Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus cannot be removed


  • This topic is locked This topic is locked

#1
Greenybaby

Greenybaby

    New Member

  • Member
  • Pip
  • 7 posts
Hi,

I recently swapped my laptop and today I decided I was going to clear out all the previous owners stuff to free up some space, i ran a defrag program first and cleared 30gb of junk then proceeded to uninstall some programs i did not need, one of the programs was called smart shopper and i was unable to remove it, my AVG alerted me of a threat associated with the program so i moved it to the vault, upon moving it i ran another scan and it came up clean, but when i ran spybot search and destroy it along with some other problems appeared, so i clicked fix problems and most were removed but this smart shopper is still there, it says i cannot fix it until i run as an admin but i am the admin and right clicking the fix button does not give me any options to run as admin. There also seems to be a problem with some program called click potato


Here is a screen shot of spybots results after i fixed the problems spybot.jpg

Here is my OTL report, it actually gave me two windows of txt which look pretty much the same but i shall post both just in case there is something extra there that may be of use


OTL logfile created on: 29/05/2011 22:21:39 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 37.60% Memory free
6.09 Gb Paging File | 3.84 Gb Available in Paging File | 63.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 82.16 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive F: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KAREN | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/29 22:21:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
PRC - [2011/05/29 21:13:37 | 000,526,512 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
PRC - [2011/05/20 06:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/13 16:31:53 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/11/17 15:23:58 | 003,965,680 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
PRC - [2009/11/17 15:13:48 | 000,667,648 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/01/12 15:16:04 | 000,462,848 | ---- | M] (Notso Software) -- C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe


========== Modules (SafeList) ==========

MOD - [2011/05/29 22:21:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/30 22:27:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/01/30 00:38:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/10 13:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008/09/04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/06/10 19:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 17:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 18:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/04/27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...earch.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-GB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/05/23 19:00:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011/03/07 19:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011/03/07 19:23:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 10:18:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/10 19:03:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/28 22:41:04 | 000,000,000 | ---D | M]

[2009/01/29 00:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2011/02/03 11:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions
[2009/07/05 16:39:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/17 22:15:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/30 00:39:33 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]
[2009/01/29 00:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]
[2010/01/30 00:39:14 | 000,002,055 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\searchplugins\daemon-search.xml
[2011/04/14 09:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/12 22:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 16:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/14 09:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/01/29 00:38:11 | 000,000,000 | ---D | M] (Yahoo! UK&Ireland Toolbar and Extras) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/05/11 10:18:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/23 19:00:12 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="7.004.022.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/03/07 19:23:15 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.666.0\FIREFOX\EXTENSIONS
[2011/03/07 19:23:05 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
[2011/03/02 01:48:22 | 000,070,448 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/02/03 22:08:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/02/03 22:08:57 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/02/03 22:08:57 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/02/03 22:08:57 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MFARestart] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DriveDiscoveryMemoryResident] C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe (Notso Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/30 21:05:12 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/07/31 21:16:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/03/20 18:20:32 | 000,027,750 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/11/17 15:01:12 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 21:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/29 21:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/05/29 21:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/28 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Downloaded Installations
[2011/05/28 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\HBLite
[2011/05/27 11:56:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4D9D0998-4339-4A08-B0AC-743EDF19EB60}
[2011/05/26 23:55:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{13F4CDA7-2DDD-427F-AE19-E9CBF13EB490}
[2011/05/22 21:53:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\My Collages
[2011/05/22 21:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LumaPix
[2011/05/22 21:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LumaPix
[2011/05/22 21:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\LumaPix
[2011/05/22 21:05:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EBAF8293-8AD9-4B5A-A4AF-A1C1168D9694}
[2011/05/22 20:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4600 series
[2011/05/18 18:17:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9F9772CD-D81E-49D0-94C9-59C26AB6AD88}
[2011/05/17 20:17:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EA369293-3AF8-4799-9860-BC52B6D53A72}
[2011/05/12 22:05:53 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B0891387-738C-4F04-AF69-BC47B525CF22}
[2011/05/10 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B3E99315-5314-481F-A03A-AC9DD50F662B}
[2011/05/09 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3F26D769-F805-45F8-89FF-CBB0AE5B4AD5}
[2011/05/06 16:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2011/05/06 16:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Up
[2011/05/06 16:33:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\FrostWire
[2011/05/06 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\OpenCandy
[2011/05/06 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\FrostWire
[2011/05/06 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\OpenCandy
[2011/05/06 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/05/06 16:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/05/06 16:28:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\uTorrent
[2011/05/03 21:31:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BFA86B0D-C2BC-4B08-88D4-D6FA1C83BE05}
[2011/05/03 09:31:55 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\HpUpdate
[2011/05/03 09:31:51 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/05/03 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BA9C4CAF-4E5E-4C49-8124-A82CF5265603}
[2011/05/02 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{88EF8833-7219-41ED-B4FF-F2A605907191}
[2011/05/01 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A47ECF22-3ABD-4162-9C4B-50E5049CAD99}
[2011/04/30 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{EA5D9C7C-CF45-4864-9469-007E7DC2C06E}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/02/18 13:30:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Robert\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/05/29 21:21:06 | 000,001,039 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/29 21:21:06 | 000,001,015 | ---- | M] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk
[2011/05/29 21:13:35 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/29 20:56:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 20:56:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 19:29:05 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E39D930-9D30-483C-A8BF-32D0A667469D}.job
[2011/05/29 18:42:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 18:41:02 | 000,115,200 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 18:02:57 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 18:02:56 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 17:58:38 | 000,001,044 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\vso_ts_preview.xml
[2011/05/29 13:01:14 | 116,439,227 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/05/29 12:56:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/28 12:42:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 09:32:59 | 000,000,288 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/27 01:36:50 | 3147,001,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 21:02:25 | 000,045,343 | ---- | M] () -- C:\Users\Robert\Documents\Megamind.XtoDVD
[2011/05/26 15:43:14 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/22 21:53:46 | 000,004,943 | ---- | M] () -- C:\ProgramData\pyknfeyt.slj
[2011/05/22 21:51:27 | 000,001,799 | ---- | M] () -- C:\Users\Robert\Desktop\FotoFusion Version 4.lnk
[2011/05/11 10:18:24 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/06 16:33:52 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\PC Speed Up.lnk
[2011/05/06 16:33:15 | 000,000,998 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.6.lnk
[2011/05/06 16:33:15 | 000,000,974 | ---- | M] () -- C:\Users\Robert\Desktop\FrostWire 4.21.6.lnk
[2011/05/04 20:54:46 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/30 11:46:08 | 000,319,517 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2011/05/29 21:21:06 | 000,001,039 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/29 21:21:06 | 000,001,015 | ---- | C] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk
[2011/05/26 21:02:24 | 000,045,343 | ---- | C] () -- C:\Users\Robert\Documents\Megamind.XtoDVD
[2011/05/22 21:53:46 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2011/05/22 21:51:27 | 000,001,799 | ---- | C] () -- C:\Users\Robert\Desktop\FotoFusion Version 4.lnk
[2011/05/06 16:33:52 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\PC Speed Up.lnk
[2011/05/06 16:33:15 | 000,000,998 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.6.lnk
[2011/05/06 16:33:15 | 000,000,974 | ---- | C] () -- C:\Users\Robert\Desktop\FrostWire 4.21.6.lnk
[2011/05/04 20:54:46 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/04 20:54:46 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/01/21 22:54:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/12 17:18:33 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/10/28 22:49:28 | 000,000,004 | ---- | C] () -- C:\Windows\info147.sys
[2010/10/15 22:52:48 | 000,696,320 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010/10/15 22:52:48 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/11/25 17:13:26 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2009/09/14 21:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/14 21:53:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/21 22:27:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/02/21 22:27:37 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/21 22:27:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/21 22:27:36 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/02/21 22:27:35 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/18 13:31:19 | 000,001,044 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\vso_ts_preview.xml
[2009/02/18 13:30:12 | 000,087,608 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\inst.exe
[2009/02/18 13:30:12 | 000,007,887 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\pcouffin.cat
[2009/02/18 13:30:12 | 000,001,144 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\pcouffin.inf
[2009/01/15 12:20:38 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\wklnhst.dat
[2008/12/31 23:26:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/12/26 19:05:46 | 000,115,200 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/25 10:18:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/31 21:39:55 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/06/12 19:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 19:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 18:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,310,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/01/30 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Autodesk
[2010/11/27 12:54:56 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\AVG10
[2011/01/26 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Birdstep Technology
[2009/02/02 17:36:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canneverbe_Limited
[2010/01/30 00:45:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DAEMON Tools Lite
[2009/12/11 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Datel
[2011/05/29 16:24:18 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FrostWire
[2010/02/28 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\funkitron
[2010/12/01 03:21:00 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\GHISLER
[2010/01/30 00:21:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ImgBurn
[2010/10/15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\iolo
[2009/01/16 00:43:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LG Electronics
[2009/04/14 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LimeWire
[2009/01/06 17:44:40 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\muvee Technologies
[2010/10/17 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\My Games
[2011/05/06 16:33:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\OpenCandy
[2011/02/02 23:54:43 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Opera
[2009/03/20 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PlayFirst
[2011/03/07 19:23:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ShopperReports3
[2009/01/15 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Template
[2011/05/29 16:02:28 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\uTorrent
[2011/05/29 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\VSO
[2008/12/25 12:07:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WildTangent
[2011/05/27 01:35:13 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/29 19:29:05 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E39D930-9D30-483C-A8BF-32D0A667469D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:61A065F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0CE7F3C9

< End of report >

Second window


OTL Extras logfile created on: 29/05/2011 22:21:39 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Robert\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 37.60% Memory free
6.09 Gb Paging File | 3.84 Gb Available in Paging File | 63.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 82.16 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.67 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive F: | 25.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KAREN | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{306E27E8-B815-416A-AC2A-C7AF9E60C894}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6F120660-C9E1-4F0A-865A-F8485CA0090A}" = rport=138 | protocol=17 | dir=out | app=system |
"{81E400A5-9CB8-49E3-B7A0-D51BA770ABE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98C71C32-D51F-4D47-800B-1E4E977E2991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9BF8EB97-2EEC-4D4D-8218-0F7943159E29}" = lport=139 | protocol=6 | dir=in | app=system |
"{B20C3755-CF35-41F0-A3A7-E564BE4FB46A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BD2BCB9D-7DA9-42F2-848A-0662F3487398}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD9A1185-8133-4476-943F-82760EA26608}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0F39D83-6525-4EA3-A111-237D43BAE9A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6C03D95-A497-47D8-B31F-DDC7B34EF21B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E69A8B7D-4EC3-4AD1-82D9-64514434FC6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EBEE95AA-D57B-4884-8585-FFC923979A77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EF498D84-6C9D-4526-BE36-28747CA2F445}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2F7DB99-264E-47C5-AC0B-546B1F9D7377}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE74565-168B-4C9A-9BE2-FF0632788705}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{1DF6C0BD-5FDD-413B-83E8-53D8391D079A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{295C0D79-A85C-4729-A28C-649ECFE6D9EE}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{2A1A26BC-27F3-45D2-B5E7-24984FE62AEA}" = protocol=58 | dir=in | [email protected],-28545 |
"{2EB49906-BB4C-4A48-B773-52CA056AE893}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{384539A8-CC86-4B1D-B1E7-86611AD45968}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3C8BB206-A801-4D20-9DD2-17110700A4BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4650BBCB-E0DC-475D-8974-8614F5478110}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{54E96A9F-BEE7-4321-AA6F-DED5784BE44F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{556F1D42-BC25-4A94-9806-8DCB6CD6DB2B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{56FE63C0-17E1-43AE-B70A-C29C6F278CFD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{59190D44-013C-445C-A5FF-35413655653A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5A2A2E87-F0BA-43FC-AB8A-FAED747652EC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5D3C8BB8-302F-4C48-AC26-1189B85DA68F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5E9992C8-0E91-4ABC-8E61-94F91A0A5425}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{656F1FD8-4B8B-4E78-B2F6-2C440BB107A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{6B8C902A-7B84-4A93-BBD9-51C8B4E42886}" = protocol=1 | dir=out | [email protected],-28544 |
"{6CEED97B-5795-47F3-8669-B8EF019EC918}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6E7672F1-1095-4CF7-B6CC-7E080B79BEB6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6F9466CE-80AB-44F3-93D5-B1B4F4417BAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82963F32-F354-4F18-8163-485006FA60BA}" = protocol=58 | dir=out | [email protected],-28546 |
"{8673333D-AE31-44D7-A1CE-45DE4E4A3338}" = protocol=1 | dir=in | [email protected],-28543 |
"{8A09419F-7799-4499-B9FD-D85E078C393C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8AFF948B-0FD3-472C-8FE6-63DA4076B68A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9A55CE8D-1839-4EA5-86E5-49EC9F22D42B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{9A721D79-5369-42F0-A397-58071C79F966}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9CF8D578-E11D-4B43-AFD3-A8BEA2450411}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A0A17ED1-96DD-4161-B049-52312525883C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A2D53F8C-F97A-456F-9170-C40A549B8F7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A47C38C4-7F30-4BF4-95F1-93E4546871B1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B961ED62-5CB9-4AAB-A085-4FDD8E7B62BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{CA94C26A-E476-4A05-AF1D-65178E3C1C66}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D504B048-768F-4475-AD10-103ADF0220FD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D9C22CDF-6293-4F70-B6DD-98177C24D483}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E13B0A43-5859-4893-9207-5D2059B9C713}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F335FF38-4D24-4598-A46E-C1EAA2980C77}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F53E7E5C-361C-437A-BB27-EF9FC22AAAE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F9D3082C-4DA8-4A80-AE9E-A3B5EA8FE58F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FD3E9B20-F7A7-461D-A881-E3304B5B30C7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FF9AFC6E-A992-4127-B378-FB8077123CF9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{165DCF8F-A465-471C-BC77-E30CA4109D77}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{35884FC6-BD38-4801-8F17-F95258E74B76}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D121A3AB-8897-4D0E-BD72-5F8E0E50BE01}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{F2A512CA-183A-4F13-9432-9EB1F5012DE7}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{40E80DE8-6354-4151-BDB8-40F53988C4AE}C:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{5135DF79-77EB-4D1A-BF27-C8D4BDFD3463}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{99CBE936-9AFD-452F-9396-94C23D348FCF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{EFF45C51-CDAC-4D68-8479-F0E07C4C261F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.5.5c
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.7.121
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A42F0E9F-22CD-4735-8C42-4A68AEFB714C}" = XBOX 360 Xploder Cheat Saves
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.7.343
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"[email protected] UNDELETE Enterprise (Network Edition) " = [email protected] UNDELETE Enterprise (Network Edition)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe® Flash® Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AlaskanStorm" = Deadliest Catch Alaskan Storm
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"AVG" = AVG 2011
"BFGC" = Big Fish Games Client
"ClickPotatoLiteSA" = ClickPotato
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"FrostWire" = FrostWire 4.21.6
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MS Access 97 SP2" = MS Access 97 SP2
"PK-PCSU_is1" = PC Speed Up
"Recuva" = Recuva (remove only)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VueScan" = VueScan
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/05/2011 10:28:06 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =

Error - 16/05/2011 10:26:12 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =

Error - 17/05/2011 09:04:16 | Computer Name = Robbie | Source = RasClient | ID = 20227
Description =

Error - 17/05/2011 09:04:23 | Computer Name = Robbie | Source = RasClient | ID = 20227
Description =

Error - 18/05/2011 11:03:18 | Computer Name = Robbie | Source = Application Hang | ID = 1002
Description = The program WilogApp.exe version 2.7.2.89 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17e8 Start Time: 01cc146eb2b7a680 Termination Time: 10

Error - 22/05/2011 16:04:43 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =

Error - 26/05/2011 12:00:51 | Computer Name = Robbie | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c08 Start Time: 01cc18bb4b495eed Termination Time: 0

Error - 26/05/2011 12:07:07 | Computer Name = Robbie | Source = WinMgmt | ID = 10
Description =

Error - 26/05/2011 13:21:21 | Computer Name = Karen | Source = WinMgmt | ID = 10
Description =

Error - 27/05/2011 04:32:18 | Computer Name = Karen | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 26/05/2011 12:00:29 | Computer Name = Robbie | Source = Service Control Manager | ID = 7011
Description =

Error - 26/05/2011 12:05:49 | Computer Name = Robbie | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:03:18 on 26/05/2011 was unexpected.

Error - 26/05/2011 12:07:09 | Computer Name = Robbie | Source = Service Control Manager | ID = 7000
Description =

Error - 26/05/2011 13:21:22 | Computer Name = Karen | Source = Service Control Manager | ID = 7000
Description =

Error - 26/05/2011 13:21:22 | Computer Name = Karen | Source = Service Control Manager | ID = 7026
Description =

Error - 27/05/2011 04:32:20 | Computer Name = Karen | Source = Service Control Manager | ID = 7000
Description =

Error - 27/05/2011 04:32:20 | Computer Name = Karen | Source = Service Control Manager | ID = 7026
Description =

Error - 29/05/2011 15:22:12 | Computer Name = Karen | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 29/05/2011 16:13:30 | Computer Name = Karen | Source = DCOM | ID = 10016
Description =

Error - 29/05/2011 16:13:30 | Computer Name = Karen | Source = DCOM | ID = 10016
Description =


< End of report >

Any help is greatly appreciated :)
  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
    FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
    FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.0
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011/03/07 19:23:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011/03/07 19:23:15 | 000,000,000 | ---D | M]
    [2010/01/30 00:39:33 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]
    [2010/01/30 00:39:14 | 000,002,055 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\searchplugins\daemon-search.xml
    [2011/03/07 19:23:15 | 000,000,000 | ---D | M] (ClickPotatoLite Component) -- C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.666.0\FIREFOX\EXTENSIONS
    [2011/03/07 19:23:05 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
    [2011/03/02 01:48:22 | 000,070,448 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
    O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
    O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
    O33 - MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\Shell - "" = AutoRun
    O33 - MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\Shell - "" = AutoRun
    O33 - MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/11/18 15:18:22 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
    [2011/05/28 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\HBLite
    [2011/03/07 19:23:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\ShopperReports3
    
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\ShopperReports3
    C:\Program Files\ClickPotatoLite
    C:\Program Files\DAEMON Tools Toolbar
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



If ComboFix asks you to uninstall AVG, please do so. I'll then tell you when you can reinstall it again.
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Greenybaby

Greenybaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything was running smoothly until i temporarily disabled AVG, a prompt came up advising me it was still on so I enabled and disabled it along with my firewall but the prompt is still popping up with no option to continue :)

I did however get this report when the laptop rebooted after entering the code into OTL


All processes killed
========== OTL ==========
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
Prefs.js: [email protected]:3.0.517.0 removed from extensions.enabledItems
Prefs.js: [email protected]:10.0.0.0 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins folder moved successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions folder moved successfully.
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]\components\Resources folder moved successfully.
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected]\chrome folder moved successfully.
Folder move failed. C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected] scheduled to be moved on reboot.
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\searchplugins\daemon-search.xml moved successfully.
Folder C:\PROGRAM FILES\CLICKPOTATOLITE\BIN\10.0.666.0\FIREFOX\EXTENSIONS\ not found.
Folder C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS\ not found.
C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47fd-81F3-EE91287F9465}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465}\ deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ not found.
C:\Program Files\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSABHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
File C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
File C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c761cd-edbd-11df-bbd4-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c761dd-edbd-11df-bbd4-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f5c740-6673-11e0-b092-d57e4f88cc9c}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a799131-eea1-11df-908f-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a799131-eea1-11df-908f-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a799131-eea1-11df-908f-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e60433-f100-11df-9d4b-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91e60433-f100-11df-9d4b-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91e60433-f100-11df-9d4b-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0eb7b6c-11b6-11de-b5dd-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0eb7b6f-11b6-11de-b5dd-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c66e1a7f-3e0d-11e0-83c2-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0de1a3d-2984-11e0-8f15-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b61c2d-02b2-11de-8331-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b61c53-02b2-11de-8331-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b61c53-02b2-11de-8331-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b61c53-02b2-11de-8331-001d727dbbe5}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b61c5d-02b2-11de-8331-001d727dbbe5}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Folder C:\Program Files\HBLite\ not found.
C:\Users\Robert\AppData\Roaming\ShopperReports3 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Robert\Downloads\cmd.bat deleted successfully.
C:\Users\Robert\Downloads\cmd.txt deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox folder moved successfully.
C:\Program Files\ShopperReports3\bin\3.0.517.0 folder moved successfully.
C:\Program Files\ShopperReports3\bin folder moved successfully.
C:\Program Files\ShopperReports3 folder moved successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox folder moved successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.666.0 folder moved successfully.
C:\Program Files\ClickPotatoLite\bin folder moved successfully.
C:\Program Files\ClickPotatoLite folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 181940 bytes
->Temporary Internet Files folder emptied: 3772426 bytes
->Java cache emptied: 4665 bytes
->FireFox cache emptied: 109662229 bytes
->Flash cache emptied: 5294 bytes

User: Public

User: Robert
->Temp folder emptied: 5609326 bytes
->Temporary Internet Files folder emptied: 548200698 bytes
->Java cache emptied: 9083341 bytes
->FireFox cache emptied: 105159822 bytes
->Google Chrome cache emptied: 362586800 bytes
->Opera cache emptied: 825941 bytes
->Flash cache emptied: 4175556 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110986964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 8795874 bytes
RecycleBin emptied: 248499224 bytes

Total Files Cleaned = 1,447.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Robert
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_190554

Files\Folders moved on Reboot...
C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\extensions\[email protected] folder moved successfully.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
C:\Users\Robert\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\Robert\AppData\Local\Temp\~DF839E.tmp not found!
File\Folder C:\Users\Robert\AppData\Local\Temp\~DF83C2.tmp not found!

Registry entries deleted on Reboot...

Edited by Greenybaby, 30 May 2011 - 12:45 PM.

  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

ComboFix can't run with AVG present on the PC. Temporary disabling AVG doesn't help.

You need to uninstall AVG. I'll tell you when you can reinstall it again. :)

After you've uninstalled it you should be able to run ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:

    Click me

    If you can't disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
Greenybaby

Greenybaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry I presumed i just needed to temporarily disable it :) Anyway I had trouble uninstalling AVG and after several uninstaller program attempts later i managed to get rid of it (although it is still detected) here is the report


ComboFix 11-05-30.04 - Robert 30/05/2011 20:39:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.3002.1725 [GMT 1:00]
Running from: c:\users\Robert\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\users\Robert\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 19:36 . 2011-05-30 19:36 -------- d-----w- c:\program files\VS Revo Group
2011-05-30 19:18 . 2011-05-30 19:18 -------- d-----w- C:\AVGTemp
2011-05-30 18:28 . 2011-05-30 19:37 -------- d-----w- C:\32788R22FWJFW
2011-05-30 18:26 . 2011-05-30 18:26 -------- d-----w- c:\users\Robert\AppData\Local\{38058E8C-6DEC-4C91-98C5-1C2F37FFE562}
2011-05-30 18:05 . 2011-05-30 18:05 -------- d-----w- C:\_OTL
2011-05-29 22:22 . 2011-05-29 22:22 -------- d-----w- c:\users\Robert\AppData\Local\{D46405F3-3B58-41D7-BBD2-D456B1138B09}
2011-05-29 20:20 . 2011-05-29 22:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-29 20:20 . 2011-05-29 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-28 21:37 . 2011-05-28 21:37 -------- d-----w- c:\users\Robert\AppData\Local\Downloaded Installations
2011-05-27 10:56 . 2011-05-28 22:57 -------- d-----w- c:\users\Robert\AppData\Local\{4D9D0998-4339-4A08-B0AC-743EDF19EB60}
2011-05-26 22:55 . 2011-05-26 22:55 -------- d-----w- c:\users\Robert\AppData\Local\{13F4CDA7-2DDD-427F-AE19-E9CBF13EB490}
2011-05-22 20:53 . 2011-05-22 21:01 -------- d-----w- c:\programdata\LumaPix
2011-05-22 20:51 . 2011-05-22 20:51 -------- d-----w- c:\program files\LumaPix
2011-05-22 20:05 . 2011-05-26 10:54 -------- d-----w- c:\users\Robert\AppData\Local\{EBAF8293-8AD9-4B5A-A4AF-A1C1168D9694}
2011-05-18 17:17 . 2011-05-21 21:10 -------- d-----w- c:\users\Robert\AppData\Local\{9F9772CD-D81E-49D0-94C9-59C26AB6AD88}
2011-05-17 19:17 . 2011-05-17 19:17 -------- d-----w- c:\users\Robert\AppData\Local\{EA369293-3AF8-4799-9860-BC52B6D53A72}
2011-05-12 21:05 . 2011-05-16 08:36 -------- d-----w- c:\users\Robert\AppData\Local\{B0891387-738C-4F04-AF69-BC47B525CF22}
2011-05-11 09:23 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 17:51 . 2011-05-12 09:05 -------- d-----w- c:\users\Robert\AppData\Local\{B3E99315-5314-481F-A03A-AC9DD50F662B}
2011-05-10 13:09 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44C0A133-B13C-409A-862E-4939F15AD7BB}\mpengine.dll
2011-05-09 12:08 . 2011-05-09 12:08 -------- d-----w- c:\users\Robert\AppData\Local\{3F26D769-F805-45F8-89FF-CBB0AE5B4AD5}
2011-05-06 15:33 . 2011-05-06 15:35 -------- d-----w- c:\program files\PC Speed Up
2011-05-06 15:33 . 2011-05-06 15:35 -------- d-----w- c:\users\Robert\FrostWire
2011-05-06 15:33 . 2011-05-09 12:05 -------- d-----w- c:\users\Robert\AppData\Local\OpenCandy
2011-05-06 15:33 . 2011-05-29 15:24 -------- d-----w- c:\users\Robert\AppData\Roaming\FrostWire
2011-05-06 15:33 . 2011-05-06 15:33 -------- d-----w- c:\users\Robert\AppData\Roaming\OpenCandy
2011-05-06 15:32 . 2011-05-06 15:33 -------- d-----w- c:\program files\FrostWire
2011-05-06 15:28 . 2011-05-06 15:28 -------- d-----w- c:\users\Robert\AppData\Local\uTorrent
2011-05-03 20:31 . 2011-05-08 00:20 -------- d-----w- c:\users\Robert\AppData\Local\{BFA86B0D-C2BC-4B08-88D4-D6FA1C83BE05}
2011-05-03 08:31 . 2011-05-03 08:32 -------- d-----w- c:\users\Robert\AppData\Roaming\HpUpdate
2011-05-03 08:31 . 2011-05-03 08:31 -------- d-----w- c:\windows\Hewlett-Packard
2011-05-03 08:30 . 2011-05-03 08:31 -------- d-----w- c:\users\Robert\AppData\Local\{BA9C4CAF-4E5E-4C49-8124-A82CF5265603}
2011-05-02 13:21 . 2011-05-02 13:21 -------- d-----w- c:\users\Robert\AppData\Local\{88EF8833-7219-41ED-B4FF-F2A605907191}
2011-05-01 13:21 . 2011-05-02 01:21 -------- d-----w- c:\users\Robert\AppData\Local\{A47ECF22-3ABD-4162-9C4B-50E5049CAD99}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 21:55 . 2011-04-27 10:27 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 14:08 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 17:03 . 2011-04-13 08:39 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 08:39 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-13 08:39 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 10:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 10:28 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 10:28 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 10:28 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 10:28 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 10:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-13 08:39 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-13 08:39 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriveDiscoveryMemoryResident"="c:\program files\NotsoSoftware\DriveDiscovery\NSSMR.exe" [2007-01-12 462848]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-06 552312]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgldx86
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-30 02:00]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 02:27]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 02:27]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{8E39D930-9D30-483C-A8BF-32D0A667469D}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: Interfaces\{4F4016BF-A308-498B-A621-9493A1FA8D8B}: NameServer = 83.136.47.249 193.120.14.101
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\34uwoza7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ce901ec&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Robert\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 20:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-30 20:50:08
ComboFix-quarantined-files.txt 2011-05-30 19:50
.
Pre-Run: 89,233,584,128 bytes free
Post-Run: 88,533,446,656 bytes free
.
- - End Of File - - 0EEFCFCC3A9DFA9F26678A618B52F12C
  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

First there are two tools you should use in order to remove more of AVG.

1. AVG Remover: http://download.avg....6_2011_1322.exe
Download/run the file and follow the on-screen instructions.

2. AppRemover:

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any [<<Application Name>> entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot, please do so.







Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#7
Greenybaby

Greenybaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6726

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

30/05/2011 21:30:47
mbam-log-2011-05-30 (21-30-47).txt

Scan type: Quick scan
Objects scanned: 169856
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Greenybaby

Greenybaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
sorry for the delay on the 2nd log, after hours of scanning it finished saying 11 threats were found but when i went to finish it did not create a log and wanted me to download their paid version of their antivirus, i selected the trial and waited for my username and password, the page then timed out and when i went to resumbit the info it said my email was already registered for the free trial :unsure: and there is nothing in the email that links me to downloading the content, what do i do now :)
  • 0

#9
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
The log file should be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • 0

#10
Greenybaby

Greenybaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i done a search for that earlier and i get the txt "no items match your search"

shall i try running it again tonight?

*EDIT*

i found the program file for ESET
this is exactly what is in the folder
ESET.jpg
and in the log this is all that is there


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

Edited by Greenybaby, 31 May 2011 - 04:49 PM.

  • 0

#11
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can now reinstall your AV. You could reinstall AVG if you want, but personally I recommend another free AV: Avira AntiVir Personal. It's better in my opinion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :)
  • 0

#12
Greenybaby

Greenybaby

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much Gammo :) :unsure:
  • 0

#13
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP