Jump to content

Google Redirect "Virus"


Recommended Posts

I've been having this problem for awhile: whenever I type something directly into my Address bar that isn't a website, it directs me to <http://search.search-go.net/?sid>. I could really use some help, thanks in advance.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Mano at 3:58:45 on 2012-04-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1215 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

svchost.exe

C:\WINDOWS\system32\afasrv32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\USIM Editor\iconcs157427093.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe

C:\WINDOWS\system32\lxeacoms.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Tenda\Common\RaRegistry.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"

mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [uSBestCR] c:\program files\usim editor\iconcs157427093.exe RunFromReg

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\mano~1.phi\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mano.phil3-5b4ccb1ae\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico

mPolicies-system: EnableLUA = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F85FA71A-C32A-4262-B427-7F45016F7981} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mano.phil3-5b4ccb1ae\application data\mozilla\firefox\profiles\2uctzfvy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://noscript.net/?ver=2.2.8&prev=2.2.7

FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 5577

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mozilla firefox\extensions\firefoxextensions@keynote.com\components\FFConnectorLauncher.dll

FF - component: c:\program files\mozilla firefox\extensions\firefoxextensions@keynote.com\components\FFSource.dll

FF - plugin: c:\documents and settings\mano.phil3-5b4ccb1ae\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-24 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-24 337880]

R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [2011-12-28 65536]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-24 20696]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-24 44768]

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-5-30 193192]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-9 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2011-12-26 2348864]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tenda\common\RaRegistry.exe [2011-5-30 185632]

R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2011-5-30 19072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-9 22344]

S0 dspvfad;dspvfad;c:\windows\system32\drivers\rjfs.sys --> c:\windows\system32\drivers\rjfs.sys [?]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2011-12-28 51072]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-29 30576]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-5-30 827488]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

.

=============== Created Last 30 ================

.

2012-04-09 06:01:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-17 05:25:35 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-17 05:25:35 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

2012-02-26 05:15:56 45406944 ----a-w- c:\documents and settings\all users.windows\SPL95.tmp

2012-02-25 19:28:32 25320218 ----a-w- c:\documents and settings\all users.windows\SPL89.tmp

2012-02-24 12:15:22 55481180 ----a-w- c:\documents and settings\all users.windows\SPL117.tmp

2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 3:59:44.04 ===============

Link to post
Share on other sites

Hello LordResellime and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Link to post
Share on other sites

Woah! Thanks for the speedy reply, and sorry for the sluggish answer. Here's what you asked for:

Malwarebytes Log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.14.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Mano :: PHIL3-5B4CCB1AE [administrator]

Protection: Enabled

4/14/2012 1:38:38 AM

mbam-log-2012-04-14 (01-38-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 314442

Time elapsed: 13 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL Log

OTL logfile created on: 4/14/2012 2:32:08 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.27% Memory free

3.85 Gb Paging File | 3.10 Gb Available in Paging File | 80.66% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 109.26 Gb Free Space | 73.31% Space Free | Partition Type: NTFS

Drive D: | 693.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PHIL3-5B4CCB1AE | User Name: Mano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 01:53:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2011/12/28 18:12:40 | 007,041,024 | ---- | M] () -- C:\Program Files\USIM Editor\iconcs157427093.exe

PRC - [2011/12/28 18:12:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe

PRC - [2011/12/17 17:03:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2011/06/15 02:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2011/01/23 23:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

PRC - [2011/01/23 23:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

PRC - [2010/04/14 18:45:21 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe

PRC - [2010/04/14 18:45:14 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeaserv.exe

PRC - [2009/12/10 14:16:08 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Tenda\Common\RaRegistry.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2006/09/08 17:12:50 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006/09/08 17:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/13 15:39:31 | 001,755,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12041301\algo.dll

MOD - [2011/12/28 18:12:40 | 007,041,024 | ---- | M] () -- C:\Program Files\USIM Editor\iconcs157427093.exe

MOD - [2011/12/28 18:12:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\afasrv32.exe

MOD - [2011/12/17 17:03:00 | 001,568,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll

MOD - [2011/12/17 17:03:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/01/23 23:08:55 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

MOD - [2011/01/23 23:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

MOD - [2010/04/05 08:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll

MOD - [2010/04/05 08:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll

MOD - [2010/04/05 08:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll

MOD - [2010/04/05 08:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll

MOD - [2010/04/05 08:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll

MOD - [2010/04/05 08:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll

MOD - [2010/04/05 08:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll

MOD - [2010/04/05 08:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll

MOD - [2010/04/01 15:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll

MOD - [2010/04/01 15:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll

MOD - [2009/11/04 11:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeadrpp.dll

MOD - [2009/05/27 10:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeadatr.dll

MOD - [2009/04/07 17:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll

MOD - [2009/03/10 03:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll

MOD - [2009/03/02 12:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll

MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEAsmr.dll

MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEAsm.dll

MOD - [2007/07/16 12:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2006/09/08 17:12:50 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/12/28 18:12:39 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)

SRV - [2011/12/17 17:03:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2010/04/14 18:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeacoms.exe -- (lxea_device)

SRV - [2010/04/14 18:45:14 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)

SRV - [2009/12/10 14:16:08 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Tenda\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006/09/08 17:12:50 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2006/09/08 17:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MANO~1.PHI\LOCALS~1\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rjfs.sys -- (dspvfad)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/06/15 04:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2011/06/07 08:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/04/14 21:39:20 | 000,827,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)

DRV - [2010/04/09 02:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)

DRV - [2010/03/12 21:41:16 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)

DRV - [2009/12/10 14:16:14 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)

DRV - [2008/05/27 11:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)

DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/30 22:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/09/21 11:39:16 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NVATA.sys -- (nvata)

DRV - [2006/08/07 20:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006/08/07 20:39:22 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/08/07 20:39:14 | 000,110,080 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)

DRV - [2005/04/07 23:29:42 | 000,028,800 | ---- | M] (Ideazon) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OmniUsb.sys -- (OmniUsb)

DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2004/07/27 01:27:50 | 000,009,696 | ---- | M] (Ideazon) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OmniUsbl.sys -- (OmniUsbl)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E CC 90 4F A7 AB CB 01 [binary data]

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.crawler.com/homepage.aspx?tbid=60076

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60076

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}: "URL" = http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q={searchTerms}

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjddr&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110709&user_guid=8E599F8B236B41CCA845D541455CFA4B&machine_id=993aabde500c79fb48454a76eb714729&browser=IE&os=win&os_version=5.1-x86-SP3

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80051&lng=en

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/|http://noscript.net/?ver=2.2.8&prev=2.2.7"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: {BB080420-8088-F650-3D47-13799CCD6159}:1.33

FF - prefs.js..extensions.enabledItems: firefoxextensions@keynote.com:17.0.14.0

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="

FF - prefs.js..network.proxy.autoconfig_url: "http://www.igreonline.net/proxy/"

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 5577

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.socks_version: 4

FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Google"

FF - user.js..browser.search.order.1: "Google"

FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 17:56:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/09 02:03:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 01:25:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 22:51:48 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 17:56:56 | 000,000,000 | ---D | M]

[2009/04/01 01:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Extensions

[2012/04/09 02:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions

[2010/08/15 19:36:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2010/09/08 19:52:01 | 000,000,000 | ---D | M] (Multiproxy Switch) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}

[2012/02/20 03:24:19 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

[2010/08/15 19:34:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)

[2012/03/02 04:23:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/01/11 20:06:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)

[2010/08/15 19:36:14 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\btpersonas@brandthunder(2).com

[2010/08/15 19:34:21 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\btpersonas@brandthunder(3).com

[2012/03/16 20:20:28 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\foxyproxy@eric.h.jung

[2009/10/17 14:22:34 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\aim-search.xml

[2011/07/09 04:28:56 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\bing-zugo.xml

[2012/01/08 13:49:28 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\conduit.xml

[2012/01/02 01:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/10/10 21:53:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/08/15 19:34:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}(2)

[2011/07/10 13:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\firefoxextensions@keynote.com

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANO.PHIL3-5B4CCB1AE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2UCTZFVY.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANO.PHIL3-5B4CCB1AE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2UCTZFVY.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

[2012/04/09 02:03:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2010/08/20 21:45:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/05/25 04:34:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/03/17 01:25:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/08/03 18:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2011/12/29 21:14:56 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll

[2012/02/12 02:28:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2007/07/26 16:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

[2012/02/12 02:28:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/11 00:30:22 | 000,437,835 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15061 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()

O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [uSBestCR] C:\Program Files\USIM Editor\iconcs157427093.exe ()

O4 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1078081533-1645522239-839522115-1010..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()

O4 - Startup: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078081533-1645522239-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F85FA71A-C32A-4262-B427-7F45016F7981}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/26 12:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{8295085b-0a5d-11e0-be92-00044b032372}\Shell - "" = AutoRun

O33 - MountPoints2\{8295085b-0a5d-11e0-be92-00044b032372}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8295085b-0a5d-11e0-be92-00044b032372}\Shell\AutoRun\command - "" = I:\NPSAI.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: magnexnt - (C:\WINDOWS\system32\dllhdump.dll) - File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 02:31:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Recent

[2012/04/14 01:53:07 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\OTL.exe

[2012/04/12 03:54:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\dds.scr

[2012/04/09 02:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/09 02:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\Documents and Settings\All Users.WINDOWS\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2032/02/14 23:32:12 | 000,002,852 | -H-- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\My Documents\FINDER.DAT

[2012/04/14 03:42:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job

[2012/04/14 02:38:15 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C596FF7-D8B5-4982-9A95-33F9FA542D93}.job

[2012/04/14 02:29:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk

[2012/04/14 01:53:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\OTL.exe

[2012/04/12 03:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\dds.scr

[2012/04/12 03:46:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/12 03:45:33 | 000,745,192 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz

[2012/04/12 03:45:05 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk

[2012/04/12 03:44:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/12 03:10:57 | 000,536,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/12 03:10:57 | 000,110,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/10 13:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/10 08:43:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/04/09 02:03:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\Documents and Settings\All Users.WINDOWS\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 02:01:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/16 16:43:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/28 18:12:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe

[2011/12/26 02:31:16 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/12/26 02:31:16 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/12/26 02:31:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/12/26 02:30:24 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/10/11 00:21:46 | 000,000,182 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/10/07 00:50:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/10/05 18:53:35 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011/09/16 13:00:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/05/30 21:41:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll

[2011/05/30 21:41:51 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll

[2011/05/30 21:41:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll

[2011/05/30 21:41:41 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll

[2011/05/30 21:41:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll

[2011/05/30 21:40:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEAPMON.DLL

[2011/05/30 21:40:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEAFXPU.DLL

[2011/05/30 21:40:25 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEAoem.dll

[2011/05/30 21:39:25 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxearwrd.ini

[2011/05/30 21:39:07 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll

[2011/05/30 21:39:07 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll

[2011/05/30 21:39:07 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll

[2011/05/30 21:39:07 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll

[2011/05/30 21:39:07 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll

[2011/05/30 21:39:07 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll

[2011/05/30 21:39:06 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll

[2011/05/30 21:39:06 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll

[2011/05/30 21:39:06 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll

[2011/05/30 21:39:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll

[2011/05/30 21:39:05 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll

[2011/05/30 21:39:05 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe

[2011/05/30 21:39:05 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll

[2011/05/30 21:39:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll

[2011/05/30 21:39:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll

[2011/05/30 21:39:05 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll

[2011/05/30 21:39:04 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll

[2011/05/30 21:39:04 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe

[2011/05/30 21:39:04 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll

[2011/05/30 21:39:04 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll

[2011/05/30 21:39:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll

[2011/05/30 21:39:03 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe

[2011/05/30 21:31:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll

[2011/05/30 21:31:21 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll

[2011/05/30 21:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll

[2011/05/30 21:21:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI

[2011/05/30 21:21:56 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini

[2011/05/30 21:21:25 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2011/02/19 21:16:03 | 000,150,764 | ---- | C] () -- C:\WINDOWS\hpoins30.dat.temp

[2011/02/19 21:16:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat.temp

[2010/12/18 04:07:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\$_hpcst$.hpc

[2010/11/14 05:10:17 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ContextMenu.dll

[2010/11/09 02:39:55 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini

[2010/11/09 01:52:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2010/10/10 17:26:17 | 002,447,334 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Local Settings\Application Data\[j0011]-[p08].bmp

[2010/09/15 12:57:44 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/08/14 23:43:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sculececi.dat

[2010/08/14 23:43:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dxojujehokonipu.bin

[2010/08/13 19:36:41 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ereg077.dat

[2010/08/08 03:36:11 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010/08/07 01:25:26 | 000,000,108 | ---- | C] () -- C:\WINDOWS\KA.INI

[2010/05/25 04:19:18 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\bpzmnq.dat

[2010/05/22 21:12:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== LOP Check ==========

[2007/05/26 19:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2007/05/26 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2007/05/26 13:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star

[2008/09/03 15:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2008/07/01 12:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games

[2007/05/26 14:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2009/02/08 18:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2007/05/26 14:32:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2008/05/18 21:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2007/05/27 22:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect

[2008/05/09 21:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2008/05/09 21:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2007/05/26 14:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard

[2008/08/05 21:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/02/26 10:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2008/09/03 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/10/03 15:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames

[2009/06/22 16:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\3DVIA

[2009/10/17 14:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM

[2011/12/24 02:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software

[2010/02/27 18:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus

[2009/02/15 01:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software

[2009/10/17 20:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA

[2010/09/11 21:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Cisco

[2012/02/21 04:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Tool

[2010/08/15 19:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro

[2011/05/30 22:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lexmark S300-S400 Series

[2011/06/16 02:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters

[2011/12/28 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop

[2010/02/10 23:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files

[2011/05/30 21:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\S300-S400 Series

[2009/02/14 13:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SnapStream

[2010/08/01 12:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

[2011/05/30 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tenda Driver

[2009/10/02 23:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint

[2009/06/30 16:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WildTangent

[2010/03/13 21:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip

[2011/04/13 04:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/24 19:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/25 23:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/09/03 15:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\acccore

[2008/04/21 14:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\FrostWire

[2008/03/19 13:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\GetRight

[2008/10/18 21:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\gtk-2.0

[2009/01/21 22:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\IObit

[2008/09/09 23:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\Leadertech

[2008/06/03 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\Orbit

[2008/05/09 21:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\ScanSoft

[2011/06/09 01:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\SpinTop

[2008/06/28 22:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\SpinTop Games

[2008/12/14 17:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\Unity

[2009/05/30 01:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\acccore

[2010/06/21 15:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Audacity

[2012/02/13 08:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus

[2010/06/17 21:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Braid

[2010/09/11 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Cisco

[2012/04/12 03:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox

[2011/10/04 22:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Easeware

[2012/01/21 23:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\ExportTool

[2009/06/29 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\GetRightToGo

[2010/10/24 19:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Keynote Systems

[2010/06/12 18:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Logia

[2010/10/29 01:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\MsgCnf

[2010/02/07 19:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\NPLUTO Corporation

[2009/10/20 23:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\OpenOffice.org

[2010/02/10 18:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Raptr

[2011/05/30 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\S300-S400 Series

[2010/08/15 19:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\SafeReturner

[2011/01/18 03:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Samsung

[2012/01/09 01:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\spiral

[2011/12/26 02:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\SystemRequirementsLab

[2010/08/20 21:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Uniblue

[2010/08/07 21:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Unity

[2012/04/14 03:42:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

[2012/04/14 02:38:15 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C596FF7-D8B5-4982-9A95-33F9FA542D93}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92847C60

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26C634E5

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B79CA233

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A5DE6E

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E87F4522

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDA55117

< End of report >

Extras.txt

OTL Extras logfile created on: 4/14/2012 2:32:09 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.27% Memory free

3.85 Gb Paging File | 3.10 Gb Available in Paging File | 80.66% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 109.26 Gb Free Space | 73.31% Space Free | Partition Type: NTFS

Drive D: | 693.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PHIL3-5B4CCB1AE | User Name: Mano | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"867:TCP" = 867:TCP:*:Enabled:WarriorEpic

"867:UDP" = 867:UDP:*:Enabled:WarriorEpic

"744:TCP" = 744:TCP:*:Enabled:WarriorEpic

"744:UDP" = 744:UDP:*:Enabled:WarriorEpic

"467:TCP" = 467:TCP:*:Enabled:WarriorEpic

"467:UDP" = 467:UDP:*:Enabled:WarriorEpic

"704:TCP" = 704:TCP:*:Enabled:WarriorEpic

"704:UDP" = 704:UDP:*:Enabled:WarriorEpic

"861:TCP" = 861:TCP:*:Enabled:WarriorEpic

"861:UDP" = 861:UDP:*:Enabled:WarriorEpic

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service

"C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy

"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service

"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service

"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine

"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader

"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service

"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service

"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe" = C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM

"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE

"C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe" = C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome Essentials (1) -- (Nero AG)

"C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exe" = C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome Essentials (2) -- (Nero AG)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Disabled:Reactor Application

"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()

"C:\Program Files\DriftCity\DriftCity.exe" = C:\Program Files\DriftCity\DriftCity.exe:*:Enabled:DriftCity

"C:\Program Files\ijji\ijji REACTOR\OutBound_Pul.exe" = C:\Program Files\ijji\ijji REACTOR\OutBound_Pul.exe:*:Disabled:OutBound Application

"C:\ijji\Warrior Epic\WEShell_TGI_IJJI.exe" = C:\ijji\Warrior Epic\WEShell_TGI_IJJI.exe:*:Enabled:Warrior Epic

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Disabled:Pando Media Booster -- ()

"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server

"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

"C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:S300-S400 Series Server -- ( )

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze

"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4

"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office

"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580

"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{591FECC7-50E1-408B-948B-F5C7D411DB3C}" = Tenda Wireless LAN Card

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{8C6CB33A-AA86-446C-8C4D-304A7FA51033}" = Nero 8 Essentials

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 290.53

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 290.53

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.02

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.6.24

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes

"{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1033}" = SecurDisc Viewer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C77A1356-1654-4340-BA5B-A21ED3289B2E}" = Kaplan Essential Review- Biology & Chemistry

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AIM_7" = AIM 7

"Audacity_is1" = Audacity 1.2.6

"avast" = avast! Free Antivirus

"AviSynth" = AviSynth 2.5

"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.28.0

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"DivX Setup.divx.com" = DivX Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]

"HaaliMkx" = Haali Media Splitter

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 12.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.0

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"Lexmark S300-S400 Series" = Lexmark S300-S400 Series

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MatlabR2007b" = MATLAB R2007b

"MatlabR2010a" = MATLAB R2010a

"MegaStat Excel 2007" = MegaStat Excel 2007

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MjM Free Photo Recovery Software1.0" = MjM Free Photo Recovery Software

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PowerISO" = PowerISO

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SystemRequirementsLab" = System Requirements Lab

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"GeoGebra WebStart" = GeoGebra WebStart

"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/17/2012 7:28:03 PM | Computer Name = PHIL3-5B4CCB1AE | Source = Application Hang | ID = 1002

Description = Hanging application zsnesw.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2012 7:28:06 PM | Computer Name = PHIL3-5B4CCB1AE | Source = Application Hang | ID = 1001

Description = Fault bucket 02084617.

Error - 3/22/2012 11:42:42 AM | Computer Name = PHIL3-5B4CCB1AE | Source = MsiInstaller | ID = 11706

Description = Product: Adobe Reader X (10.1.2) -- Error 1706.No valid source could

be found for product Adobe Reader X (10.1.2). The Windows Installer cannot continue.

Error - 3/22/2012 11:42:44 AM | Computer Name = PHIL3-5B4CCB1AE | Source = MsiInstaller | ID = 1024

Description = Product: Adobe Reader X (10.1.2) - Update 'Adobe Reader X (10.1.2)'

could not be installed. Error code 1603. Windows Installer can create logs to help

troubleshoot issues with installing software packages. Use the following link for

instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/3/2012 6:25:48 AM | Computer Name = PHIL3-5B4CCB1AE | Source = MsiInstaller | ID = 11706

Description = Product: Adobe Reader X (10.1.2) -- Error 1706.No valid source could

be found for product Adobe Reader X (10.1.2). The Windows Installer cannot continue.

Error - 4/3/2012 6:25:50 AM | Computer Name = PHIL3-5B4CCB1AE | Source = MsiInstaller | ID = 1024

Description = Product: Adobe Reader X (10.1.2) - Update 'Adobe Reader X (10.1.2)'

could not be installed. Error code 1603. Windows Installer can create logs to help

troubleshoot issues with installing software packages. Use the following link for

instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 4/12/2012 3:24:21 AM | Computer Name = PHIL3-5B4CCB1AE | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Failed to compile: C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe .

Error code = 0x80131047

Error - 4/14/2012 1:57:07 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.39.2, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2012 2:27:48 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.39.2, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/14/2012 2:27:52 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Application Hang | ID = 1001

Description = Fault bucket -1399803361.

[ Cisco AnyConnect VPN Client Events ]

Error - 3/22/2011 3:34:39 AM | Computer Name = PHIL3-5B4CCB1AE | Source = vpnagent | ID = 50331650

Description = Termination reason code 7: The agent has been stopped.

Error - 3/22/2011 3:34:39 AM | Computer Name = PHIL3-5B4CCB1AE | Source = vpnagent | ID = 50331649

Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp

Line:

997 Description: fatal error, stopping service

[ System Events ]

Error - 4/13/2012 8:19:43 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/13/2012 8:19:47 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/13/2012 8:19:51 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/13/2012 8:19:55 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/13/2012 8:19:59 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/14/2012 1:55:19 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/14/2012 2:11:16 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/14/2012 2:11:20 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/14/2012 2:11:24 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 4/14/2012 2:11:28 AM | Computer Name = PHIL3-5B4CCB1AE | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\D.

< End of report >

Thanks again for the help!

Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rjfs.sys -- (dspvfad)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
    IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.crawler.com/homepage.aspx?tbid=60076
    IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60076
    IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjddr&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110709&user_guid=8E599F8B236B41CCA845D541455CFA4B&machine_id=993aabde500c79fb48454a76eb714729&browser=IE&os=win&os_version=5.1-x86-SP3
    IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80051&lng=en
    FF - prefs.js..browser.search.defaultenginename: "AIM Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="
    FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);user_pref("network.protocol-handler.warn-external.dnupdate", false);
    [2012/01/08 13:49:28 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\conduit.xml
    [2007/07/26 16:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
    O3 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2008/09/03 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/02/27 18:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
    [2009/10/02 23:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
    [2008/04/21 14:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MANO\Application Data\FrostWire
    [2012/02/13 08:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92847C60
    @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26C634E5
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B79CA233
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7A5DE6E
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E87F4522
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDA55117

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Worked like a charm! Here's the log:

-------------------------------------------------------------

All processes killed

========== OTL ==========

Service dspvfad stopped successfully!

Service dspvfad deleted successfully!

File System32\drivers\rjfs.sys not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.

Registry key HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44816E91-C68A-2FF3-3D8F-8970062E5600}\ not found.

Registry key HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.

Prefs.js: "AIM Search" removed from browser.search.defaultenginename

Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "http://search.search-go.net/?sid=10101052100&s=" removed from keyword.URL

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\FireFox\Profiles\2uctzfvy.default\user.js moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\conduit.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.

Registry value HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.

Registry value HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\xml\schemas folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\xml\misc folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\xml\data folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\xml folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\themes\frostwire_theme folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\themes folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire\.NetworkShare folder moved successfully.

C:\Documents and Settings\MANO\Application Data\FrostWire folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\updates folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\torrents folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\tmp folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\subs folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\shares\cache1 folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\shares folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\rss folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\mlab folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\hvi folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azutp\x64 folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azutp\win32 folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azutp folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azupnpav folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azump\mplayer folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azump folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azemp\mplayer folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\azemp folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\plugins folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\net folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\logs folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\dht folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\devices folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\active folder moved successfully.

C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus folder moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:92847C60 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F deleted successfully.

ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:26C634E5 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B79CA233 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7A5DE6E deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:E87F4522 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDA55117 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 57691242 bytes

->Temporary Internet Files folder emptied: 17665227 bytes

->Flash cache emptied: 300 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 670 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 66978 bytes

User: MANO

->Temp folder emptied: 5581458 bytes

->Temporary Internet Files folder emptied: 4401896 bytes

->Java cache emptied: 7474 bytes

->FireFox cache emptied: 84319478 bytes

->Google Chrome cache emptied: 6859462 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 32695 bytes

User: Mano.PHIL3-5B4CCB1AE

->Temp folder emptied: 587983 bytes

->Temporary Internet Files folder emptied: 6008770 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 1134884405 bytes

->Flash cache emptied: 286503 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 115136272 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 762258 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 3613713 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21708 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 100639382 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,470.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_035628

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thanks again for all the help, and especially for your patience.

Link to post
Share on other sites

All right, fresh OTL.txt.

-----------------------------------

All processes killed

========== OTL ==========

Error: No service named dspvfad was found to stop!

Service\Driver key dspvfad not found.

File System32\drivers\rjfs.sys not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.

Registry key HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44816E91-C68A-2FF3-3D8F-8970062E5600}\ not found.

Registry key HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.

Prefs.js: "AIM Search" removed from browser.search.defaultenginename

Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "http://search.search-go.net/?sid=10101052100&s=" removed from keyword.URL

File C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\conduit.xml not found.

File C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml not found.

Registry value HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.

Registry value HKEY_USERS\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.

Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus\ not found.

Folder C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint\ not found.

Folder C:\Documents and Settings\MANO\Application Data\FrostWire\ not found.

Folder C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Azureus\ not found.

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:92847C60 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F .

Unable to delete ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:26C634E5 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B79CA233 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7A5DE6E .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:E87F4522 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .

Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDA55117 .

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: MANO

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mano.PHIL3-5B4CCB1AE

->Temp folder emptied: 2048 bytes

->Temporary Internet Files folder emptied: 5275961 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 43191905 bytes

->Flash cache emptied: 470 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6761 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04182012_233537

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

You want to redirect you to Google?

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Alright, i went into safe mode to run Combofix and got the logs:

-----------------------------------------------------------------------------------

ComboFix 12-04-19.01 - Mano 04/21/2012 0:36.3.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1617 [GMT -4:00]

Running from: c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))

.

.

2012-04-15 19:38 . 2012-04-15 19:38 -------- d-----w- C:\_OTL

2012-04-09 06:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 23:15 . 2011-12-24 06:12 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2011-12-24 06:12 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2011-12-24 06:12 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2011-12-24 06:12 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2011-12-24 06:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2011-12-24 06:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2011-12-24 06:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-06 23:01 . 2011-12-24 06:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-06 23:01 . 2011-12-24 06:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 22:58 . 2011-12-24 06:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 11:01 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-03-01 11:01 . 2004-08-04 04:56 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-29 14:10 . 2004-08-04 04:56 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 04:56 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22 . 2004-08-04 03:17 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-03-17 05:25 . 2011-04-26 15:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-09-12 00:47 . 2010-09-12 00:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]

"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mano.PHIL3-5B4CCB1AE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]

2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-01-04 17:45 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2011-01-24 03:08 148280 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 20:08 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark S300-S400 Series Fax Server]

2011-01-24 03:08 316072 ----a-w- c:\program files\Lexmark S300-S400 Series\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2011-12-17 21:03 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-09-26 13:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBestCR]

2011-12-28 22:12 7041024 ----a-w- c:\program files\USIM Editor\iconcs157427093.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=

"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\\setup\\hpznui01.exe"=

"c:\\WINDOWS\\system32\\lxeacoms.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Documents and Settings\\Mano.PHIL3-5B4CCB1AE\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"867:TCP"= 867:TCP:WarriorEpic

"867:UDP"= 867:UDP:WarriorEpic

"744:TCP"= 744:TCP:WarriorEpic

"744:UDP"= 744:UDP:WarriorEpic

"467:TCP"= 467:TCP:WarriorEpic

"467:UDP"= 467:UDP:WarriorEpic

"704:TCP"= 704:TCP:WarriorEpic

"704:UDP"= 704:UDP:WarriorEpic

"861:TCP"= 861:TCP:WarriorEpic

"861:UDP"= 861:UDP:WarriorEpic

.

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/24/2011 2:12 AM 612184]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/24/2011 2:12 AM 337880]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [12/28/2011 6:12 PM 65536]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/24/2011 2:12 AM 20696]

S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/30/2011 9:41 PM 193192]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/9/2012 2:01 AM 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [12/26/2011 2:32 AM 2348864]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [5/30/2011 9:21 PM 19072]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/9/2012 2:01 AM 22344]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [12/28/2011 6:12 PM 51072]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [5/29/2010 1:47 PM 30576]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-04-21 c:\windows\Tasks\User_Feed_Synchronization-{8C596FF7-D8B5-4982-9A95-33F9FA542D93}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

FF - ProfilePath - c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://noscript.net/?ver=2.2.8&prev=2.2.7

FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 5577

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-21 00:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\0b\02\08\07\19$\1f"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2008)

c:\windows\system32\WININET.dll

c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-04-21 07:33:03

ComboFix-quarantined-files.txt 2012-04-21 11:33

ComboFix2.txt 2012-04-19 22:37

ComboFix3.txt 2010-08-14 21:51

.

Pre-Run: 129,757,687,808 bytes free

Post-Run: 129,729,380,352 bytes free

.

- - End Of File - - 54BC3C03D22013BCBD7ADF6D99181571

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101052100&s=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 0

RegLock::
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

JavaClearCache::]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here it is.

----------------

ComboFix 12-04-19.01 - Mano 04/21/2012 19:37:01.4.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1613 [GMT -4:00]

Running from: c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))

.

.

2012-04-15 19:38 . 2012-04-15 19:38 -------- d-----w- C:\_OTL

2012-04-09 06:01 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-06 23:15 . 2011-12-24 06:12 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2011-12-24 06:12 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2011-12-24 06:12 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2011-12-24 06:12 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2011-12-24 06:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2011-12-24 06:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2011-12-24 06:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-06 23:01 . 2011-12-24 06:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-06 23:01 . 2011-12-24 06:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 22:58 . 2011-12-24 06:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 11:01 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-03-01 11:01 . 2004-08-04 04:56 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-29 14:10 . 2004-08-04 04:56 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 04:56 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec

2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22 . 2004-08-04 03:17 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-03-17 05:25 . 2011-04-26 15:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-09-12 00:47 . 2010-09-12 00:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-24 770728]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-17 15467840]

"NvMediaCenter"="NvMCTray.dll" [2011-12-17 108352]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Mano.PHIL3-5B4CCB1AE^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]

2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-01-04 17:45 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2011-01-24 03:08 148280 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-03-12 20:08 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark S300-S400 Series Fax Server]

2011-01-24 03:08 316072 ----a-w- c:\program files\Lexmark S300-S400 Series\fm3032.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2011-12-17 21:03 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-09-26 13:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBestCR]

2011-12-28 22:12 7041024 ----a-w- c:\program files\USIM Editor\iconcs157427093.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NeroMediaHome.exe"=

"c:\\Program Files\\Nero\\Nero8\\Nero MediaHome\\NMMediaServer.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\\setup\\hpznui01.exe"=

"c:\\WINDOWS\\system32\\lxeacoms.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Documents and Settings\\Mano.PHIL3-5B4CCB1AE\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"867:TCP"= 867:TCP:WarriorEpic

"867:UDP"= 867:UDP:WarriorEpic

"744:TCP"= 744:TCP:WarriorEpic

"744:UDP"= 744:UDP:WarriorEpic

"467:TCP"= 467:TCP:WarriorEpic

"467:UDP"= 467:UDP:WarriorEpic

"704:TCP"= 704:TCP:WarriorEpic

"704:UDP"= 704:UDP:WarriorEpic

"861:TCP"= 861:TCP:WarriorEpic

"861:UDP"= 861:UDP:WarriorEpic

.

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/24/2011 2:12 AM 612184]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/24/2011 2:12 AM 337880]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [12/28/2011 6:12 PM 65536]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/24/2011 2:12 AM 20696]

S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/30/2011 9:41 PM 193192]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/9/2012 2:01 AM 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [12/26/2011 2:32 AM 2348864]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [5/30/2011 9:21 PM 19072]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/9/2012 2:01 AM 22344]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [12/28/2011 6:12 PM 51072]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [5/29/2010 1:47 PM 30576]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-04-21 c:\windows\Tasks\User_Feed_Synchronization-{8C596FF7-D8B5-4982-9A95-33F9FA542D93}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

FF - ProfilePath - c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-21 19:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\0b\02\08\07\19$\1f"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(772)

c:\windows\system32\WININET.dll

c:\documents and settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-04-21 19:45:42

ComboFix-quarantined-files.txt 2012-04-21 23:45

ComboFix2.txt 2012-04-21 11:33

ComboFix3.txt 2012-04-19 22:37

ComboFix4.txt 2010-08-14 21:51

.

Pre-Run: 129,450,270,720 bytes free

Post-Run: 129,422,929,920 bytes free

.

- - End Of File - - C958EEAEC006B2A896445A7B8284D35E

Link to post
Share on other sites

OTL Log, fresh from the tap:

--------------------------------------

OTL logfile created on: 4/22/2012 12:45:08 PM - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 84.61% Memory free

3.85 Gb Paging File | 3.74 Gb Available in Paging File | 97.14% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 120.59 Gb Free Space | 80.91% Space Free | Partition Type: NTFS

Drive I: | 3.82 Gb Total Space | 3.26 Gb Free Space | 85.23% Space Free | Partition Type: FAT32

Computer Name: PHIL3-5B4CCB1AE | User Name: Mano | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 01:53:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\OTL.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/12/28 18:12:39 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\afasrv32.exe -- (AfaService)

SRV - [2011/12/17 17:03:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2010/04/14 18:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\lxeacoms.exe -- (lxea_device)

SRV - [2010/04/14 18:45:14 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)

SRV - [2009/12/10 14:16:08 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files\Tenda\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2009/12/06 18:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2006/09/08 17:12:50 | 000,172,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2006/09/08 17:10:42 | 000,172,090 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MANO~1.PHI\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/06/15 04:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2011/06/07 08:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/04/14 21:39:20 | 000,827,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)

DRV - [2010/04/09 02:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)

DRV - [2010/03/12 21:41:16 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)

DRV - [2009/12/10 14:16:14 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)

DRV - [2008/05/27 11:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)

DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/30 22:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/09/21 11:39:16 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NVATA.sys -- (nvata)

DRV - [2006/08/07 20:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006/08/07 20:39:22 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/08/07 20:39:14 | 000,110,080 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)

DRV - [2005/04/07 23:29:42 | 000,028,800 | ---- | M] (Ideazon) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OmniUsb.sys -- (OmniUsb)

DRV - [2005/01/26 10:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2004/07/27 01:27:50 | 000,009,696 | ---- | M] (Ideazon) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OmniUsbl.sys -- (OmniUsbl)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E CC 90 4F A7 AB CB 01 [binary data]

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}: "URL" = http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q={searchTerms}

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87

FF - prefs.js..extensions.enabledItems: {BB080420-8088-F650-3D47-13799CCD6159}:1.33

FF - prefs.js..extensions.enabledItems: firefoxextensions@keynote.com:17.0.14.0

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="

FF - prefs.js..network.proxy.autoconfig_url: "http://www.igreonline.net/proxy/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.socks_version: 4

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 17:56:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/09 02:03:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 01:25:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/02 22:51:48 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 17:56:56 | 000,000,000 | ---D | M]

[2009/04/01 01:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Extensions

[2012/04/21 12:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions

[2010/08/15 19:36:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2012/04/18 03:01:17 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

[2010/09/08 19:52:01 | 000,000,000 | ---D | M] (Multiproxy Switch) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{BB080420-8088-F650-3D47-13799CCD6159}

[2012/02/20 03:24:19 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}

[2010/08/15 19:34:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)

[2012/03/02 04:23:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012/01/11 20:06:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)

[2010/08/15 19:36:14 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\btpersonas@brandthunder(2).com

[2010/08/15 19:34:21 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\btpersonas@brandthunder(3).com

[2012/03/16 20:20:28 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\extensions\foxyproxy@eric.h.jung

[2009/10/17 14:22:34 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\aim-search.xml

[2011/07/09 04:28:56 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Profiles\2uctzfvy.default\searchplugins\bing-zugo.xml

[2012/01/02 01:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/10/10 21:53:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/08/15 19:34:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}(2)

[2011/07/10 13:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\firefoxextensions@keynote.com

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANO.PHIL3-5B4CCB1AE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2UCTZFVY.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANO.PHIL3-5B4CCB1AE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2UCTZFVY.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MANO.PHIL3-5B4CCB1AE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2UCTZFVY.DEFAULT\EXTENSIONS\GOOGLEDICTIONARY@TOPTIP.CA.XPI

[2012/04/09 02:03:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2010/08/20 21:45:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/05/25 04:34:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/03/17 01:25:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/08/03 18:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2011/12/29 21:14:56 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll

[2012/02/12 02:28:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2012/02/12 02:28:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/19 11:41:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found

O4 - Startup: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1078081533-1645522239-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F85FA71A-C32A-4262-B427-7F45016F7981}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/05/26 12:44:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/04/28 20:37:00 | 000,039,424 | ---- | M] () - I:\Auto Lanuch ON-OFF Disabler.exe -- [ FAT32 ]

O32 - AutoRun File - [2011/04/29 01:37:00 | 000,000,132 | -H-- | M] () - I:\AUTORUN.INF -- [ FAT32 ]

O32 - AutoRun File - [2011/04/29 01:37:00 | 000,000,132 | -H-- | M] () - I:\AUTORUNLAUNCH.INF -- [ FAT32 ]

O32 - AutoRun File - [2011/04/29 01:37:00 | 000,000,062 | -H-- | M] () - I:\AUTORUNNOLAUNCH.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 19:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/04/20 23:32:35 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/04/19 11:32:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/04/19 11:32:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/04/19 11:32:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/04/19 11:32:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/04/19 11:31:54 | 004,467,868 | R--- | C] (Swearware) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\ComboFix.exe

[2012/04/18 23:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Recent

[2012/04/15 15:38:18 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/14 01:53:07 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\OTL.exe

[2012/04/12 03:54:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\dds.scr

[2012/04/09 02:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/09 02:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2032/02/14 23:32:12 | 000,002,852 | -H-- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\My Documents\FINDER.DAT

[2012/04/22 12:43:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/22 12:41:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/22 12:39:29 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C596FF7-D8B5-4982-9A95-33F9FA542D93}.job

[2012/04/21 20:21:11 | 000,752,592 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz

[2012/04/20 23:32:42 | 000,000,355 | RHS- | M] () -- C:\boot.ini

[2012/04/19 11:41:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/04/19 11:34:41 | 000,000,355 | ---- | M] () -- C:\Boot.bak

[2012/04/19 11:31:52 | 004,467,868 | R--- | M] (Swearware) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\ComboFix.exe

[2012/04/18 09:41:01 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Defraggler.lnk

[2012/04/17 00:30:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\ResetTeaTimer.exe

[2012/04/14 02:29:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk

[2012/04/14 01:53:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\OTL.exe

[2012/04/12 03:53:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\dds.scr

[2012/04/12 03:10:57 | 000,536,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/04/12 03:10:57 | 000,110,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/04/10 13:54:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/10 08:43:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/04/09 02:03:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/19 11:32:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/04/19 11:32:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/04/19 11:32:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/04/19 11:32:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/04/19 11:32:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/04/18 09:41:01 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Defraggler.lnk

[2012/04/17 00:30:42 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Desktop\ResetTeaTimer.exe

[2012/04/09 02:01:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/16 16:43:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/28 18:12:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\afasrv32.exe

[2011/12/26 02:31:16 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/12/26 02:31:16 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/12/26 02:31:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/12/26 02:30:24 | 002,761,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/10/11 00:21:46 | 000,000,182 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011/10/07 00:50:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/10/05 18:53:35 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011/09/16 13:00:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/05/30 21:41:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll

[2011/05/30 21:41:51 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll

[2011/05/30 21:41:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll

[2011/05/30 21:41:41 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll

[2011/05/30 21:41:41 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll

[2011/05/30 21:40:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEAPMON.DLL

[2011/05/30 21:40:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEAFXPU.DLL

[2011/05/30 21:40:25 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEAoem.dll

[2011/05/30 21:39:25 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxearwrd.ini

[2011/05/30 21:39:07 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll

[2011/05/30 21:39:07 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll

[2011/05/30 21:39:07 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll

[2011/05/30 21:39:07 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll

[2011/05/30 21:39:07 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll

[2011/05/30 21:39:07 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll

[2011/05/30 21:39:06 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll

[2011/05/30 21:39:06 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll

[2011/05/30 21:39:06 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll

[2011/05/30 21:39:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll

[2011/05/30 21:39:05 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll

[2011/05/30 21:39:05 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe

[2011/05/30 21:39:05 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll

[2011/05/30 21:39:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll

[2011/05/30 21:39:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll

[2011/05/30 21:39:05 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll

[2011/05/30 21:39:04 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll

[2011/05/30 21:39:04 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe

[2011/05/30 21:39:04 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll

[2011/05/30 21:39:04 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll

[2011/05/30 21:39:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll

[2011/05/30 21:39:03 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe

[2011/05/30 21:31:22 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll

[2011/05/30 21:31:21 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll

[2011/05/30 21:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll

[2011/05/30 21:21:56 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI

[2011/05/30 21:21:56 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini

[2011/05/30 21:21:25 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2011/02/19 21:16:03 | 000,150,764 | ---- | C] () -- C:\WINDOWS\hpoins30.dat.temp

[2011/02/19 21:16:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat.temp

[2010/12/18 04:07:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\$_hpcst$.hpc

[2010/11/14 05:10:17 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\WS_ContextMenu.dll

[2010/11/09 02:39:55 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini

[2010/11/09 01:52:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2010/10/10 17:26:17 | 002,447,334 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Local Settings\Application Data\[j0011]-[p08].bmp

[2010/09/15 12:57:44 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/08/14 23:43:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Sculececi.dat

[2010/08/14 23:43:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dxojujehokonipu.bin

[2010/08/13 19:36:41 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ereg077.dat

[2010/08/08 03:36:11 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2010/08/07 01:25:26 | 000,000,108 | ---- | C] () -- C:\WINDOWS\KA.INI

[2010/05/25 04:19:18 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Mano.PHIL3-5B4CCB1AE\Application Data\bpzmnq.dat

[2010/05/22 21:12:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101052100&s="

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Here it is. . .

---------------

All processes killed

========== OTL ==========

Prefs.js: "http://search.search-go.net/?sid=10101052100&s=" removed from keyword.URL

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: MANO

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Mano.PHIL3-5B4CCB1AE

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 5276161 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 53171132 bytes

->Flash cache emptied: 259152 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2944 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04232012_034456

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

I looked through "about:config" and I manually changed the Keyword.URL to the Bing Search Engine. And it worked! However, when I restarted Firefox, the value was changed back to search.go.

I did some other looking around and there's this irritating Community Toolbar that seems to be the source of the problem. However, it isn't an add-on or an extension or a program. I can't delete it because it is no longer on my computer.

So, I want to do a hard reboot of Firefox. Is there anyway to make EVERYTHING from Firefox be deleted? I've tried uninstallation, but upon reinstallation, all of my bookmarks, my history, everything remained.

Link to post
Share on other sites

Let's take a deeper look in your system. It seems there are more leftovers.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    search-go

    :folderfind
    *search-go*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.