Jump to content

Exterminate It


Jack421

Recommended Posts

Yeah I downloaded Exterminate It In A Panic trying to remove a crawler. In any event I read on a thread here that Exterminate It has a Mumboy Trojan as Rogue Software. Please Help me remove this threat.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:18:02 AM, on 9/6/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Online Armor\oaui.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Online Armor\OAhlp.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\WerFault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60347

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101727&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [iCall Internet Phone] "C:\Program Files\iCall\iCall.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8124 bytes

P.S. I would have just uploaded the Hijack This but my browser would not let me

Link to post
Share on other sites

Hello ,

And :blink: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello ,

And :blink: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

OTL logfile created on: 9/6/2010 11:35:54 AM - Run 2

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Megatron\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 19.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 38.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.49 Gb Total Space | 93.41 Gb Free Space | 67.94% Space Free | Partition Type: NTFS

Drive D: | 11.55 Gb Total Space | 1.99 Gb Free Space | 17.21% Space Free | Partition Type: NTFS

Drive E: | 4.21 Gb Total Space | 3.92 Gb Free Space | 93.22% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MEGATRON-PC

Current User Name: Megatron

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/06 11:18:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Megatron\Downloads\OTL.exe

PRC - [2010/09/06 09:23:39 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\575b2b89-df51-4c6c-b4e6-eb0fcba0615d.com

PRC - [2010/09/05 00:08:50 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2010/08/30 02:29:04 | 001,627,984 | ---- | M] (Trend Micro Inc.) -- C:\Users\Megatron\AppData\Local\Temp\HouseCall\housecall.bin

PRC - [2010/08/27 15:22:00 | 002,356,848 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe

PRC - [2010/08/27 15:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe

PRC - [2010/08/27 15:21:58 | 000,969,944 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe

PRC - [2010/08/27 15:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe

PRC - [2010/07/22 19:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/12/18 15:44:40 | 001,587,576 | ---- | M] () -- C:\Program Files\iCall\iCall.exe

PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/09/15 01:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe

========== Modules (SafeList) ==========

MOD - [2010/09/06 11:18:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Megatron\Downloads\OTL.exe

MOD - [2010/08/27 15:22:02 | 001,087,400 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oawatch.dll

MOD - [2009/04/10 23:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IPHLPAPI.DLL

MOD - [2009/04/10 23:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc6.dll

MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2008/01/20 19:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winnsi.dll

MOD - [2008/01/20 19:24:46 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wtsapi32.dll

MOD - [2008/01/20 19:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx

MOD - [2008/01/20 19:24:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmapi.dll

MOD - [2008/01/20 19:23:45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsock32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/27 15:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2010/08/27 15:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)

SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)

SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)

SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbstor.sys -- (USBSTOR)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)

DRV - [2010/08/27 15:22:36 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\oahlp32.sys -- (oahlpXX)

DRV - [2010/08/27 15:22:16 | 000,029,120 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\OAnet.sys -- (OAnet)

DRV - [2010/08/27 15:22:16 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\OAmon.sys -- (OAmon)

DRV - [2010/08/27 15:22:14 | 000,201,168 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\OADriver.sys -- (OADevice)

DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/06/28 13:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/05/27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/12/07 09:49:26 | 000,017,664 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\EnumProcessesDriver.sys -- (EnumProcessesDriver)

DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/05/07 00:04:50 | 000,157,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/09/09 00:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/05/30 16:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)

DRV - [2007/02/16 01:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 00:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)

DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2587209427-759202388-864072799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKU\S-1-5-21-2587209427-759202388-864072799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101727&l=dis

IE - HKU\S-1-5-21-2587209427-759202388-864072799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2587209427-759202388-864072799-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2587209427-759202388-864072799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.6

FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}:1.5

FF - prefs.js..extensions.enabledItems: VacuumPlacesImproved@lultimouomo-gmail.com:1.1

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.11

FF - prefs.js..extensions.enabledItems: afom@idevfh:2.0

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {E5C20E23-9BBF-4a06-AC43-277382EF1B43}:2.7.0.37

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{E5C20E23-9BBF-4a06-AC43-277382EF1B43}: C:\Program Files\Comodo\VEngine\VerificationEngine_ff3_6 [2010/09/05 00:13:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/05 10:30:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010/09/05 12:59:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010/09/05 00:04:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/04 10:17:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/05 12:59:48 | 000,000,000 | ---D | M]

[2010/09/04 08:39:31 | 000,000,000 | ---D | M] -- C:\Users\Megatron\AppData\Roaming\Mozilla\Extensions

[2010/09/06 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions

[2010/09/04 10:23:57 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/09/05 09:48:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/09/04 10:23:56 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2010/09/04 10:23:57 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}

[2010/09/04 10:24:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/04 10:23:56 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}

[2010/09/04 10:24:04 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/09/04 10:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/09/04 10:23:47 | 000,000,000 | ---D | M] -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\afom@idevfh

[2010/09/04 10:23:55 | 000,000,000 | ---D | M] -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\optout@dubfire.net

[2010/09/04 10:24:02 | 000,000,000 | ---D | M] -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\smarterwiki@wikiatic.com

[2010/09/04 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\Megatron\AppData\Roaming\Mozilla\Firefox\Profiles\sjyerqrc.default\extensions\VacuumPlacesImproved@lultimouomo-gmail.com

[2010/09/04 18:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/04 18:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/04 18:23:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/09/05 12:59:08 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/09/06 09:31:17 | 000,000,698 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Comodo VerificationEngine) - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\COMODO\VEngine\VEngineIE32.dll (Comodo CA Ltd.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2587209427-759202388-864072799-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Health Check Scheduler] File not found

O4 - HKLM..\Run: [hpqSRMon] File not found

O4 - HKLM..\Run: [iCall Internet Phone] C:\Program Files\iCall\iCall.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-2587209427-759202388-864072799-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Megatron\Pictures\Transformers\Decepticons\Triad\Megatron\Megatron--Autobot-Killa-transformers-34968_1024_768.jpg

O24 - Desktop BackupWallPaper: C:\Users\Megatron\Pictures\Transformers\Decepticons\Triad\Megatron\Megatron--Autobot-Killa-transformers-34968_1024_768.jpg

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/28 08:36:28 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/06 08:37:59 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\ComodoGroup

[2010/09/05 20:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!

[2010/09/05 20:02:14 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\HPAppData

[2010/09/05 19:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/09/05 19:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/09/05 18:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock

[2010/09/05 16:38:08 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\CyberLink

[2010/09/05 16:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AppSnap

[2010/09/05 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\AppSnap

[2010/09/05 13:00:46 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Foxit Software

[2010/09/05 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Foxit

[2010/09/05 12:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2010/09/05 11:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/09/05 11:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\ZSoft

[2010/09/05 11:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010/09/05 11:08:43 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys

[2010/09/05 10:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor

[2010/09/05 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\OnlineArmor

[2010/09/05 10:33:10 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll

[2010/09/05 10:33:10 | 000,045,568 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys

[2010/09/05 10:33:10 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys

[2010/09/05 10:33:06 | 000,043,008 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys

[2010/09/05 10:02:54 | 011,285,608 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Megatron\Documents\winamp5581_full_emusic-7plus_en-us.exe

[2010/09/05 09:46:14 | 001,989,684 | ---- | C] (Roman Scherzer) -- C:\Users\Megatron\Documents\cmp3135c_32.exe

[2010/09/05 09:22:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2010/09/05 08:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2010/09/05 08:08:41 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/09/05 08:03:38 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\K-Meleon

[2010/09/05 08:02:43 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\K-Meleon

[2010/09/05 00:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2010/09/05 00:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/09/05 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\uTorrent

[2010/09/05 00:05:49 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\IObit

[2010/09/05 00:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2010/09/05 00:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\K-Meleon

[2010/09/05 00:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\NETEagle

[2010/09/04 23:40:04 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\.freeciv

[2010/09/04 23:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.2.2-gtk2

[2010/09/04 23:37:04 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp

[2010/09/04 23:37:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2010/09/04 23:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/09/04 23:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/09/04 23:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/09/04 23:26:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2010/09/04 23:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2010/09/04 23:19:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\romcenter

[2010/09/04 23:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Romcenter

[2010/09/04 22:43:01 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\Logs

[2010/09/04 22:38:31 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\OpenOffice.org

[2010/09/04 22:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/09/04 22:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/09/04 22:24:13 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\OpenOffice.org 3.2 (en-US) Installation Files

[2010/09/04 19:34:44 | 000,000,000 | ---D | C] -- C:\OESISDiagnose

[2010/09/04 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\LDW

[2010/09/04 18:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/09/04 15:51:09 | 001,061,888 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe

[2010/09/04 15:51:05 | 000,475,648 | ---- | C] (J.C. Kessels) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr

[2010/09/04 15:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\MyDefrag v4.3.1

[2010/09/04 15:18:47 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\SUPERAntiSpyware.com

[2010/09/04 15:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/09/04 14:23:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2010/09/04 14:23:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2010/09/04 14:23:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2010/09/04 14:02:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2010/09/04 13:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2010/09/04 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/09/04 13:03:45 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Malwarebytes

[2010/09/04 13:03:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/04 13:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/04 13:03:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/04 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/04 11:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler

[2010/09/04 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/09/04 10:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/09/04 10:24:12 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Abine

[2010/09/04 10:24:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\IDEVFH

[2010/09/04 10:17:43 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Outertech

[2010/09/04 10:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\AskBarDis

[2010/09/04 10:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\GetDiz

[2010/09/04 10:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\iCall

[2010/09/04 09:51:17 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Google

[2010/09/04 09:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/09/04 09:51:04 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2010/09/04 09:51:01 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys

[2010/09/04 09:51:00 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2010/09/04 09:50:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2010/09/04 09:50:54 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2010/09/04 09:49:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr

[2010/09/04 09:49:51 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2010/09/04 09:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/09/04 09:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/09/04 09:33:55 | 000,029,120 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys

[2010/09/04 09:33:55 | 000,025,000 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys

[2010/09/04 09:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor

[2010/09/04 09:28:06 | 000,000,000 | ---D | C] -- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP

[2010/09/04 09:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com

[2010/09/04 08:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/09/04 08:39:16 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Mozilla

[2010/09/04 08:39:16 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Mozilla

[2010/09/04 08:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/09/04 08:36:57 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Hewlett-Packard

[2010/09/04 07:19:58 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\Games

[2010/09/04 07:10:35 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Microsoft Games

[2010/09/04 06:55:12 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\Computer Information

[2010/09/04 06:50:35 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\Resume

[2010/09/04 06:49:00 | 000,000,000 | ---D | C] -- C:\Users\Megatron\Documents\Personal Files

[2010/09/04 06:47:59 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Adobe

[2010/09/04 06:47:58 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Adobe

[2010/09/04 06:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion

[2010/09/04 06:33:10 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Yahoo!

[2010/09/04 06:30:10 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\WildTangent

[2010/09/04 06:25:23 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\QuickPlay

[2010/09/04 06:25:14 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Symantec

[2010/09/04 06:24:28 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Searches

[2010/09/04 06:24:18 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Identities

[2010/09/04 06:24:16 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Contacts

[2010/09/04 06:24:14 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\VirtualStore

[2010/09/04 06:23:45 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Macromedia

[2010/09/04 06:20:50 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Hewlett-Packard

[2010/09/04 06:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/09/04 06:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2010/09/04 06:18:42 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Downloaded Installations

[2010/09/04 06:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2010/09/04 06:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\HPQ

[2010/09/04 06:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe

[2010/09/04 06:11:43 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\InstallShield

[2010/09/04 06:11:39 | 000,000,000 | --SD | C] -- C:\Users\Megatron\AppData\Roaming\Microsoft

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Videos

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Saved Games

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Pictures

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Music

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Links

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Favorites

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Downloads

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Documents

[2010/09/04 06:11:39 | 000,000,000 | R--D | C] -- C:\Users\Megatron\Desktop

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\AppData\Local\Temporary Internet Files

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Templates

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Start Menu

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\SendTo

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Recent

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\PrintHood

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\NetHood

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Documents\My Videos

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Documents\My Pictures

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Documents\My Music

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\My Documents

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Local Settings

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\AppData\Local\History

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Cookies

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\Application Data

[2010/09/04 06:11:39 | 000,000,000 | -HSD | C] -- C:\Users\Megatron\AppData\Local\Application Data

[2010/09/04 06:11:39 | 000,000,000 | -H-D | C] -- C:\Users\Megatron\AppData

[2010/09/04 06:11:39 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Temp

[2010/09/04 06:11:39 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Local\Microsoft

[2010/09/04 06:11:39 | 000,000,000 | ---D | C] -- C:\Users\Megatron\AppData\Roaming\Media Center Programs

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop

[2010/09/04 06:08:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

[2010/09/04 06:07:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/06 11:35:36 | 001,835,008 | -HS- | M] () -- C:\Users\Megatron\NTUSER.DAT

[2010/09/06 10:56:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/06 10:33:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/06 10:33:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/06 10:16:45 | 000,002,529 | ---- | M] () -- C:\Users\Megatron\Desktop\HiJackThis.lnk

[2010/09/06 09:56:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/06 09:31:17 | 000,000,698 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS

[2010/09/06 09:23:45 | 000,001,818 | ---- | M] () -- C:\Users\Megatron\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/09/06 09:00:01 | 000,002,407 | ---- | M] () -- C:\Users\Megatron\Desktop\regedit - Shortcut.lnk

[2010/09/06 08:35:26 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2010/09/06 08:33:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/06 08:33:16 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/06 08:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/06 08:33:07 | 1005,379,584 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/05 22:11:52 | 000,524,288 | -HS- | M] () -- C:\Users\Megatron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/09/05 22:11:52 | 000,065,536 | -HS- | M] () -- C:\Users\Megatron\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/09/05 22:11:30 | 002,413,605 | -H-- | M] () -- C:\Users\Megatron\AppData\Local\IconCache.db

[2010/09/05 20:16:36 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk

[2010/09/05 20:13:10 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/05 20:13:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/05 20:13:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/05 18:26:17 | 000,000,886 | ---- | M] () -- C:\Users\Megatron\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerBlock.lnk

[2010/09/05 18:26:17 | 000,000,862 | ---- | M] () -- C:\Users\Megatron\Desktop\PeerBlock.lnk

[2010/09/05 13:00:02 | 000,001,047 | ---- | M] () -- C:\Users\Megatron\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2010/09/05 13:00:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2010/09/05 11:32:46 | 000,000,942 | ---- | M] () -- C:\Users\Megatron\Desktop\ZSoft Uninstaller.lnk

[2010/09/05 11:32:19 | 000,001,057 | ---- | M] () -- C:\Users\Megatron\Desktop\Revo Uninstaller.lnk

[2010/09/05 11:30:46 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Cloud Scanner.lnk

[2010/09/05 11:08:15 | 000,000,036 | ---- | M] () -- C:\Users\Megatron\AppData\Local\housecall.guid.cache

[2010/09/05 10:31:30 | 000,023,090 | ---- | M] () -- C:\Windows\hpqins15.dat

[2010/09/05 10:11:08 | 011,285,608 | ---- | M] (Nullsoft, Inc.) -- C:\Users\Megatron\Documents\winamp5581_full_emusic-7plus_en-us.exe

[2010/09/05 10:01:58 | 000,140,064 | ---- | M] () -- C:\Users\Megatron\Documents\emulamenu.zip

[2010/09/05 09:57:46 | 000,841,375 | ---- | M] () -- C:\Users\Megatron\Documents\GoodSNES_204.zip

[2010/09/05 09:57:30 | 000,797,815 | ---- | M] () -- C:\Users\Megatron\Documents\GoodNES_201.zip

[2010/09/05 09:57:14 | 000,282,795 | ---- | M] () -- C:\Users\Megatron\Documents\GoodGG_313.zip

[2010/09/05 09:57:03 | 000,535,292 | ---- | M] () -- C:\Users\Megatron\Documents\GoodGen_300.zip

[2010/09/05 09:56:49 | 000,297,166 | ---- | M] () -- C:\Users\Megatron\Documents\GoodSMS_313.zip

[2010/09/05 09:46:27 | 001,989,684 | ---- | M] (Roman Scherzer) -- C:\Users\Megatron\Documents\cmp3135c_32.exe

[2010/09/05 09:45:11 | 000,251,707 | ---- | M] () -- C:\Users\Megatron\Documents\IPSWin20.zip

[2010/09/05 09:43:32 | 000,000,860 | ---- | M] () -- C:\Users\Megatron\Desktop\RomCenter.lnk

[2010/09/05 09:31:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2010/09/05 09:31:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/09/05 09:30:30 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/05 08:33:46 | 000,027,620 | ---- | M] () -- C:\Users\Megatron\AppData\Roaming\nvModes.001

[2010/09/05 07:55:28 | 000,331,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/09/05 00:17:26 | 000,001,038 | ---- | M] () -- C:\Users\Megatron\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk

[2010/09/05 00:17:26 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2010/09/05 00:14:10 | 000,001,841 | ---- | M] () -- C:\Users\Megatron\Desktop\Comodo Verification Engine.lnk

[2010/09/05 00:08:50 | 000,000,776 | ---- | M] () -- C:\Users\Megatron\Application Data\Microsoft\Internet Explorer\Quick Launch\

Link to post
Share on other sites

OTL Extras logfile created on: 9/6/2010 1:22:59 PM - Run 3

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Megatron\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 24.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 40.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.49 Gb Total Space | 92.78 Gb Free Space | 67.48% Space Free | Partition Type: NTFS

Drive D: | 11.55 Gb Total Space | 1.99 Gb Free Space | 17.21% Space Free | Partition Type: NTFS

Drive E: | 4.21 Gb Total Space | 3.92 Gb Free Space | 93.22% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MEGATRON-PC

Current User Name: Megatron

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = K-Meleon.HTML] -- C:\Program Files\K-Meleon\K-Meleon.exe (http://kmeleon.sf.net/)

.ini [@ = GetDiz.Document] -- C:\Program Files\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

.txt [@ = GetDiz.Document] -- C:\Program Files\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)

https [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05227444-FC40-4E96-BCF1-CA355AF5CED7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{124064A0-5344-47A4-AD36-779ADCE9EBBC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{13011C27-5CD3-441A-AADA-44C355352E28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{160B78B5-1770-4731-AB98-486DDF4DBD11}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{2AFCCDFB-BEE9-4CE9-AC69-A4B8A5784B26}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{350AA592-DE8E-4B7A-ABA0-D32EC542D437}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{383ECF14-45E7-4209-8BD9-5022418927DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{4362EA95-1211-4949-8BBA-CB3B36CB1873}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{4AB68D69-E3ED-4DDD-81D2-53CC833142F2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{57CEB694-050D-4676-A623-866C95ECA0ED}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{643BFDDC-86BC-4558-A4AB-4BA569C69A50}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{66BB8E2F-F026-401C-9D19-B7937F5F0F76}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{74770D57-EAFD-42BD-91BB-133C9E655662}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{97D1ADED-2927-4CA8-B915-097F35CA393E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B5438BA4-48F2-4398-99DB-7CC48BD84620}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{BB9C88B4-5F95-4BBB-8446-156643DB94B3}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{D222E13B-1E34-417D-966F-C8BF8100B85D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{E359DF08-EE2E-4EDA-B5C0-58CA08855550}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{E397F212-D621-438E-9052-6C02232847F5}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{EBFA703D-54BC-40FA-9ACA-776A53659101}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{FA34A53E-9A22-4264-9737-6CF35E41D8D4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims

Link to post
Share on other sites

I have several problems one my voip is not making calls and I installed crawler toolbar by accident and a program called Exterminate It to get rid of the crawler. I saw on a thread here that Exterminate It is rouge software that places a humboy trojan on your computer.

Link to post
Share on other sites

Hi, I have no experience with BO Cleaner, however, it seems an antispyware application, whereas avast is an antivirus, which means the two should not conflict with eachother. However, that is in theory, it doesn't mean it isn't possible. :blink:

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.