Jump to content

Recommended Posts

My IExplorer keeps loading a Whitesmoke Toolbar and Incredimail toolbar. It also changes my homepage. I ran Malwarebytes and it removed three items, but the problem remains. Any suggestions?

DDS Logs:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 0:52:15 on 2012-02-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.467 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\AOL\1307644881\ee\AOLSoftware.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe

svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\AOL Desktop 9.6\waol.exe

C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Roxio\BackOnTrack\App\BService.exe

C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

C:\Program Files\InstallBrainService\InstallBrainService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\InstallBrainService\InstallBrainService.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AOL Desktop 9.6\shellmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

uURLSearchHooks: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll

BHO: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll

TB: WhiteSmoke Bar Toolbar: {167d9323-f7cc-48f5-948a-6f012831a69f} - c:\program files\whitesmoke_bar\prxtbWhit.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [HostManager] c:\program files\common files\aol\1307644881\ee\AOLSoftware.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [RemoteControl11] "c:\program files\cyberlink\powerdvd11\PDVD11Serv.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatchTray13.exe"

mRun: [Desktop Disc Tool] "c:\program files\roxio 2011\roxio burn\RoxioBurnLauncher.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [CPMonitor] "c:\program files\roxio\cineplayer\5.0\CPMonitor.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307632413355

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2011-6-11 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2011-6-11 15856]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2011-6-11 25584]

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/11 04:35:00];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2011-6-11 77296]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-8-30 39408]

R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2011-6-11 83240]

R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2011-6-11 70952]

R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2011-6-11 312616]

R2 InstallBrainService;InstallBrain Updater Service;c:\program files\installbrainservice\InstallBrainService.exe [2012-2-1 512848]

R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2011-6-11 71664]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2011-3-14 5120]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-15 136176]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-15 136176]

S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]

.

=============== Created Last 30 ================

.

2012-02-14 02:29:44 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2012-02-14 02:29:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-02-14 02:29:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-14 02:29:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-01 06:25:02 -------- d-----w- c:\documents and settings\owner\local settings\application data\WhiteSmoke_Bar

2012-02-01 06:24:57 -------- d-----w- c:\program files\WhiteSmoke_Bar

2012-02-01 06:24:35 -------- d-----w- c:\program files\InstallBrainService

2012-01-31 09:15:24 -------- d-----w- C:\WOLF3D

2012-01-31 09:13:30 -------- d-----w- C:\OldGames

2012-01-31 09:11:41 -------- d-----w- C:\DOSBOX

2012-01-31 09:08:29 -------- d-----w- c:\program files\DOSBox-0.74

2012-01-31 01:09:21 -------- d-----w- c:\program files\Photo Notifier and Animation Creator

2012-01-31 01:09:21 -------- d-----w- c:\documents and settings\all users\application data\Photo Notifier and Animation Creator

2012-01-31 01:09:08 -------- d-----w- c:\program files\Conduit

2012-01-31 01:09:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\IncrediMail_MediaBar_2

2012-01-31 01:09:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit

2012-01-31 01:09:03 -------- d-----w- c:\program files\IncrediMail_MediaBar_2

2012-01-31 01:06:58 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail

2012-01-31 01:06:58 -------- d-----w- c:\documents and settings\all users\application data\IM

2012-01-26 16:13:45 -------- d-----w- c:\documents and settings\owner\application data\RealNetworks

2012-01-24 06:12:16 -------- d-----w- c:\program files\common files\xing shared

2012-01-16 07:55:25 -------- d-----w- c:\documents and settings\owner\application data\Individual Software

.

==================== Find3M ====================

.

2012-01-24 06:11:44 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-24 06:11:44 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-12-25 19:00:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

.

============= FINISH: 0:53:00.43 ===============

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/9/2011 10:31:46 AM

System Uptime: 2/14/2012 12:21:32 AM (0 hours ago)

.

Motherboard: Dell Computer Corp. | | 0N6381

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 8.743 GiB free.

D: is FIXED (NTFS) - 298 GiB total, 200.885 GiB free.

E: is Removable

F: is CDROM ()

G: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP205: 11/17/2011 1:18:35 AM - System Checkpoint

RP206: 11/18/2011 2:53:50 AM - System Checkpoint

RP207: 11/19/2011 3:01:00 AM - System Checkpoint

RP208: 11/20/2011 4:31:01 AM - System Checkpoint

RP209: 11/21/2011 6:01:03 AM - System Checkpoint

RP210: 11/22/2011 7:31:01 AM - System Checkpoint

RP211: 11/23/2011 9:00:59 AM - System Checkpoint

RP212: 11/24/2011 10:30:59 AM - System Checkpoint

RP213: 11/25/2011 10:53:50 AM - System Checkpoint

RP214: 11/26/2011 12:00:50 PM - System Checkpoint

RP215: 11/27/2011 1:24:29 PM - System Checkpoint

RP216: 11/30/2011 12:48:08 PM - System Checkpoint

RP217: 12/1/2011 1:11:29 PM - System Checkpoint

RP218: 12/2/2011 2:01:24 PM - System Checkpoint

RP219: 12/3/2011 3:31:22 PM - System Checkpoint

RP220: 12/4/2011 5:02:34 PM - System Checkpoint

RP221: 12/5/2011 6:31:22 PM - System Checkpoint

RP222: 12/6/2011 7:32:26 PM - System Checkpoint

RP223: 12/7/2011 8:51:30 PM - System Checkpoint

RP224: 12/8/2011 9:09:53 PM - System Checkpoint

RP225: 12/9/2011 10:32:24 PM - System Checkpoint

RP226: 12/10/2011 11:50:24 PM - System Checkpoint

RP227: 12/12/2011 12:57:12 AM - System Checkpoint

RP228: 12/13/2011 2:27:11 AM - System Checkpoint

RP229: 12/14/2011 3:57:11 AM - System Checkpoint

RP230: 12/15/2011 5:27:10 AM - System Checkpoint

RP231: 12/16/2011 6:57:13 AM - System Checkpoint

RP232: 12/16/2011 9:17:10 PM - Installed Java™ 6 Update 30

RP233: 12/17/2011 9:58:10 PM - System Checkpoint

RP234: 12/18/2011 11:28:10 PM - System Checkpoint

RP235: 12/19/2011 11:33:50 PM - System Checkpoint

RP236: 12/21/2011 12:57:05 AM - System Checkpoint

RP237: 12/22/2011 2:27:04 AM - System Checkpoint

RP238: 12/23/2011 3:57:04 AM - System Checkpoint

RP239: 12/24/2011 5:09:13 AM - System Checkpoint

RP240: 12/25/2011 5:09:23 AM - System Checkpoint

RP241: 12/26/2011 11:09:23 AM - System Checkpoint

RP242: 12/27/2011 11:26:07 AM - System Checkpoint

RP243: 12/28/2011 12:55:02 PM - System Checkpoint

RP244: 12/29/2011 1:52:45 PM - System Checkpoint

RP245: 12/30/2011 3:31:20 PM - System Checkpoint

RP246: 12/31/2011 4:36:46 PM - System Checkpoint

RP247: 1/1/2012 5:14:08 PM - System Checkpoint

RP248: 1/1/2012 11:33:17 PM - Installed AVG 2012

RP249: 1/1/2012 11:34:14 PM - Installed AVG 2012

RP250: 1/2/2012 11:50:53 PM - System Checkpoint

RP251: 1/4/2012 12:04:28 AM - System Checkpoint

RP252: 1/5/2012 1:56:23 AM - System Checkpoint

RP253: 1/6/2012 2:56:51 AM - System Checkpoint

RP254: 1/7/2012 3:25:18 AM - System Checkpoint

RP255: 1/7/2012 4:27:34 PM - Installed Family Tree Maker 2011

RP256: 1/8/2012 7:44:20 PM - System Checkpoint

RP257: 1/9/2012 9:15:25 PM - System Checkpoint

RP258: 1/10/2012 10:30:51 PM - System Checkpoint

RP259: 1/11/2012 10:39:08 PM - System Checkpoint

RP260: 1/12/2012 11:25:24 PM - System Checkpoint

RP261: 1/13/2012 11:54:30 PM - System Checkpoint

RP262: 1/15/2012 12:15:07 AM - System Checkpoint

RP263: 1/16/2012 12:45:47 AM - System Checkpoint

RP264: 1/17/2012 5:57:56 AM - System Checkpoint

RP265: 1/18/2012 6:32:55 AM - System Checkpoint

RP266: 1/19/2012 12:42:59 PM - System Checkpoint

RP267: 1/20/2012 2:01:28 PM - System Checkpoint

RP268: 1/21/2012 2:02:29 PM - System Checkpoint

RP269: 1/22/2012 3:50:40 PM - System Checkpoint

RP270: 1/22/2012 4:53:49 PM - Software Distribution Service 3.0

RP271: 1/23/2012 6:09:07 PM - System Checkpoint

RP272: 1/24/2012 7:10:38 PM - System Checkpoint

RP273: 1/25/2012 8:03:05 PM - System Checkpoint

RP274: 1/26/2012 8:57:42 PM - System Checkpoint

RP275: 1/27/2012 10:07:28 PM - System Checkpoint

RP276: 1/28/2012 10:27:33 PM - System Checkpoint

RP277: 1/30/2012 12:05:46 AM - System Checkpoint

RP278: 1/31/2012 12:09:40 AM - System Checkpoint

RP279: 2/1/2012 12:35:10 AM - System Checkpoint

RP280: 2/1/2012 3:45:19 AM - Removed IncrediMail.

RP281: 2/2/2012 5:05:08 AM - System Checkpoint

RP282: 2/3/2012 6:11:16 AM - System Checkpoint

RP283: 2/4/2012 9:16:11 AM - System Checkpoint

RP284: 2/5/2012 9:53:15 AM - System Checkpoint

RP285: 2/6/2012 12:15:34 PM - System Checkpoint

RP286: 2/7/2012 1:29:25 PM - System Checkpoint

RP287: 2/8/2012 3:11:17 PM - System Checkpoint

RP288: 2/9/2012 3:14:07 PM - System Checkpoint

RP289: 2/10/2012 4:01:11 PM - System Checkpoint

RP290: 2/11/2012 4:05:29 PM - System Checkpoint

RP291: 2/12/2012 6:25:43 PM - System Checkpoint

RP292: 2/13/2012 6:39:25 PM - System Checkpoint

RP293: 2/14/2012 12:17:13 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2)

Advertising Center

Amazon MP3 Downloader 1.0.12

AnswerWorks 5.0 English Runtime

AOL Uninstaller (Choose which Products to Remove)

APC PowerChute Personal Edition

Apple Application Support

Apple Software Update

AVG 2012

BACS

BitTorrent

Broadcom Advanced Control Suite

Common Desktop Agent

Coupon Printer for Windows

CyberLink PowerDVD 11

dBpoweramp [Arrange Audio] Codec

dBpoweramp [Audio Info] Codec

dBpoweramp [Calculate Audio CRC] Codec

dBpoweramp [Channel Split] Codec

dBpoweramp [iD Tag Update] Codec

dBpoweramp [Length Split] Codec

dBpoweramp CD Writer

dBpoweramp DSP Effects

dBpoweramp Music Converter

Dell Driver Download Manager

Dell ResourceCD

Family Tree Maker 2011

Google Earth

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

ImagXpress

IncrediMail MediaBar 2 Toolbar

InstallBrain Updater Service

Intel® 537EP V9x DF PCI Modem

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Java Auto Updater

Java™ 6 Update 30

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft English TTS Engine

Microsoft Links LS 2000

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Primary Interoperability Assemblies 2005

Microsoft Software Update for Web Folders (English) 12

Microsoft Streets & Trips 2007

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft WSE 3.0 Runtime

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero CoverDesigner

Nero PhotoSnap

NeroBurningROM

NeroExpress

neroxml

Photo Notifier and Animation Creator

Quicken 2011

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

ResumeMaker

Roxio BackOnTrack

Roxio BackOnTrackPE

Roxio Burn - Secure

Roxio CinePlayer

Roxio CinePlayer Decoder Pack

Roxio Creator 2011 Pro

Roxio PhotoShow

Roxio Video Capture USB

Samsung Easy Printer Manager

Samsung ML-2540 Series

Samsung Printer Live Update

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SmartSound Common Data

SmartSound Quicktracks 5

SoundMAX

TTS Wrapper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

WeatherBug

WebFldrs XP

WhiteSmoke Bar Toolbar

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinZip 15.5

Yahoo! Detect

YouTube Downloader 3.3

.

==== Event Viewer Messages From Past Week ========

.

2/14/2012 12:12:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

2/14/2012 12:12:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.

2/14/2012 12:10:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

2/10/2012 9:57:40 AM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070057.

.

==== End Of File ===========================

Thanks..

attach.txt.dds.txt

Link to post
Share on other sites

Hello Slothar and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL logfile created on: 2/14/2012 11:45:12 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 71.41% Memory free

2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.23% Paging File free

Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.94 Gb Total Space | 8.74 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 200.88 Gb Free Space | 67.39% Space Free | Partition Type: NTFS

Drive E: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.57% Space Free | Partition Type: FAT

Computer Name: PERSONAL | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 11:42:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2012/02/01 01:24:32 | 000,512,848 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/01/24 01:11:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/04/25 16:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe

PRC - [2011/04/25 16:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe

PRC - [2011/04/19 22:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe

PRC - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

PRC - [2011/03/31 08:37:11 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

PRC - [2011/03/31 08:37:06 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

PRC - [2010/12/17 18:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

PRC - [2010/10/29 15:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe

PRC - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe

PRC - [2010/08/25 12:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe

PRC - [2010/06/30 08:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1307644881\ee\aolsoftware.exe

PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/06 08:08:02 | 000,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

PRC - [2005/12/12 14:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/01 01:24:32 | 000,512,848 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe

MOD - [2011/04/25 16:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll

MOD - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

MOD - [2011/04/01 05:01:43 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\ssp9mlm.dll

MOD - [2010/12/17 18:13:00 | 000,049,664 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll

MOD - [2010/12/17 18:12:56 | 000,332,288 | ---- | M] () -- C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

MOD - [2010/09/13 13:02:00 | 003,153,904 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BEngine.dll

MOD - [2010/09/13 13:02:00 | 000,523,248 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\TRREngine.dll

MOD - [2010/09/13 13:02:00 | 000,107,504 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\Logging.dll

MOD - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe

MOD - [2010/08/25 12:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe

MOD - [2010/06/30 08:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe

MOD - [2007/09/27 09:16:04 | 000,035,840 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\cryptapi.dll

MOD - [2007/09/06 08:08:03 | 000,053,248 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\Lang\ENU.dll

MOD - [2007/04/04 19:59:56 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools Pro\Plugins\Images\bw5mount.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2012/02/01 01:24:32 | 000,512,848 | ---- | M] () [Auto | Running] -- C:\Program Files\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/04/19 22:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)

SRV - [2011/03/31 08:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)

SRV - [2011/03/31 08:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)

SRV - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)

SRV - [2010/07/16 05:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)

SRV - [2010/07/16 05:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)

SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)

SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

SRV - [2005/12/12 14:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/06/11 05:40:41 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2011/04/19 22:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)

DRV - [2011/04/12 04:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/06/11 04:35:00] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})

DRV - [2011/03/14 01:36:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSPORT.sys -- (SSPORT)

DRV - [2009/06/02 00:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)

DRV - [2009/06/02 00:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)

DRV - [2009/06/02 00:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)

DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2004/06/15 17:52:40 | 000,061,157 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2004/03/05 17:15:34 | 000,647,929 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2004/03/05 17:14:42 | 001,233,525 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2004/03/05 17:13:38 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8SM

IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3007394

IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 08:42:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/24 01:12:11 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/12 08:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()

O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe ()

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1307644881\ee\aolsoftware.exe (AOL Inc.)

O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)

O4 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)

O4 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307632413355 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4103ADD-8663-46C7-95BB-F0977244C8BA}: DhcpNameServer = 205.152.144.23 205.152.132.23

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Emilee_Justin_A.bmp

O24 - Desktop BackupWallPaper: C:\Emilee_Justin_A.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/09 09:29:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 11:42:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/02/14 00:52:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools

[2012/02/14 00:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr

[2012/02/13 21:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2012/02/13 21:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/13 21:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/02/13 21:29:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/02/13 21:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/02/13 21:28:47 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/09 11:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DRAGNET

[2012/02/08 23:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Creative Minds

[2012/02/08 23:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\40piecesofadvice

[2012/02/01 01:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_Bar

[2012/02/01 01:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar

[2012/02/01 01:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\InstallBrainService

[2012/01/31 04:15:24 | 000,000,000 | ---D | C] -- C:\WOLF3D

[2012/01/31 04:13:30 | 000,000,000 | ---D | C] -- C:\OldGames

[2012/01/31 04:11:41 | 000,000,000 | ---D | C] -- C:\DOSBOX

[2012/01/31 04:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74

[2012/01/31 04:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74

[2012/01/30 20:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator

[2012/01/30 20:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator

[2012/01/30 20:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/01/30 20:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IncrediMail_MediaBar_2

[2012/01/30 20:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

[2012/01/30 20:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_2

[2012/01/30 20:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2012/01/30 20:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IM

[2012/01/26 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RealNetworks

[2012/01/24 01:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Roxio Projects

[2012/01/24 01:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2012/01/24 01:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real

[2012/01/24 01:11:47 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2012/01/24 01:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Real

[2012/01/24 01:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real

[2012/01/24 01:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Real

[2012/01/19 16:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\B-17 Photos-Gene

[2012/01/16 02:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ResumeMaker

[2012/01/16 02:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Individual Software

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 11:42:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/02/14 11:40:41 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2012/02/14 11:06:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/14 08:59:50 | 089,004,887 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/02/14 00:46:40 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr

[2012/02/14 00:22:18 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1592454029-1801674531-1003.job

[2012/02/14 00:22:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/14 00:22:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/14 00:22:03 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/14 00:20:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/02/13 21:28:47 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.60.1.1000.exe

[2012/02/13 20:16:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1592454029-1801674531-1003.job

[2012/02/13 12:16:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FB7BA546-61ED-4C3D-B9DC-9D719176D3E1}.job

[2012/02/12 22:04:31 | 000,017,922 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\image001.jpg

[2012/02/11 22:26:10 | 004,379,973 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The_Real_Rambo.wmv

[2012/02/10 20:58:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/02/09 11:41:11 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/09 11:41:01 | 003,541,337 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\DRAGNET.zip

[2012/02/08 23:44:21 | 000,138,773 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Creative Minds.zip

[2012/02/08 23:27:31 | 003,484,747 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\40piecesofadvice.zip

[2012/02/04 23:37:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/03 17:37:15 | 000,134,250 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/02/01 08:42:26 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/01/30 15:57:59 | 006,453,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LE__COSTA__CONCORDIA_LA_MORT_D'UN_GEANT.pps

[2012/01/30 15:51:58 | 007,198,145 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Star Spangled Banner-5Yr Old.wmv

[2012/01/26 22:05:00 | 003,915,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PCC February.pdf

[2012/01/24 01:11:47 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll

[2012/01/23 11:58:06 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2012/01/22 19:07:41 | 000,325,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/01/22 17:02:54 | 000,454,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/22 17:02:54 | 000,075,294 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/20 23:08:39 | 041,453,098 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pitbull VS Kitten (Real Love Real Fights).mp4

[2012/01/19 16:20:18 | 002,338,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\B-17 Photos-Gene.zip

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 22:04:30 | 000,017,922 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\image001.jpg

[2012/02/11 22:25:49 | 004,379,973 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The_Real_Rambo.wmv

[2012/02/09 11:40:44 | 003,541,337 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\DRAGNET.zip

[2012/02/08 23:44:19 | 000,138,773 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Creative Minds.zip

[2012/02/08 23:27:14 | 003,484,747 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\40piecesofadvice.zip

[2012/02/03 03:02:44 | 001,897,656 | ---- | C] () -- C:\Emilee_Justin_A.bmp

[2012/01/30 15:57:26 | 006,453,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LE__COSTA__CONCORDIA_LA_MORT_D'UN_GEANT.pps

[2012/01/30 15:51:16 | 007,198,145 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Star Spangled Banner-5Yr Old.wmv

[2012/01/26 22:04:40 | 003,915,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\PCC February.pdf

[2012/01/24 01:13:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1592454029-1801674531-1003.job

[2012/01/24 01:13:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1592454029-1801674531-1003.job

[2012/01/20 23:06:43 | 041,453,098 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pitbull VS Kitten (Real Love Real Fights).mp4

[2012/01/19 16:20:03 | 002,338,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\B-17 Photos-Gene.zip

[2011/06/28 10:43:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/11 01:34:25 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp CD Writer.dat

[2011/06/11 01:34:17 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat

[2011/06/11 01:34:04 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat

[2011/06/11 01:33:55 | 000,002,878 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat

[2011/06/11 01:33:46 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat

[2011/06/11 01:33:32 | 000,002,895 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [iD Tag Update] Codec.dat

[2011/06/11 01:33:16 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat

[2011/06/11 01:32:25 | 000,018,117 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/06/11 01:31:41 | 001,726,328 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2011/06/11 01:31:41 | 000,013,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat

[2011/06/10 22:46:01 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2011/06/10 22:37:23 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/06/09 23:09:31 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/09 13:36:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/09 10:04:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2011/06/09 09:56:39 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL

[2011/06/09 09:31:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/06/09 09:27:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/06/09 05:03:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/06/09 05:02:07 | 000,325,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/01 05:01:43 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\ssp9mlm.dll

[2010/12/17 18:11:48 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\CDASpl.dll

[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/08/12 09:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 09:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 09:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 09:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 09:03:20 | 000,454,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 09:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 09:03:19 | 000,075,294 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 09:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 08:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 08:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 08:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 08:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2000/11/10 13:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2012/01/01 23:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2012/01/01 23:36:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/06/11 05:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2011/06/11 06:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

[2012/01/30 20:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2012/01/30 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2012/01/13 07:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software

[2011/06/11 03:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap

[2012/02/14 09:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2011/06/11 03:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD

[2012/01/30 20:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator

[2011/06/11 09:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets

[2011/12/25 20:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung

[2011/06/11 09:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2011/06/11 03:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2012/01/24 01:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall

[2011/06/09 13:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/06/11 01:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/08/15 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader

[2011/09/11 02:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon

[2012/01/01 23:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012

[2012/02/13 17:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent

[2011/06/11 05:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite

[2011/06/11 06:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro

[2012/01/16 02:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Individual Software

[2011/12/25 20:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung

[2011/06/11 09:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star

[2011/06/15 14:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

[2011/06/09 12:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search

[2011/06/20 13:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

[2012/02/13 12:16:08 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB7BA546-61ED-4C3D-B9DC-9D719176D3E1}.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 2/14/2012 11:45:12 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 71.41% Memory free

2.98 Gb Paging File | 2.42 Gb Available in Paging File | 81.23% Paging File free

Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 70.94 Gb Total Space | 8.74 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 200.88 Gb Free Space | 67.39% Space Free | Partition Type: NTFS

Drive E: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.57% Space Free | Partition Type: FAT

Computer Name: PERSONAL | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe" = C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe:*:Enabled:CyberLink PowerDVD 11.0 -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe" = C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe:*:Enabled:CyberLink PowerDVD 11.0 RC Service -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe" = C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe:*:Enabled:CyberLink Media Server -- (CyberLink)

"C:\Documents and Settings\Owner\My Documents\Downloads\Roxio Creator\ROXIO 2011\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\DVD1\setup.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\Roxio Creator\ROXIO 2011\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\DVD1\setup.exe:*:Enabled:Roxio Streamer Discovery Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (America Online)

"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)

"C:\Program Files\Common Files\AOL\1307644881\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1307644881\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL Inc.)

"C:\Program Files\AOL Desktop 9.6\waol.exe" = C:\Program Files\AOL Desktop 9.6\waol.exe:*:Enabled:AOL -- (AOL Inc.)

"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)

"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL Inc.)

"C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe" = C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe:*:Enabled:AOL Browser -- (AOL Inc.)

"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Nero\Nero 10\Nero Burning ROM\nero.exe" = C:\Program Files\Nero\Nero 10\Nero Burning ROM\nero.exe:*:Disabled:nero

"C:\Program Files\Illustrate\dBpoweramp\DMCFileSelector.exe" = C:\Program Files\Illustrate\dBpoweramp\DMCFileSelector.exe:*:Disabled:dBpoweramp Batch Converter -- (Illustrate)

"C:\Program Files\Illustrate\dBpoweramp\CDGrab.exe" = C:\Program Files\Illustrate\dBpoweramp\CDGrab.exe:*:Disabled:dBpoweramp CD Ripper -- (Illustrate)

"C:\Program Files\Illustrate\dBpoweramp\CDWriter.exe" = C:\Program Files\Illustrate\dBpoweramp\CDWriter.exe:*:Disabled:dBpoweramp CD Writer -- (Illustrate)

"C:\Program Files\Illustrate\dBpoweramp\dBConfig.exe" = C:\Program Files\Illustrate\dBpoweramp\dBConfig.exe:*:Disabled:dBpoweramp Configuration -- (Illustrate)

"C:\Program Files\Illustrate\dBpoweramp\MusicConverter.exe" = C:\Program Files\Illustrate\dBpoweramp\MusicConverter.exe:*:Disabled:dBpoweramp Music Converter -- (Illustrate)

"C:\Program Files\Quicken\qw.exe" = C:\Program Files\Quicken\qw.exe:*:Disabled:Quicken 2011 -- (Intuit Inc.)

"C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe" = C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe:*:Enabled:CyberLink PowerDVD 11.0 -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe" = C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe:*:Enabled:CyberLink PowerDVD 11.0 RC Service -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe" = C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe:*:Enabled:CyberLink Media Server -- (CyberLink)

"C:\Documents and Settings\Owner\My Documents\Downloads\Roxio Creator\ROXIO 2011\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\DVD1\setup.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\Roxio Creator\ROXIO 2011\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\ROXIO.CREATOR.2011.PROFESSIONAL.DVD\DVD1\setup.exe:*:Enabled:Roxio Streamer Discovery Service

"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe:*:Enabled:CDA Server -- ()

"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe" = C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager -- (Samsung Electronics Co., Ltd.)

"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe" = C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies -- (Samsung Electronics Co., Ltd.)

"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe" = C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert -- (Samsung Electronics Co., Ltd.)

"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe" = C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:CDA Scan2PC -- ()

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail

"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail

"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent

"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3

"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 30

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug

"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011

"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro

"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro

"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine

"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure

"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE

"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"AVG" = AVG 2012

"BitTorrent" = BitTorrent

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec

"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec

"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec

"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec

"dBpoweramp [iD Tag Update] Codec" = dBpoweramp [iD Tag Update] Codec

"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec

"dBpoweramp CD Writer" = dBpoweramp CD Writer

"dBpoweramp DSP Effects" = dBpoweramp DSP Effects

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Family Tree Maker 2011" = Family Tree Maker 2011

"ie8" = Windows Internet Explorer 8

"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar

"InstallBrain Updater Service" = InstallBrain Updater Service

"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite

"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealPlayer 15.0" = RealPlayer

"ResumeMaker" = ResumeMaker

"Roxio PhotoShow" = Roxio PhotoShow

"Samsung Easy Printer Manager" = Samsung Easy Printer Manager

"Samsung ML-2540 Series" = Samsung ML-2540 Series

"Samsung Printer Live Update" = Samsung Printer Live Update

"ViewpointMediaPlayer" = Viewpoint Media Player

"VISPRO" = Microsoft Office Visio Professional 2007

"WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

"Microsoft Links LS 2000" = Microsoft Links LS 2000

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/1/2012 4:26:59 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000

Description = Faulting application linksls2k.exe, version 1.1.0.0, faulting module

linksls2k.exe, version 1.1.0.0, fault address 0x0023bb94.

Error - 2/4/2012 9:50:28 AM | Computer Name = PERSONAL | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2012 9:50:28 AM | Computer Name = PERSONAL | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2012 3:04:46 AM | Computer Name = PERSONAL | Source = Application Hang | ID = 1002

Description = Hanging application qw.exe, version 20.1.8.6, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2012 7:54:34 AM | Computer Name = PERSONAL | Source = Application Error | ID = 1000

Description = Faulting application linksls2k.exe, version 1.1.0.0, faulting module

linksls2k.exe, version 1.1.0.0, fault address 0x0023baa2.

Error - 2/6/2012 7:54:38 AM | Computer Name = PERSONAL | Source = Application Hang | ID = 1002

Description = Hanging application LINKSLS2K.EXE, version 1.1.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/11/2012 3:49:53 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000

Description = Faulting application linksls2k.exe, version 1.1.0.0, faulting module

linksls2k.exe, version 1.1.0.0, fault address 0x0023baa2.

Error - 2/11/2012 4:39:11 PM | Computer Name = PERSONAL | Source = Application Error | ID = 1000

Description = Faulting application linksls2k.exe, version 1.1.0.0, faulting module

linksls2k.exe, version 1.1.0.0, fault address 0x0035edae.

Error - 2/14/2012 1:11:27 AM | Computer Name = PERSONAL | Source = .NET Runtime Optimization Service | ID = 1111

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Service reached limit of transient errors. Will shut down. Last error returned

from Service Manager: 0x80029c4a.

Error - 2/14/2012 1:22:39 AM | Computer Name = PERSONAL | Source = .NET Runtime Optimization Service | ID = 1111

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Service reached limit of transient errors. Will shut down. Last error returned

from Service Manager: 0x80029c4a.

[ System Events ]

Error - 1/24/2012 5:10:27 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

Error - 1/31/2012 12:02:20 PM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

Error - 2/1/2012 10:58:44 AM | Computer Name = PERSONAL | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00111178FC90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

Error - 2/5/2012 10:28:34 AM | Computer Name = PERSONAL | Source = WPDMTPDriver | ID = 80836

Description = MTP WPD Driver has failed to start. Error 0x80070057.

Error - 2/10/2012 10:57:40 AM | Computer Name = PERSONAL | Source = WPDMTPDriver | ID = 80836

Description = MTP WPD Driver has failed to start. Error 0x80070057.

Error - 2/14/2012 1:10:55 AM | Computer Name = PERSONAL | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 2/14/2012 1:12:15 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

Error - 2/14/2012 1:12:21 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

IntelIde

Error - 2/14/2012 1:23:12 AM | Computer Name = PERSONAL | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher

12 service to connect.

Error - 2/14/2012 1:58:35 AM | Computer Name = PERSONAL | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00111178FC90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

< End of report >

Thanks.

Link to post
Share on other sites

Thank you! :)

Step 1

Please uninstall the following applications: IncrediMail MediaBar 2 Toolbar, BitTorrent and Viewpoint Media Player.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT3007394
    IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-602162358-1592454029-1801674531-1003\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    [2012/02/01 01:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_Bar
    [2012/02/01 01:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar
    [2012/01/30 20:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/01/30 20:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IncrediMail_MediaBar_2
    [2012/01/30 20:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
    [2012/01/30 20:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_2
    [2011/06/09 13:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2012/02/13 17:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
    [2011/06/11 05:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

HKU\S-1-5-21-602162358-1592454029-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-602162358-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.

File C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll not found.

Registry value HKEY_USERS\S-1-5-21-602162358-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.

File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.

File C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{167d9323-f7cc-48f5-948a-6f012831a69f} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.

File C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry value HKEY_USERS\S-1-5-21-602162358-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{167D9323-F7CC-48F5-948A-6F012831A69F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167D9323-F7CC-48F5-948A-6F012831A69F}\ not found.

File C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll not found.

Registry value HKEY_USERS\S-1-5-21-602162358-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}\ not found.

File C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Folder C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_Bar\ not found.

Folder C:\Program Files\WhiteSmoke_Bar\ not found.

C:\Program Files\Conduit\Community Alerts folder moved successfully.

C:\Program Files\Conduit folder moved successfully.

Folder C:\Documents and Settings\Owner\Local Settings\Application Data\IncrediMail_MediaBar_2\ not found.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit folder moved successfully.

Folder C:\Program Files\IncrediMail_MediaBar_2\ not found.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

Folder C:\Documents and Settings\Owner\Application Data\BitTorrent\ not found.

C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

->Flash cache emptied: 43 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 908807 bytes

User: Owner

->Temp folder emptied: 5996617303 bytes

->Temporary Internet Files folder emptied: 183781464 bytes

->Java cache emptied: 233385 bytes

->Flash cache emptied: 92129 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2245782 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 81230 bytes

Total Files Cleaned = 5,900.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 02152012_184458

Files\Folders moved on Reboot...

C:\Documents and Settings\Owner\Local Settings\Temp\CMLS--2012-02-15--18-45-03.log moved successfully.

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8050.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF81A5.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF81BA.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF81E3.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF83D4.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8615.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF86FA.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8934.tmp not found!

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZS4KGNNK\index[3].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4JJ658XI\fastbutton[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\08N2SCWA\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Here it is....

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 12-02-16.02 - Owner 02/16/2012 15:20:14.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.743 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exe

C:\drvrtmp

c:\windows\system32\drivers\fad.sys

.

.

((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))

.

.

2012-02-15 23:44 . 2012-02-15 23:44 -------- d-----w- C:\_OTL

2012-02-14 02:29 . 2012-02-14 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-02-14 02:29 . 2012-02-14 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-14 02:29 . 2012-02-14 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-14 02:29 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-01 06:24 . 2012-02-01 06:24 -------- d-----w- c:\program files\InstallBrainService

2012-01-31 09:15 . 2012-01-31 09:44 -------- d-----w- C:\WOLF3D

2012-01-31 09:13 . 2012-01-31 09:13 -------- d-----w- C:\OldGames

2012-01-31 09:11 . 2012-01-31 09:11 -------- d-----w- C:\DOSBOX

2012-01-31 09:08 . 2012-01-31 09:08 -------- d-----w- c:\program files\DOSBox-0.74

2012-01-31 01:09 . 2012-01-31 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Photo Notifier and Animation Creator

2012-01-31 01:09 . 2012-01-31 01:09 -------- d-----w- c:\program files\Photo Notifier and Animation Creator

2012-01-31 01:06 . 2012-01-31 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\IM

2012-01-31 01:06 . 2012-01-31 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail

2012-01-24 06:12 . 2012-01-24 06:12 -------- d-----w- c:\program files\Common Files\xing shared

2012-01-24 06:11 . 2012-01-24 06:12 -------- d-----w- c:\program files\Real

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 06:11 . 2011-04-25 21:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-24 06:11 . 2011-04-25 21:52 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-12-25 19:00 . 2011-06-26 23:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]

"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"HostManager"="c:\program files\Common Files\AOL\1307644881\ee\AOLSoftware.exe" [2010-03-08 41800]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]

"Desktop Disc Tool"="c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-24 296056]

"CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2011-6-11 221247]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1307644881\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Illustrate\\dBpoweramp\\DMCFileSelector.exe"=

"c:\\Program Files\\Illustrate\\dBpoweramp\\CDGrab.exe"=

"c:\\Program Files\\Illustrate\\dBpoweramp\\CDWriter.exe"=

"c:\\Program Files\\Illustrate\\dBpoweramp\\dBConfig.exe"=

"c:\\Program Files\\Illustrate\\dBpoweramp\\MusicConverter.exe"=

"c:\\Program Files\\Quicken\\qw.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=

"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=

"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=

"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=

"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/11/2011 9:49 AM 21488]

R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/11/2011 9:49 AM 15856]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/11/2011 5:40 AM 685816]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/11/2011 9:49 AM 25584]

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/11 04:35];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [6/11/2011 3:34 AM 77296]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [6/2/2009 6:05 PM 457200]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [8/30/2010 11:14 PM 39408]

R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [6/11/2011 3:34 AM 83240]

R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [6/11/2011 3:34 AM 70952]

R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [6/11/2011 3:34 AM 312616]

R2 InstallBrainService;InstallBrain Updater Service;c:\program files\InstallBrainService\InstallBrainService.exe [2/1/2012 1:24 AM 512848]

R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [6/11/2011 3:34 AM 71664]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [3/14/2011 1:36 AM 5120]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2011 10:56 AM 136176]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [7/16/2010 5:48 AM 354288]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2011 10:56 AM 136176]

S3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [7/16/2010 5:48 AM 1099248]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/12/2004 9:06 AM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 15:56]

.

2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-15 15:56]

.

2012-02-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1592454029-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]

.

2012-02-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1592454029-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 21:02]

.

2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{FB7BA546-61ED-4C3D-B9DC-9D719176D3E1}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 205.152.144.23 205.152.132.23

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-16 15:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(988)

c:\windows\system32\igfxdev.dll

.

Completion time: 2012-02-16 15:32:11

ComboFix-quarantined-files.txt 2012-02-16 20:32

.

Pre-Run: 18,128,396,288 bytes free

Post-Run: 18,250,125,312 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8D0A2ED9CC0FF62E81EE117F0D5CA1DF

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: PERSONAL [administrator]

2/16/2012 5:35:08 PM

mbam-log-2012-02-16 (17-35-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 173224

Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c9be24fef95f644d9a9bfb1afa75d4a5

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-17 03:07:00

# local_time=2012-02-16 10:07:00 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 3035688 3035688 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=92440

# found=1

# cleaned=1

# scan_time=15534

C:\Documents and Settings\Owner\My Documents\Downloads\YouTube Downloader\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.