Jump to content

Infected by BT Scour... yay


Recommended Posts

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

ran scan with Combofix

Scanning for infected files . . .

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

Completed Stage_1

Completed Stage_2

Completed Stage_3

Completed Stage_4

Completed Stage_5

Completed Stage_6

Completed Stage_6A

Completed Stage_7

Completed Stage_8

Completed Stage_9

Completed Stage_10

Completed Stage_11

Completed Stage_12

Completed Stage_13

Completed Stage_14

Completed Stage_15

Completed Stage_16

Completed Stage_17

Completed Stage_18

Completed Stage_19

Completed Stage_19B

Completed Stage_20

Completed Stage_21

Completed Stage_22

Completed Stage_23

Completed Stage_24

Completed Stage_25

Completed Stage_26

Completed Stage_27

Completed Stage_28

Completed Stage_29

Completed Stage_30

Completed Stage_31

Completed Stage_32

Completed Stage_32A

Completed Stage_33

Completed Stage_34

Completed Stage_35

Completed Stage_36

Completed Stage_37

Completed Stage_38

Completed Stage_39

Completed Stage_40

Completed Stage_41

Completed Stage_42

Completed Stage_43

Completed Stage_44

Completed Stage_45

Completed Stage_46

Completed Stage_47

Completed Stage_48

Completed Stage_49

Completed Stage_50

Deleting Files:

C:\Windows\SysWow64\URTTemp\regtlib.exe

Deleting Folders:

C:\Program Files (x86)\CouponAlert_2pEI

C:\Windows\SysWow64\URTTemp

Had flashing cursor at end --- did not generate txt file

Link to post
Share on other sites

waited 30+ min then closed program. rebooted. redisabled virus protection and rescanned w/ combofix

ComboFix 12-11-08.01 - Owner 11/08/2012 15:42:06.2.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6351 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Local\assembly\tmp

.

---- Previous Run -------

.

c:\program files (x86)\CouponAlert_2pEI

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))

.

.

2012-11-08 20:51 . 2012-11-08 20:54 -------- d-----w- c:\users\Owner\AppData\Local\temp

2012-11-08 20:51 . 2012-11-08 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-08 20:51 . 2012-11-08 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-21 12:13 . 2012-10-21 12:16 -------- d-----w- c:\program files (x86)\WMI Tools

2012-10-20 13:45 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-10-20 13:45 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-20 13:45 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-10-20 13:45 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-10-20 13:45 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-10-20 13:45 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-10-20 13:45 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2012-10-20 13:45 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-10-20 13:41 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-20 13:40 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll

2012-10-20 13:38 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-20 13:38 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll

2012-10-20 13:20 . 2012-10-20 13:20 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-20 13:19 . 2012-10-20 13:19 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-20 13:19 . 2010-04-21 02:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-02 22:21 . 2012-06-02 14:34 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-02 22:21 . 2012-06-02 14:34 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-02 22:21 . 2011-08-25 01:11 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-02 22:21 . 2011-08-25 00:28 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-02 22:21 . 2011-08-25 00:28 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-02 19:51 . 2011-03-20 21:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2011-03-20 21:33 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2011-07-20 16:45 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2011-03-20 21:34 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2011-03-20 21:34 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-10-02 19:50 . 2011-03-20 21:34 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-10-02 17:15 . 2012-10-02 17:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-09-28 04:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe

2012-08-25 04:22 . 2012-08-25 04:13 205058 ----a-w- C:\MGlogs.zip

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-16 1196048]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - prefs.js: network.proxy.type - 4

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-62719440.sys

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\AVG\AVG10\avgwdsvc.exe

c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

c:\program files\Logitech\SetPoint\x86\SetPoint32.exe

c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\Internet Explorer\IELowutil.exe

.

**************************************************************************

.

Completion time: 2012-11-08 16:00:36 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-08 21:00

.

Pre-Run: 188,438,306,816 bytes free

Post-Run: 188,307,345,408 bytes free

.

- - End Of File - - 0CB82BCC8B8B508E90F5970C05CA8A24

Link to post
Share on other sites

Hi,

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 19:05:08

# Updated 06/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : Owner - OWNER-PC

# Boot Mode : Normal

# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Celebrity Toolbar

Folder Found : C:\ProgramData\Viewpoint

Folder Found : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}

Key Found : HKLM\Software\Viewpoint

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}

Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2015 octets] - [09/11/2012 19:05:08]

########## EOF - C:\AdwCleaner[R1].txt - [2075 octets] ##########

Link to post
Share on other sites

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

----------

Link to post
Share on other sites

Hey Jeff.... I should have said this before --- Thank you for your help and efforts!

I ran the delete :

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 15:21:21

# Updated 06/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : Owner - OWNER-PC

# Boot Mode : Normal

# Running from : C:\Users\Owner\Desktop\Virus fixit folder 1\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Celebrity Toolbar

Deleted on reboot : C:\ProgramData\Viewpoint

Deleted on reboot : C:\Users\Owner\AppData\LocalLow\CouponAlert_2p

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2142 octets] - [09/11/2012 19:05:08]

AdwCleaner[R2].txt - [2202 octets] - [09/11/2012 19:06:43]

AdwCleaner[R3].txt - [2283 octets] - [10/11/2012 15:21:06]

AdwCleaner[s1].txt - [2253 octets] - [10/11/2012 15:21:21]

########## EOF - C:\AdwCleaner[s1].txt - [2313 octets] ##########

Link to post
Share on other sites

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

OTL logfile created on: 11/11/2012 4:19:19 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.56% Memory free

16.21 Gb Paging File | 14.70 Gb Available in Paging File | 90.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 177.29 Gb Free Space | 38.06% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes\{2E2893F6-85C1-4EF5-8F15-43C0A0872A13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: obmfbglyzf@obmfbglyzf.org:1.0

FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0

FF - prefs.js..extensions.enabledAddons: esnipesnipeit@esnipe.com:1.1.11

FF - prefs.js..extensions.enabledItems: esnipesnipeit@esnipe.com:1.1.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390

FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - prefs.js..network.proxy.type: 4

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 16:45:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/06 17:45:28 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]

[2008/02/06 09:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2012/11/08 14:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions

[2012/09/04 22:18:05 | 000,040,385 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\esnipesnipeit@esnipe.com.xpi

[1621/06/23 19:13:39 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi

[2012/07/08 09:34:22 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi

[2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

[2009/08/05 01:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/10/27 13:05:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/30 14:10:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/12 10:34:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/08 15:54:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F81E465-9F09-4A29-B3A2-3D807CA50C80}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 16:16:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/11/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Hero Lab

[2012/11/10 07:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab

[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab

[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab

[2012/11/10 07:27:03 | 007,527,792 | ---- | C] (LWD Technology, Inc. ) -- C:\Users\Owner\Desktop\hl41_win_install.exe

[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp

[2012/11/08 15:54:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/11/08 14:38:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/08 14:38:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/08 14:38:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/08 14:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/08 14:26:38 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/11/08 14:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus fixit folder 1

[2012/11/07 03:02:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JoAnne

[2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools

[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMI Tools

[2012/10/20 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/11 16:16:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/11/11 16:11:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/11 16:11:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/11 10:19:06 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/11 10:19:06 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/11 10:19:06 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/11 10:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/11 08:48:09 | 099,955,732 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/11/10 21:20:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat

[2012/11/10 15:32:51 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/11/10 14:23:14 | 726,057,052 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/10 12:53:03 | 000,938,643 | ---- | M] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf

[2012/11/10 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk

[2012/11/10 07:27:10 | 007,527,792 | ---- | M] (LWD Technology, Inc. ) -- C:\Users\Owner\Desktop\hl41_win_install.exe

[2012/11/08 15:54:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/08 14:26:40 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/10/26 17:05:39 | 000,508,551 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/10/20 21:37:18 | 000,252,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/10 12:52:12 | 000,938,643 | ---- | C] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf

[2012/11/10 07:27:37 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Hero Lab.lnk

[2012/11/08 14:38:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/08 14:38:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/08 14:38:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/08 14:38:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/08 14:38:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/10/20 08:24:23 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2011/05/30 18:30:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll

[2011/05/22 10:04:37 | 000,071,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\icarus-dxdiag.xml

[2011/01/16 14:52:02 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss

[2009/11/08 15:47:30 | 000,007,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/16 22:07:51 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat

[2009/09/06 22:35:26 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2009/08/08 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat

[2009/08/01 23:30:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/01/26 06:11:21 | 000,002,188 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2009/08/10 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2011/01/28 20:36:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AdventureTools

[2010/11/22 07:01:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10

[2012/02/08 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BigHugeEngine

[2011/08/26 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent

[2009/08/30 12:58:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blitware

[2010/02/08 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook

[2011/09/04 06:05:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\go

[2012/08/23 06:57:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit

[2011/01/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2009/10/16 10:02:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org

[2012/02/08 21:09:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin

[2011/02/15 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIFT

[2012/07/25 08:05:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sony

[2011/02/19 08:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab

[2012/09/29 06:04:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp

[2011/12/26 10:17:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software

[2009/09/16 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine

[2012/01/05 19:55:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\wargaming.net

[2009/08/10 22:44:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinPatrol

[2012/08/18 11:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe

[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe

[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe

[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe

[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe

[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe

[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe

[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe

[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe

[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/11/2012 4:19:20 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.56% Memory free

16.21 Gb Paging File | 14.70 Gb Available in Paging File | 90.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 177.29 Gb Free Space | 38.06% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 60 C1 09 74 52 18 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03D3C958-642A-4BD7-ACF4-7E1F3530FB48}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{0CEF8B4D-8212-4C7C-AD1E-3A67B2EB37C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{17147296-F842-4106-AC6C-9AD21FDE14F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{1F446AB0-ED47-42A6-A810-1E3035783EE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{24D18A76-5C98-4DA5-83EC-89164FB033AF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{2BB5DC04-0FC3-4986-9AB0-725609DA6DED}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{2D548A03-0EEF-4E36-8F5C-4B49A69A71E5}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"{316A39DB-DDA7-471E-A379-A0C861D09061}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{32FB7C1F-B004-4AA3-9617-3344FA91AAEC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3319F9FD-1AD5-4523-BC39-D76FC68BDF51}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{36F4635E-D371-450E-9309-56934E256F1A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |

"{3B6DB452-03C1-4FBF-8246-F7149FEF91B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{3C8D7496-FE58-4BEE-BC71-14545D91C903}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{3CD6AFAF-1C63-43FC-99DE-7D78065A0B04}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{490779CA-0735-4CD2-8452-38918EDF54A6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{4918B8E4-489B-4D3E-BF68-C12135E0065C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{494EBC06-F779-4038-AE01-2235612A6402}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{50C90A7B-4A97-4EAB-8955-F29F2E877498}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{52BC804A-FE68-4B11-9896-2171F709269D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{53348AC4-D1D3-4182-95C4-26327D4B0221}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5458291F-91C7-41C7-B009-2A7F0699991C}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |

"{557769A8-6E34-4591-AEA1-FA9D0F764B00}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{57FE131C-502E-4496-AE13-097DD2A2D861}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |

"{59A18BA0-8F72-4627-96B6-678DB9C7F20C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{5BD43DDA-6DD8-4C8E-B41C-E9B44B5A1343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{62863D68-C4F1-4DE6-B910-047F481BB27C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{63341B7A-D2D5-46F2-BB3A-C6D7AF6E467C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{63DBC8CB-A66E-46A6-8D4C-7ED4B1DD8387}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{7332B69E-9704-43CA-93FF-1F2B843498D0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{758B40BF-FDCD-4F1B-A050-FDE4280BE7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7E9BCA33-CBDF-4915-A363-B55CAC784439}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{7F5D0BBA-EB73-4FA2-9E5F-C3C55291CFE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{82BBD297-ACC8-455C-B4CE-8F4312580BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{84E9BC3F-3815-48D0-B383-4C94D32943AB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{87430AE1-18C4-42B1-847B-A3B1517AD8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{88351A79-079C-475D-B500-8C24F9444E53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{88530B21-AD87-4F9C-A9C2-3F2FD6C73395}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\turbineinvoker.exe |

"{8C7056D2-5444-4E50-B55C-38CAB5EA07E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{8FE66B0C-4177-4210-BCC6-67D6973AD187}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{935FEAC6-D46B-4BC6-A048-EC2B552EC9A1}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{97C11290-9EF1-4A4D-99EA-C4A313B2EF36}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{988FC537-43A3-482D-BD65-0CD7F6C94A29}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{9A2AEDE3-2E06-4411-A664-ABAFEFC663D8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{9B3D4889-0F08-4EBE-9EA0-A9721ECC420E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{A1FC2FD5-9B62-4D22-8583-5F0712885E2A}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe |

"{A66B44DE-836F-4CC5-8A13-CDB2D3ECAAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |

"{A7057AA3-2556-4505-8D8D-34D4EE0C4021}" = protocol=17 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |

"{AF1FD934-C247-4EEA-B7B4-52913B580D07}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |

"{B5300041-32E9-49DF-9A13-DE50E5415901}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{BC007471-680A-4D7D-A0CA-62680D52E0BF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |

"{BE788664-E6C6-45D3-B8EC-2627196AA855}" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

"{BEC85277-7BB7-4A01-8E43-30F3B494E445}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{C62ED905-F7A2-47B8-9820-FE2974273E3A}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\overlord ii\overlord2.exe |

"{CE97E628-6DB4-4214-9F79-9A416A9B4E54}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |

"{CFA4793E-754A-468C-B9C2-C13F5B723851}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{CFEDA699-641A-45FB-93EB-444DCF69D12F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\turbineinvoker.exe |

"{CFF12A65-F221-41E8-BAAC-EB5D259500AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D2885321-4C38-4395-825C-BF482298ED58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D64BB005-1584-4CD4-9A15-4FD614FCADF9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{DBD4BFB3-54E2-4DF2-93AD-D939DBF3B769}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{E108DFF3-0522-43B3-8DA1-67DE9649CCB6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"{E1180D9F-02D6-4B98-98AF-30BDA8031ED2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{E1F30509-0B8C-42E2-AD92-0B30D4DE0E93}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{E4B0180C-64A7-4317-A9BE-74AD277D9DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{E9E8ED28-7136-44A1-A3AA-AA2C00DCD2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{F6B68A38-91AD-40C3-B351-BB11C4A6F9B5}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |

"TCP Query User{010AC8CC-A4E8-4E4E-8534-593984611BA1}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe |

"TCP Query User{0EEDBDD5-7800-4E68-85BC-8FC711A589F1}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"TCP Query User{1698627C-770B-441B-A24E-501392CE33AB}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |

"TCP Query User{1B742ACF-CAF4-472E-AAC0-E7360C011D0D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{267FE803-CBE2-4563-BF4C-4BDE1E2C522C}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |

"TCP Query User{2E53F4A8-7430-4F5D-8E16-E6858F39F8C6}C:\users\owner\downloads\adventuretoolsdownloader.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\adventuretoolsdownloader.exe |

"TCP Query User{3A52AC41-C9DD-42D3-86C5-146D5EF42EFA}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |

"TCP Query User{47B698FD-3C31-4B08-911F-58BD58152C4C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |

"TCP Query User{4E30AC8B-82C6-4726-8C84-D749876840B7}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |

"TCP Query User{5AFA499E-380B-4BB9-96A6-3BDEDC33D863}C:\program files (x86)\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |

"TCP Query User{8C886B8F-72B7-4819-A9C0-56FB73F773AC}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |

"TCP Query User{9F56453B-B216-4588-8A08-45D8B635CF3F}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |

"TCP Query User{BA2B6C1F-137C-4098-89C9-203846FB985E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

"TCP Query User{F4217529-2D6C-4948-89DC-59E0CD6F5607}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{008E33B4-E705-41EC-9278-9CC0CEEF8C42}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{05B5186B-7677-443A-B30B-B395943763CA}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |

"UDP Query User{07324C8A-0756-4A90-A0B6-E714F893BC0C}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |

"UDP Query User{0EDC713C-2B26-4A4C-8A6C-650FB95795DC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

"UDP Query User{2CD1E1B0-BCF2-4FFE-A1DB-C279AF6D2D95}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"UDP Query User{30F6ADA8-0844-4B2E-B472-6239CD19B347}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |

"UDP Query User{49409D46-DF5C-4DF9-8DD5-2D6AAABA97C7}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |

"UDP Query User{49FFD0DF-A912-4479-88AE-C50C4F9240C8}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |

"UDP Query User{5BED7501-3032-46A9-B242-3770540FE419}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |

"UDP Query User{767FE51E-D5CD-4136-92D6-9EEC8BC586DE}C:\program files (x86)\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |

"UDP Query User{7EC54E45-2728-483F-B297-FCCA5EC848E9}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe |

"UDP Query User{B632473F-6B81-41FF-910B-3DCFE100A157}C:\users\owner\downloads\adventuretoolsdownloader.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\adventuretoolsdownloader.exe |

"UDP Query User{BE96268B-7082-4E7A-8F66-6080E9F9210B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{D5A66258-9091-4C7E-9295-9EC37E72ED51}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java 6 Update 19 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{902DCF72-EB95-4154-A81B-81000969927E}" = AVG 2011

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AVG" = AVG 2011

"HitmanPro36" = HitmanPro 3.6

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 23

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}" = Roleplaying City Map Generator 5.40

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder

"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1" = Hero Lab 4.1

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.116.12060

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1

"{CDC7F188-3A08-45C3-8C3C-99BE32911949}" = Photo Transport

"{CF566D77-F6F4-420C-91D5-3C4808547443}" = NWZ-S760 WALKMAN Guide

"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E8A0BF78-AEC5-449A-A391-1B20535009D6}" = TableSmith

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.53 Free Edition

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.03.8013

"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Conan_is1" = Age of Conan - Hyborian Adventures

"AutoHotkey" = AutoHotkey 1.1.02.02

"AutoREALM_is1" = AutoREALM Version 2.2.1

"BitTorrent" = BitTorrent

"Campaign Cartographer 2" = Campaign Cartographer 2

"CCleaner" = CCleaner

"ComcastHSI" = Comcast High-Speed Internet Install Wizard

"CUZ4_is1" = CAM UnZip 4.42

"DCrafter3" = Dungeon Crafter III (remove only)

"Diablo III" = Diablo III

"Free RAR Extract Frog" = Free RAR Extract Frog

"FrostWire 5" = FrostWire 5.1.3

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"Steam App 72850" = The Elder Scrolls V: Skyrim

"SystemRequirementsLab" = System Requirements Lab

"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning

"WinPatrol" = WinPatrol 2009

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.73

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CohMapPack" = VidiotMaps Map Overlay

"Facebook Plug-In" = Facebook Plug-In

"Move Media Player" = Move Media Player

"NCsoft-CityOfHeroes" = City of Heroes

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/7/2012 9:36:42 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/8/2012 12:02:34 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/8/2012 3:19:50 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/8/2012 4:34:04 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/8/2012 4:55:15 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/9/2012 12:02:39 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/9/2012 6:38:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/10/2012 3:27:32 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/10/2012 3:54:05 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

Error - 11/10/2012 4:27:46 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 11/10/2012 3:54:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 11/10/2012 3:54:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 11/10/2012 4:22:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 11/10/2012 4:27:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 11/10/2012 6:28:57 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 11/10/2012 6:28:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 11/11/2012 1:38:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 11/11/2012 1:38:40 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 11/11/2012 11:13:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 11/11/2012 11:13:22 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

< End of report >

Link to post
Share on other sites

Hi,

Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    FF - prefs.js..extensions.enabledAddons: obmfbglyzf@obmfbglyzf.org:1.0
    [1621/06/23 19:13:39 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi
    [2012/10/27 13:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2009/11/08 15:47:30 | 000,007,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Please post the new OTL log and let me know how your system is running. :)

Link to post
Share on other sites

text file created at reboot:

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Prefs.js: obmfbglyzf@obmfbglyzf.org:1.0 removed from extensions.enabledAddons

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\META-INF folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\chrome folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} folder moved successfully.

C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP\WiseCustomCalla.dll deleted successfully.

C:\Windows\A7E07C2B2220441587E3784D5814BC93.TMP folder deleted successfully.

C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.

C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.

C:\Windows\msdownld.tmp folder deleted successfully.

C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Owner\Desktop\Virus fixit folder 1\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\Virus fixit folder 1\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 2010096 bytes

->Temporary Internet Files folder emptied: 1882968 bytes

->Java cache emptied: 870934987 bytes

->FireFox cache emptied: 60246807 bytes

->Flash cache emptied: 1959399 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 630 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 894.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_200427

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

OTL logfile created on: 11/12/2012 8:15:51 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop\Virus fixit folder 1

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.16% Memory free

16.05 Gb Paging File | 14.47 Gb Available in Paging File | 90.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 174.70 Gb Free Space | 37.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\Virus fixit folder 1\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()

SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\SearchScopes\{2E2893F6-85C1-4EF5-8F15-43C0A0872A13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0

FF - prefs.js..extensions.enabledAddons: esnipesnipeit@esnipe.com:1.1.11

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/09/17 16:45:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Owner\AppData\Roaming\Move Networks [2010/04/06 17:45:28 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 13:05:51 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 13:05:47 | 000,000,000 | ---D | M]

[2008/02/06 09:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2012/11/12 20:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions

[2012/09/04 22:18:05 | 000,040,385 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\esnipesnipeit@esnipe.com.xpi

[2012/07/08 09:34:22 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi

[2012/11/12 20:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/08/05 01:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/10/27 13:05:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/30 14:10:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/12 10:34:54 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/12 20:08:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-682618116-4040520548-3266127876-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.9.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F81E465-9F09-4A29-B3A2-3D807CA50C80}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 20:04:27 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Hero Lab

[2012/11/10 07:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab

[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hero Lab

[2012/11/10 07:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hero Lab

[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/08 16:00:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp

[2012/11/08 15:54:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/11/08 14:38:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/11/08 14:38:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/11/08 14:38:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/11/08 14:31:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/08 14:26:38 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/11/08 14:20:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virus fixit folder 1

[2012/11/07 03:02:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\JoAnne

[2012/10/27 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WMI Tools

[2012/10/21 07:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMI Tools

[2012/10/20 08:45:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/10/20 08:45:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/10/20 08:45:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/10/20 08:44:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/10/20 08:44:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/10/20 08:44:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/10/20 08:44:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/10/20 08:44:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/10/20 08:44:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/10/20 08:44:58 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/10/20 08:44:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/10/20 08:44:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/10/20 08:44:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/10/20 08:44:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/10/20 08:44:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/10/20 08:41:39 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/10/20 08:41:31 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/10/20 08:41:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/10/20 08:41:25 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/10/20 08:41:24 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2012/10/20 08:41:23 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll

[2012/10/20 08:40:12 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/10/20 08:38:14 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/10/20 08:24:25 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys

[2012/10/20 08:24:25 | 000,072,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll

[2012/10/20 08:24:24 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2012/10/20 08:24:24 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2012/10/20 08:24:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2012/10/20 08:24:24 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2012/10/20 08:24:24 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2012/10/20 08:24:24 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2012/10/20 08:24:24 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2012/10/20 08:24:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2012/10/20 08:24:24 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2012/10/20 08:24:24 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2012/10/20 08:24:24 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2012/10/20 08:24:24 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2012/10/20 08:24:24 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll

[2012/10/20 08:24:24 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll

[2012/10/20 08:24:23 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2012/10/20 08:24:23 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2012/10/20 08:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/10/20 08:20:07 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/10/20 08:19:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/10/20 08:19:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/10/20 08:19:37 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files - Modified Within 30 Days ==========

[2012/11/12 20:17:33 | 000,716,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/11/12 20:17:33 | 000,613,270 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/11/12 20:17:33 | 000,108,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/11/12 20:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/12 20:10:19 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/12 20:10:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/12 20:08:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/11/12 20:01:19 | 000,509,750 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/11/12 20:00:53 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/11/12 15:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\prvlcl.dat

[2012/11/12 09:31:01 | 100,027,288 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/11/10 14:23:14 | 726,057,052 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/11/10 12:53:03 | 000,938,643 | ---- | M] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf

[2012/11/10 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Hero Lab.lnk

[2012/11/08 14:26:40 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2012/10/20 21:37:18 | 000,252,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/10/20 08:19:14 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/10/20 08:19:09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/10/20 08:19:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/10/20 08:19:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/10/20 08:19:07 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2012/11/10 12:52:12 | 000,938,643 | ---- | C] () -- C:\Users\Owner\Desktop\bn_employment_application_february_2011.pdf

[2012/11/10 07:27:37 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Hero Lab.lnk

[2012/11/08 14:38:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/11/08 14:38:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/11/08 14:38:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/11/08 14:38:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/11/08 14:38:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/10/20 08:24:23 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2011/05/30 18:30:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll

[2011/05/22 10:04:37 | 000,071,801 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\icarus-dxdiag.xml

[2011/01/16 14:52:02 | 000,000,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\setup_ldm.iss

[2009/09/16 22:07:51 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat

[2009/09/06 22:35:26 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2009/08/08 09:48:45 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\prvlcl.dat

[2009/08/01 23:30:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2008/01/26 06:11:21 | 000,002,188 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\erdnt\cache86\explorer.exe

[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe

[2009/04/11 02:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 01:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >

[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache86\svchost.exe

[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe

[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\erdnt\cache64\svchost.exe

[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe

[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >

[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache86\userinit.exe

[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\erdnt\cache64\userinit.exe

[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\erdnt\cache64\winlogon.exe

[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009/04/11 02:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009/04/11 01:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

:)

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

ran ESET before leaving for work . Son came home and saw notes on comp(do not use). He says the comp had gone to BSOD so he rebooted comp and redid the scan but left "remove found threats" ticked. I do not know if he made sure the other 3 were ticked. The results are below --- should I redo scan again?

results

C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined

C:\Users\Owner\Desktop\Download Dump\asc-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

C:\Users\Owner\Desktop\Download Dump\frostwire-5.1.3.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\_OTL\MovedFiles\11122012_200427\C_Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hew9yris.default\extensions\obmfbglyzf@obmfbglyzf.org.xpi JS/Redirector.NCA trojan deleted - quarantined

MWB scan results (run before ESET)

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.14.04

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

11/14/2012 7:58:04 AM

mbam-log-2012-11-14 (07-58-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226188

Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.