from here: dds.scr or here: dds.com and save it to your desktop.

dds.txt

attach.txt

Link to post
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.28.06

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 7.0.5730.11

Anthony :: TONYPRO [administrator]

Protection: Enabled

1/31/2012 5:39:41 PM

mbam-log-2012-01-31 (17-39-41).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 276497

Time elapsed: 3 hour(s), 42 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

There's malware on the system, but for some reason MBAM didn't catch it, lets do this:

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

-------------------------

Next.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

ok both OLT scans in this exact ordere OLT.txt and Extras.txt

OTL logfile created on: 2/1/2012 7:24:55 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Anthony\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 165.02 Mb Available Physical Memory | 16.27% Memory free

2.39 Gb Paging File | 1.67 Gb Available in Paging File | 70.04% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 105.09 Gb Total Space | 34.85 Gb Free Space | 33.16% Space Free | Partition Type: NTFS

Drive D: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TONYPRO | User Name: Anthony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 18:45:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

PRC - [2012/02/01 18:45:02 | 001,201,664 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\RogueKiller(2).exe

PRC - [2012/01/28 17:08:09 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

PRC - [2012/01/28 17:07:44 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Anthony\Local Settings\Application Data\Akamai\netsession_win.exe

PRC - [2011/12/10 00:26:10 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2011/03/24 02:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe

PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/25 00:37:54 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2006/08/22 16:32:18 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe

PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2006/03/25 00:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005/02/23 16:57:24 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Mixer\CTSVolFE.exe

PRC - [2004/08/10 06:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

PRC - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/31 18:38:17 | 003,342,112 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_e286960.dll

MOD - [2012/01/28 17:08:09 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

MOD - [2012/01/28 17:07:44 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2011/12/15 09:01:39 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/06 12:06:34 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll

MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/02/05 13:14:43 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2006/10/25 00:37:54 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

MOD - [2006/09/13 02:04:56 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll

MOD - [2006/09/13 02:04:50 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

MOD - [2006/08/03 19:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

MOD - [2005/10/13 14:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll

MOD - [2004/08/10 06:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/10 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

MOD - [2004/08/10 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2003/09/10 03:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSIServer)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2012/01/31 18:38:17 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_e286960.dll -- (Akamai)

SRV - [2012/01/28 17:08:09 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/08 14:30:00 | 004,100,400 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2005/10/06 17:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - [2012/02/01 18:45:22 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\MpKslb0b89d7d.sys -- (MpKslb0b89d7d)

DRV - [2011/12/29 16:24:13 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\apf001.sys -- (apf001)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2006/09/13 02:04:56 | 000,563,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2006/08/25 08:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/03/25 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)

DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)

DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/07/14 11:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2005/07/14 10:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2005/07/12 12:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2004/08/10 06:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2004/08/10 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2004/08/10 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={9640CF67-6CE5-46B6-8960-0AFE158958C5}&mid=f31198c0f6c347d1b373d15c838a38c6-c11ececb7819363e84e909a4cb78f5147833870f〈=en&ds=ir011&pr=sa&d=2012-01-28 17:08:13&v=10.0.0.7&sap=hp

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\..\URLSearchHook: {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - C:\Program Files\flvto.com_Freecorder\prxtbflvt.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaultthis.engineName: "flvto.com Freecorder Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3065462&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1

FF - prefs.js..extensions.enabledItems: {1283e7d0-b598-4b2d-a20f-59a9dde270a8}:3.8.0.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B54D9315-8BF4-4540-9FD5-90C04917E79E}:1.9.1

FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=panda&type=panda2_0yatb&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Anthony\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Anthony\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/04 13:16:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B54D9315-8BF4-4540-9FD5-90C04917E79E}: C:\Documents and Settings\Anthony\Local Settings\Application Data\{B54D9315-8BF4-4540-9FD5-90C04917E79E} [2009/10/21 23:11:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/15 09:26:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/10 00:26:30 | 000,000,000 | ---D | M]

[2009/03/15 15:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Extensions

[2012/02/01 18:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\extensions

[2011/11/27 13:56:07 | 000,000,000 | ---D | M] (flvto.com Freecorder Community Toolbar) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\extensions\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}

[2011/11/27 13:56:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/10/24 16:05:43 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

[2011/10/19 13:04:42 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\searchplugins\conduit.xml

[2009/05/06 16:54:33 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\searchplugins\live-search.xml

[2012/02/01 18:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2006/11/29 12:55:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/10/14 20:00:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/08/16 03:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2009/10/21 23:11:05 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ANTHONY\LOCAL SETTINGS\APPLICATION DATA\{B54D9315-8BF4-4540-9FD5-90C04917E79E}

[2011/08/16 03:46:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/08/16 03:46:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

[2012/01/28 17:07:22 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={9640CF67-6CE5-46B6-8960-0AFE158958C5}&mid=f31198c0f6c347d1b373d15c838a38c6-c11ececb7819363e84e909a4cb78f5147833870f〈=en&ds=ir011&pr=sa&d=2012-01-28 17:08:13&v=10.0.0.7&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google Search = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Complitly plugin for chrome = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Gmail = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/08/12 23:04:23 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Anthony\Application Data\Complitly\Complitly.dll (SimplyGen)

O2 - BHO: (flvto.com Freecorder Toolbar) - {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - C:\Program Files\flvto.com_Freecorder\prxtbflvt.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (flvto.com Freecorder Toolbar) - {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - C:\Program Files\flvto.com_Freecorder\prxtbflvt.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O3 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Anthony\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [] File not found

O4 - HKU\S-1-5-18..\RunOnce: [] File not found

O4 - HKU\S-1-5-19..\RunOnce: [] File not found

O4 - HKU\S-1-5-20..\RunOnce: [] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3030141609-3501611635-1195199801-1006\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by130fd.bay130.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83441824-BE84-4799-A475-F6F88AE25609}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECC88AE9-A91D-4599-B822-73AC9317892C}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anthony\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O33 - MountPoints2\{3e25571e-67f0-11dc-906a-0015c56ed135}\Shell\AutoRun\command - "" = E:\setupSNK.exe

O33 - MountPoints2\{d268ced4-c0b5-11e0-90c9-0015c56ed135}\Shell\AutoRun\command - "" = E:\setupSNK.exe

O33 - MountPoints2\{f769ae61-31b7-11e1-9153-0015c56ed135}\Shell - "" = AutoRun

O33 - MountPoints2\{f769ae61-31b7-11e1-9153-0015c56ed135}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f769ae61-31b7-11e1-9153-0015c56ed135}\Shell\AutoRun\command - "" = E:\HWPcAssistant.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 18:45:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

[2012/02/01 18:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Desktop\RK_Quarantine

[2012/01/30 21:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\InstallShield

[2012/01/28 17:38:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Anthony\Start Menu\Programs\Administrative Tools

[2012/01/28 17:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\Malwarebytes

[2012/01/28 17:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/28 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/01/28 17:29:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/28 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/28 17:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair

[2012/01/28 17:09:38 | 000,000,000 | ---D | C] -- C:\rei

[2012/01/28 17:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage

[2012/01/28 17:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\AVG Secure Search

[2012/01/28 17:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2012/01/28 17:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/01/28 17:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search

[2012/01/28 16:57:53 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

[2012/01/28 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\stinger

[2012/01/28 00:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2012/01/21 22:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Local Settings\Application Data\PCHealth

[2012/01/21 22:37:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2012/01/21 12:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Local Settings\Application Data\Babylon

[2012/01/21 12:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\Babylon

[2012/01/21 12:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\My Documents\WoW-BurningCrusade-enGB-Full-Installer

[2012/01/21 11:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft.temp

[2012/01/19 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Public Test

[2012/01/19 21:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft Public Test

[2012/01/17 16:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\My Documents\PTR Installer 4.0.0.12824 enUS

[2012/01/17 10:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/01/17 09:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/01/17 09:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/01/17 09:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/01/17 09:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Local Settings\Application Data\Apple

[2012/01/17 09:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012/01/17 09:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2012/01/17 09:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/01/17 09:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/01/17 09:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2012/01/16 21:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Local Settings\Application Data\assembly

[2012/01/06 11:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft

[2012/01/06 05:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Deadhunt Demo

[2012/01/06 05:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Deadhunt Demo

[2012/01/03 20:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Local Settings\Application Data\GameTuts

[2012/01/03 20:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony\Application Data\GameTuts

[55 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Anthony\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Anthony\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 19:41:06 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/01 19:41:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/01 19:13:08 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3030141609-3501611635-1195199801-1006UA.job

[2012/02/01 19:13:04 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3030141609-3501611635-1195199801-1006Core.job

[2012/02/01 18:45:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony\Desktop\OTL.exe

[2012/02/01 18:45:19 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2012/02/01 18:45:02 | 001,201,664 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\RogueKiller(2).exe

[2012/02/01 18:44:55 | 001,201,664 | ---- | M] () -- C:\Documents and Settings\Anthony\Desktop\RogueKiller.exe

[2012/01/31 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job

[2012/01/30 22:59:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2012/01/30 22:51:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/30 22:51:12 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/30 22:37:16 | 000,000,373 | -HS- | M] () -- C:\boot.ini

[2012/01/30 21:39:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/29 14:10:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/01/29 02:15:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini

[2012/01/28 17:11:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job

[2012/01/28 17:11:20 | 000,000,144 | ---- | M] () -- C:\WINDOWS\wwwbatch.ini

[2012/01/28 16:57:53 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys

[2012/01/28 16:13:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2012/01/26 04:36:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job

[2012/01/26 03:58:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Defrag.job

[2012/01/23 17:06:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/01/21 23:11:45 | 000,523,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/21 23:11:45 | 000,097,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/21 22:36:49 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/21 22:08:27 | 003,153,920 | ---- | M] () -- C:\Documents and Settings\Anthony\secsetup.sdb

[2012/01/20 20:25:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/20 17:21:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2012/01/20 00:06:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/19 20:28:13 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2012/01/17 10:01:01 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/01/16 17:45:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[55 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Anthony\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Anthony\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 18:45:19 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys

[2012/02/01 18:45:03 | 001,201,664 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\RogueKiller(2).exe

[2012/02/01 18:44:56 | 001,201,664 | ---- | C] () -- C:\Documents and Settings\Anthony\Desktop\RogueKiller.exe

[2012/01/28 17:11:24 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job

[2012/01/28 17:11:21 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini

[2012/01/28 17:10:09 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini

[2012/01/21 22:08:25 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Anthony\secsetup.sdb

[2012/01/19 20:28:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2012/01/19 20:28:12 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2012/01/17 10:01:01 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/01/13 13:25:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/29 16:24:13 | 000,012,920 | ---- | C] () -- C:\WINDOWS\System32\apl001.sys

[2011/12/29 16:24:11 | 000,010,872 | ---- | C] () -- C:\WINDOWS\System32\apf001.sys

[2011/10/09 21:35:44 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini

[2011/08/07 03:37:47 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/10/21 23:11:07 | 000,023,265 | ---- | C] () -- C:\WINDOWS\Gsewo.dat

[2009/10/21 23:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jmiyijaduxo.bin

[2008/06/18 16:14:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Anthony\Application Data\$_hpcst$.hpc

[2007/01/16 14:46:35 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/12/14 10:58:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2006/11/29 13:02:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/11/29 12:55:13 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006/11/29 12:54:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/11/29 12:53:47 | 000,000,085 | ---- | C] () -- C:\WINDOWS\gbsaver.ini

[2006/11/29 11:55:52 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Anthony\Local Settings\Application Data\fusioncache.dat

[2006/11/23 06:40:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/11/23 06:33:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/11/23 06:29:36 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/11/23 06:21:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2006/11/23 06:21:25 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2006/11/23 06:21:25 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2006/11/23 05:58:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2006/11/23 05:58:16 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2006/11/23 05:57:40 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/10/17 12:02:20 | 000,991,232 | ---- | C] () -- C:\WINDOWS\System32\ieframe.dll.mui

[2005/12/15 21:44:17 | 000,159,740 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe

[2005/12/15 21:33:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Cleanup.exe

[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/16 05:27:59 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/08/16 05:18:33 | 000,523,102 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/08/16 05:18:33 | 000,097,386 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/08/16 05:18:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2005/08/16 05:18:07 | 001,054,208 | ---- | C] () -- C:\WINDOWS\System32\danim.dll

[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/05/01 21:06:38 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\lftif11n.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/08/13 13:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/01/28 17:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/08/07 01:44:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream

[2012/01/28 16:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/10/09 13:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto

[2011/08/12 13:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler

[2011/12/29 12:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011/08/12 13:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc

[2012/01/30 21:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/01/17 10:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/01/28 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\AVG Secure Search

[2012/01/21 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Babylon

[2011/10/24 16:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Complitly

[2006/12/14 11:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\ConvertTemp

[2011/08/12 13:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\DriverCure

[2012/01/03 20:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\GameTuts

[2011/10/15 14:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\ijjigame

[2006/11/29 12:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Leadertech

[2006/11/29 12:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\MSNInstaller

[2011/10/09 13:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Otto

[2012/01/18 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\PriceGong

[2006/12/14 11:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Samsung

[2011/08/12 13:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\SpeedMaxPc

[2006/12/14 11:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\Temporary

[2006/12/14 11:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony\Application Data\TransRender

[2012/01/30 22:59:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2012/01/28 17:11:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job

[2012/01/26 03:58:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Defrag.job

[2012/01/31 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job

[2012/01/26 04:36:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Update3.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 383 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B

< End of report >

OTL Extras logfile created on: 2/1/2012 7:24:55 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Anthony\Desktop

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 165.02 Mb Available Physical Memory | 16.27% Memory free

2.39 Gb Paging File | 1.67 Gb Available in Paging File | 70.04% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 105.09 Gb Total Space | 34.85 Gb Free Space | 33.16% Space Free | Partition Type: NTFS

Drive D: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: TONYPRO | User Name: Anthony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 0

"DisableConfig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

"56289:TCP" = 56289:TCP:*:Enabled:Pando Media Booster

"56289:UDP" = 56289:UDP:*:Enabled:Pando Media Booster

"58944:TCP" = 58944:TCP:*:Enabled:Pando Media Booster

"58944:UDP" = 58944:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service

"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience

"56289:TCP" = 56289:TCP:*:Enabled:Pando Media Booster

"56289:UDP" = 56289:UDP:*:Enabled:Pando Media Booster

"58944:TCP" = 58944:TCP:*:Enabled:Pando Media Booster

"58944:UDP" = 58944:UDP:*:Enabled:Pando Media Booster

"1682:TCP" = 1682:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\PRTG Network Monitor\PRTG Probe.exe" = C:\Program Files\PRTG Network Monitor\PRTG Probe.exe:*:Enabled:PRTG_Network_Monitor_Probe

"C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe:*:Enabled:PRTG_Network_Monitor_Admin_Tool

"C:\Program Files\PRTG Network Monitor\PRTG Server.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server.exe:*:Enabled:PRTG_Network_Monitor_Server

"C:\Documents and Settings\Anthony\Local Settings\Temp\7zSA8.tmp\SymNRT.exe" = C:\Documents and Settings\Anthony\Local Settings\Temp\7zSA8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"C:\Documents and Settings\Anthony\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Anthony\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)

"C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37A15ADB-08C3-4045-B830-31F68ADEBCE4}" = Samsung PC Studio

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly

"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR

"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007

"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Akamai" = Akamai NetSession Interface

"AVG Secure Search" = AVG Security Toolbar

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo

"Deadhunt (demo)_is1" = Deadhunt Demo

"EHome Devices" = Media Center Extender

"EmeraldQFE2" = Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

"ESPNMotion" = ESPNMotion

"flvto.com_Freecorder Toolbar" = flvto.com Freecorder Toolbar

"Freecorder5.05" = Freecorder 5

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Pack Screensaver" = Google Pack Screensaver

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MIXERLITE" = Mixer

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OUTLOOKR" = Microsoft Office Outlook 2007 Trial

"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator

"Picasa2" = Picasa 2

"Reimage Repair" = Reimage Repair

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WIC" = Windows Imaging Component

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WMCSetup" = Windows Media Connect

"World of Warcraft Public Test" = World of Warcraft Public Test

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3030141609-3501611635-1195199801-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/29/2012 10:54:50 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/29/2012 11:04:51 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/29/2012 11:15:40 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/29/2012 11:25:49 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 12:44:05 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:02:33 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:02:33 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:12:50 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:32:44 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 2/1/2012 2:44:21 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

[ Application Events ]

Error - 1/29/2012 10:54:50 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/29/2012 11:04:51 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/29/2012 11:15:40 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/29/2012 11:25:49 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 12:44:05 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:02:33 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:02:33 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:12:50 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 9:32:44 PM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

Error - 2/1/2012 2:44:21 AM | Computer Name = TONYPRO | Source = EventSystem | ID = 4609

Description = The COM+ Event System detected a bad return code during its internal

processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Please contact Microsoft Product Support Services to report this erro

[ System Events ]

Error - 1/31/2012 11:53:17 PM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/31/2012 11:53:17 PM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/31/2012 11:53:17 PM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 1/31/2012 11:53:17 PM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/1/2012 12:47:00 AM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/1/2012 12:47:07 AM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/1/2012 12:47:14 AM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/1/2012 12:47:20 AM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/1/2012 12:47:28 AM | Computer Name = TONYPRO | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/1/2012 7:36:19 PM | Computer Name = TONYPRO | Source = Service Control Manager | ID = 7024

Description = The Messenger service terminated with service-specific error 2270

(0x8DE).

< End of report >

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

It's possible, before you run ComboFix, please run TDSSKiller:

Please download and run TDSSKiller as outlined in the post below:

http://forums.malwar...howtopic=104821

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Post back the log, MrC

Link to post
Share on other sites

ComboFix 12-02-02.02 - Anthony 02/02/2012 19:51:02.1.2 - x86

Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Anthony\Application Data\PriceGong

c:\documents and settings\Anthony\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\2256.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\450.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Anthony\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Anthony\Local Settings\Application Data\assembly\tmp

c:\windows\Downloaded Installations\BMP

c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\1033.MST

c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\BACS.msi

c:\windows\Downloaded Installations\BMP\{77976D5E-C17A-49E5-A91B-D7BFA08301CB}\1033.MST

c:\windows\Downloaded Installations\BMP\{77976D5E-C17A-49E5-A91B-D7BFA08301CB}\BACS.msi

c:\windows\EventSystem.log

c:\windows\Google Pack Screensaver Uninstaller.exe

c:\windows\isRS-000.tmp

c:\windows\kb913800.exe

c:\windows\system32\_000003_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000010_.tmp.dll

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\_000019_.tmp.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\SET100.tmp

c:\windows\system32\SET106.tmp

c:\windows\system32\SET107.tmp

c:\windows\system32\SET110.tmp

c:\windows\system32\SET111.tmp

c:\windows\system32\SET118.tmp

c:\windows\system32\SET119.tmp

c:\windows\system32\SET12D.tmp

c:\windows\system32\SET12F.tmp

c:\windows\system32\SET145.tmp

c:\windows\system32\SET146.tmp

c:\windows\system32\SET147.tmp

c:\windows\system32\SET148.tmp

c:\windows\system32\SET149.tmp

c:\windows\system32\SET14B.tmp

c:\windows\system32\SET14D.tmp

c:\windows\system32\SET14E.tmp

c:\windows\system32\SET150.tmp

c:\windows\system32\SET151.tmp

c:\windows\system32\SET169.tmp

c:\windows\system32\SET16A.tmp

c:\windows\system32\SET16C.tmp

c:\windows\system32\SET16D.tmp

c:\windows\system32\SET16F.tmp

c:\windows\system32\SET171.tmp

c:\windows\system32\SET172.tmp

c:\windows\system32\SET174.tmp

c:\windows\system32\SET175.tmp

c:\windows\system32\SET176.tmp

c:\windows\system32\SET1A2.tmp

c:\windows\system32\SET1A4.tmp

c:\windows\system32\SET1A6.tmp

c:\windows\system32\SET1AB.tmp

c:\windows\system32\SET1BB.tmp

c:\windows\system32\SET1C4.tmp

c:\windows\system32\SET1D1.tmp

c:\windows\system32\SET1D4.tmp

c:\windows\system32\SET1E4.tmp

c:\windows\system32\SET1E9.tmp

c:\windows\system32\SET1F9.tmp

c:\windows\system32\SET1FB.tmp

c:\windows\system32\SET1FD.tmp

c:\windows\system32\SET200.tmp

c:\windows\system32\SET209.tmp

c:\windows\system32\SET20E.tmp

c:\windows\system32\SET210.tmp

c:\windows\system32\SET213.tmp

c:\windows\system32\SET215.tmp

c:\windows\system32\SET217.tmp

c:\windows\system32\SET66.tmp

c:\windows\system32\SET68.tmp

c:\windows\system32\SETF0.tmp

c:\windows\system32\SETF7.tmp

c:\windows\system32\SETFF.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))

.

.

2012-02-03 00:33 . 2012-02-03 00:33 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\MpKslc144a3af.sys

2012-02-03 00:22 . 2012-02-03 00:22 98992 ----a-w- c:\windows\system32\drivers\50557384.sys

2012-02-01 23:45 . 2012-02-01 23:45 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-01-31 02:07 . 2012-01-31 02:07 -------- d-----w- c:\documents and settings\Anthony\Application Data\InstallShield

2012-01-30 01:35 . 2012-01-30 01:35 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\offreg.dll

2012-01-29 06:45 . 2012-01-17 09:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\mpengine.dll

2012-01-28 22:30 . 2012-01-28 22:30 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes

2012-01-28 22:29 . 2012-01-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-28 22:29 . 2012-02-02 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-28 22:29 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-28 22:09 . 2012-01-31 01:52 -------- d-----w- C:\rei

2012-01-28 22:08 . 2012-01-28 22:08 -------- d-----w- c:\program files\Reimage

2012-01-28 22:08 . 2012-01-28 22:08 -------- d-----w- c:\documents and settings\Anthony\Application Data\AVG Secure Search

2012-01-28 22:08 . 2012-01-28 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-01-28 22:07 . 2012-01-28 22:07 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-01-28 22:07 . 2012-01-28 22:08 -------- d-----w- c:\program files\AVG Secure Search

2012-01-28 21:57 . 2012-01-28 21:57 14664 ----a-w- c:\windows\stinger.sys

2012-01-28 21:54 . 2012-01-28 23:06 -------- d-----w- c:\program files\stinger

2012-01-28 05:55 . 2012-01-28 05:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2012-01-22 03:54 . 2012-01-22 03:54 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\PCHealth

2012-01-22 03:37 . 2012-02-02 12:45 -------- d-----w- c:\windows\system32\NtmsData

2012-01-22 01:25 . 2012-01-22 01:25 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-21 17:07 . 2012-01-21 17:07 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Babylon

2012-01-21 17:07 . 2012-01-21 17:07 -------- d-----w- c:\documents and settings\Anthony\Application Data\Babylon

2012-01-21 16:09 . 2012-01-22 01:25 -------- d-----w- c:\program files\World of Warcraft.temp

2012-01-20 02:10 . 2012-01-29 18:40 -------- d-----w- c:\program files\World of Warcraft Public Test

2012-01-20 01:28 . 2012-01-20 01:28 1409 ----a-w- c:\windows\QTFont.for

2012-01-17 14:59 . 2012-01-17 14:59 -------- d-----w- c:\program files\iPod

2012-01-17 14:59 . 2012-01-17 15:00 -------- d-----w- c:\program files\iTunes

2012-01-17 14:59 . 2012-01-17 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-17 14:57 . 2012-01-17 14:57 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Apple

2012-01-17 14:57 . 2012-01-17 14:57 -------- d-----w- c:\program files\Apple Software Update

2012-01-17 14:57 . 2012-01-17 14:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-01-17 14:56 . 2011-08-02 22:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-17 14:56 . 2011-08-02 22:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-17 14:55 . 2012-01-17 14:55 -------- d-----w- c:\program files\Bonjour

2012-01-17 14:55 . 2012-01-17 14:59 -------- d-----w- c:\program files\Common Files\Apple

2012-01-17 14:55 . 2012-01-17 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2012-01-17 02:22 . 2012-02-03 01:14 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\assembly

2012-01-06 16:50 . 2012-01-31 02:07 -------- d-----w- c:\program files\NCSoft

2012-01-06 10:08 . 2012-01-13 06:11 -------- d-----w- c:\program files\Deadhunt Demo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-17 09:39 . 2011-08-14 06:25 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-29 21:24 . 2011-12-29 21:24 12920 ----a-w- c:\windows\system32\apl001.sys

2011-12-29 21:24 . 2011-12-29 21:24 10872 ----a-w- c:\windows\system32\apf001.sys

2011-12-15 14:01 . 2011-08-06 04:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-07 15:08 . 2011-08-13 20:16 236576 ------w- c:\windows\system32\MpSigStub.exe

2011-11-27 03:23 . 2011-11-27 03:22 664 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\d3d9caps.tmp

2011-08-06 02:42 . 2006-12-09 02:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1283e7d0-b598-4b2d-a20f-59a9dde270a8}"= "c:\program files\flvto.com_Freecorder\prxtbflvt.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}]

2011-05-09 08:49 176936 ----a-w- c:\program files\flvto.com_Freecorder\prxtbflvt.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-28 22:07 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1283e7d0-b598-4b2d-a20f-59a9dde270a8}"= "c:\program files\flvto.com_Freecorder\prxtbflvt.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-28 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Akamai NetSession Interface"="c:\documents and settings\Anthony\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-13 3305760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-06 30192]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-09-13 1384448]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-28 939872]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Anthony\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Documents and Settings\\Anthony\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Remote Media Center Experience

"56289:TCP"= 56289:TCP:Pando Media Booster

"56289:UDP"= 56289:UDP:Pando Media Booster

"58944:TCP"= 58944:TCP:Pando Media Booster

"58944:UDP"= 58944:UDP:Pando Media Booster

"1163:TCP"= 1163:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 atqhqzna;atqhqzna;c:\windows\system32\drivers\atqhqzna.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 136176]

R3 apf001;apf001;c:\windows\system32\apf001.sys [2011-12-29 10872]

R3 cpuz134;cpuz134;c:\docume~1\Anthony\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-08-06 30192]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 136176]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-08 4100400]

S1 MpKslc144a3af;MpKslc144a3af;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\MpKslc144a3af.sys [2012-02-03 29904]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2004-08-10 14336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-28 909152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 09320109

*NewlyCreated* - MPKSLC144A3AF

*Deregistered* - 09320109

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-01-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-08 01:10]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 04:50]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 04:50]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030141609-3501611635-1195199801-1006Core.job

- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 20:03]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030141609-3501611635-1195199801-1006UA.job

- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 20:03]

.

2012-02-02 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

2012-01-28 c:\windows\Tasks\Reimage Reminder.job

- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2012-01-22 09:58]

.

2012-01-31 c:\windows\Tasks\SpeedMaxPc Registration3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2010-11-02 18:09]

.

2012-01-26 c:\windows\Tasks\SpeedMaxPc Update3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2010-11-02 18:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.avg.com/?cid={9640CF67-6CE5-46B6-8960-0AFE158958C5}&mid=f31198c0f6c347d1b373d15c838a38c6-c11ececb7819363e84e909a4cb78f5147833870f〈=en&ds=ir011&pr=sa&d=2012-01-28 17:08&v=10.0.0.7&sap=hp

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3065462&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=panda&type=panda2_0yatb&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {B54D9315-8BF4-4540-9FD5-90C04917E79E} - c:\documents and settings\Anthony\Local Settings\Application Data\{B54D9315-8BF4-4540-9FD5-90C04917E79E}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: flvto.com Freecorder Community Toolbar: {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - %profile%\extensions\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}

FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Google Pack Screensaver - c:\windows\Google Pack Screensaver Uninstaller.exe

AddRemove-pcsx2-r4600 - c:\documents and settings\Anthony\Desktop\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-02 20:18

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3030141609-3501611635-1195199801-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Completion time: 2012-02-02 20:35:19

ComboFix-quarantined-files.txt 2012-02-03 01:35

.

Pre-Run: 38,442,881,024 bytes free

Post-Run: 40,124,190,720 bytes free

.

- - End Of File - - EC0B635858F21EF54E7CACEC752C24A9

Link to post
Share on other sites

Please do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

Driver::

50557384

atqhqzna

File::

c:\windows\system32\drivers\50557384.sys

c:\windows\system32\drivers\atqhqzna.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

-----------------------------

Then,,,,,,,,

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.03.02

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 7.0.5730.11

Anthony :: TONYPRO [administrator]

Protection: Enabled

2/2/2012 9:57:56 PM

mbam-log-2012-02-02 (21-57-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191556

Time elapsed: 25 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

ComboFix 12-02-02.02 - Anthony 02/02/2012 21:13:16.2.2 - x86

Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Anthony\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\windows\system32\drivers\50557384.sys"

"c:\windows\system32\drivers\atqhqzna.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_atqhqzna

.

.

((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))

.

.

2012-02-03 02:48 . 2012-02-03 02:48 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\MpKslc79baf7b.sys

2012-02-03 00:22 . 2012-02-03 00:22 98992 ----a-w- c:\windows\system32\drivers\50557384.sys

2012-02-01 23:45 . 2012-02-01 23:45 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-01-31 02:07 . 2012-01-31 02:07 -------- d-----w- c:\documents and settings\Anthony\Application Data\InstallShield

2012-01-30 01:35 . 2012-01-30 01:35 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\offreg.dll

2012-01-29 06:45 . 2012-01-17 09:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A24C61A-D716-4810-8292-8FAD09714CD4}\mpengine.dll

2012-01-28 22:30 . 2012-01-28 22:30 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes

2012-01-28 22:29 . 2012-01-28 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-28 22:29 . 2012-02-02 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-28 22:29 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-28 22:09 . 2012-01-31 01:52 -------- d-----w- C:\rei

2012-01-28 22:08 . 2012-01-28 22:08 -------- d-----w- c:\program files\Reimage

2012-01-28 22:08 . 2012-01-28 22:08 -------- d-----w- c:\documents and settings\Anthony\Application Data\AVG Secure Search

2012-01-28 22:08 . 2012-01-28 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-01-28 22:07 . 2012-01-28 22:07 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-01-28 22:07 . 2012-01-28 22:08 -------- d-----w- c:\program files\AVG Secure Search

2012-01-28 21:57 . 2012-01-28 21:57 14664 ----a-w- c:\windows\stinger.sys

2012-01-28 21:54 . 2012-01-28 23:06 -------- d-----w- c:\program files\stinger

2012-01-28 05:55 . 2012-01-28 05:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2012-01-22 03:54 . 2012-01-22 03:54 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\PCHealth

2012-01-22 03:37 . 2012-02-03 02:37 -------- d-----w- c:\windows\system32\NtmsData

2012-01-22 01:25 . 2012-01-22 01:25 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-21 17:07 . 2012-01-21 17:07 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Babylon

2012-01-21 17:07 . 2012-01-21 17:07 -------- d-----w- c:\documents and settings\Anthony\Application Data\Babylon

2012-01-21 16:09 . 2012-01-22 01:25 -------- d-----w- c:\program files\World of Warcraft.temp

2012-01-20 02:10 . 2012-01-29 18:40 -------- d-----w- c:\program files\World of Warcraft Public Test

2012-01-20 01:28 . 2012-01-20 01:28 1409 ----a-w- c:\windows\QTFont.for

2012-01-17 14:59 . 2012-01-17 14:59 -------- d-----w- c:\program files\iPod

2012-01-17 14:59 . 2012-01-17 15:00 -------- d-----w- c:\program files\iTunes

2012-01-17 14:59 . 2012-01-17 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-17 14:57 . 2012-01-17 14:57 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Apple

2012-01-17 14:57 . 2012-01-17 14:57 -------- d-----w- c:\program files\Apple Software Update

2012-01-17 14:57 . 2012-01-17 14:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-01-17 14:56 . 2011-08-02 22:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-17 14:56 . 2011-08-02 22:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-17 14:55 . 2012-01-17 14:55 -------- d-----w- c:\program files\Bonjour

2012-01-17 14:55 . 2012-01-17 14:59 -------- d-----w- c:\program files\Common Files\Apple

2012-01-17 14:55 . 2012-01-17 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2012-01-17 02:22 . 2012-02-03 01:14 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\assembly

2012-01-06 16:50 . 2012-01-31 02:07 -------- d-----w- c:\program files\NCSoft

2012-01-06 10:08 . 2012-01-13 06:11 -------- d-----w- c:\program files\Deadhunt Demo

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-17 09:39 . 2011-08-14 06:25 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-29 21:24 . 2011-12-29 21:24 12920 ----a-w- c:\windows\system32\apl001.sys

2011-12-29 21:24 . 2011-12-29 21:24 10872 ----a-w- c:\windows\system32\apf001.sys

2011-12-15 14:01 . 2011-08-06 04:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-07 15:08 . 2011-08-13 20:16 236576 ------w- c:\windows\system32\MpSigStub.exe

2011-11-27 03:23 . 2011-11-27 03:22 664 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\d3d9caps.tmp

2011-08-06 02:42 . 2006-12-09 02:30 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-03_01.19.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-03 02:45 . 2012-02-03 02:45 16384 c:\windows\Temp\Perflib_Perfdata_738.dat

+ 2012-02-03 02:45 . 2012-02-03 02:45 16384 c:\windows\Temp\Perflib_Perfdata_334.dat

+ 2012-02-03 02:45 . 2012-02-03 02:45 16384 c:\windows\Temp\Perflib_Perfdata_318.dat

+ 2012-02-03 02:45 . 2012-02-03 02:45 16384 c:\windows\Temp\Perflib_Perfdata_2c0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1283e7d0-b598-4b2d-a20f-59a9dde270a8}"= "c:\program files\flvto.com_Freecorder\prxtbflvt.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}]

2011-05-09 08:49 176936 ----a-w- c:\program files\flvto.com_Freecorder\prxtbflvt.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-28 22:07 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1283e7d0-b598-4b2d-a20f-59a9dde270a8}"= "c:\program files\flvto.com_Freecorder\prxtbflvt.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-28 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Akamai NetSession Interface"="c:\documents and settings\Anthony\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-13 3305760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-06 30192]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-09-13 1384448]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-28 939872]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Anthony\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Documents and Settings\\Anthony\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:Remote Media Center Experience

"56289:TCP"= 56289:TCP:Pando Media Booster

"56289:UDP"= 56289:UDP:Pando Media Booster

"58944:TCP"= 58944:TCP:Pando Media Booster

"58944:UDP"= 58944:UDP:Pando Media Booster

"1055:TCP"= 1055:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 136176]

R3 apf001;apf001;c:\windows\system32\apf001.sys [2011-12-29 10872]

R3 cpuz134;cpuz134;c:\docume~1\Anthony\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-08-06 30192]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 136176]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2004-08-10 14336]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLC79BAF7B

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-01-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-08 01:10]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 04:50]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-06 04:50]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030141609-3501611635-1195199801-1006Core.job

- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 20:03]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030141609-3501611635-1195199801-1006UA.job

- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-14 20:03]

.

2012-02-03 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

2012-01-28 c:\windows\Tasks\Reimage Reminder.job

- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2012-01-22 09:58]

.

2012-01-31 c:\windows\Tasks\SpeedMaxPc Registration3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2010-11-02 18:09]

.

2012-01-26 c:\windows\Tasks\SpeedMaxPc Update3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2010-11-02 18:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.avg.com/?cid={9640CF67-6CE5-46B6-8960-0AFE158958C5}&mid=f31198c0f6c347d1b373d15c838a38c6-c11ececb7819363e84e909a4cb78f5147833870f〈=en&ds=ir011&pr=sa&d=2012-01-28 17:08&v=10.0.0.7&sap=hp

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\2qmknysp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3065462&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=panda&type=panda2_0yatb&p=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {B54D9315-8BF4-4540-9FD5-90C04917E79E} - c:\documents and settings\Anthony\Local Settings\Application Data\{B54D9315-8BF4-4540-9FD5-90C04917E79E}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: flvto.com Freecorder Community Toolbar: {1283e7d0-b598-4b2d-a20f-59a9dde270a8} - %profile%\extensions\{1283e7d0-b598-4b2d-a20f-59a9dde270a8}

FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-02 21:48

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3030141609-3501611635-1195199801-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3364)

c:\windows\system32\WININET.dll

c:\documents and settings\Anthony\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\windows\ehome\RMSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

c:\windows\system32\wscntfy.exe

c:\windows\stsystra.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2012-02-02 21:56:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-03 02:56

ComboFix2.txt 2012-02-03 01:35

.

Pre-Run: 40,143,036,416 bytes free

Post-Run: 40,012,906,496 bytes free

.

- - End Of File - - 8F5B3C39D315C07149FD19C0A7174FC7

Link to post
Share on other sites

Looks Good.

Go to your control panels add/remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

--------------------------------------

Go to your control panel > click on Java > Update Tab > click update

Java™ 6 Update 26 <---should be 30

Older versions are vulnerable to malware.

---------------------------

Adobe Reader 8.1.3 is out of date > older versions are vulnerable to malware.

Uninstall from add/remove programs and install the latest version:

http://get.adobe.com/reader/

uncheck the Google Toolbar

The computer should be OK now, let me know.

MrC

Link to post
Share on other sites

ok i did it

here is the log

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Feb 05 13:40:11 2012

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_09

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.150_06

Found and removed: Software\Classes\JavaPlugin.150_09

Found and removed: Software\JavaSoft\Java Update

Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_09

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_09

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_09\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.

Link to post
Share on other sites

Please download this file, then......

Open the fixjava.zip file, extract and run the file fixjava.bat . If you are using Windows Vista, or Windows 7 you must right-click the fixjava.bat file and choose "Run As Administrator". If you do not see the run as administrator option, drag the fixjava.bat file to your desktop and then try to run as administrator from there.

The batch file will run briefly without confirmation.

Let me know if Java installs now.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.