Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect plus more. Can't d/l any suggested tools either!


  • This topic is locked This topic is locked

#16
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Got this as soon as it stopped tidying up: (will run new scan now)

All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-172382132-1955810624-3325907670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}:1.0 removed from extensions.enabledItems
Prefs.js: {8b8478bd-ba96-4782-9322-da6937a1d8ec}:1.0 removed from extensions.enabledItems
Prefs.js: {2f3a21c4-ce26-4c78-ac60-8970b64e1906}:1.0 removed from extensions.enabledItems
Prefs.js: {4d6f9453-60f7-40c6-9f44-1997a8f90997}:1.0 removed from extensions.enabledItems
Prefs.js: {6c69851a-6ddd-4590-80e2-0ccf607f6f31}:1.0 removed from extensions.enabledItems
Prefs.js: {ad64d9dd-4c12-499e-bd17-da04735aadd5}:1.0 removed from extensions.enabledItems
Prefs.js: {c2d851ac-d793-4c9b-95b8-7757964e3b3c}:1.0 removed from extensions.enabledItems
Prefs.js: {8cfb5ae1-c409-4a33-9838-288af6e70de7}:1.0 removed from extensions.enabledItems
Prefs.js: {c417facb-24f6-43eb-936b-804067b1588f}:1.0 removed from extensions.enabledItems
Prefs.js: {7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}:1.0 removed from extensions.enabledItems
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c} scheduled to be moved on reboot.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f}\defaults\preferences folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f}\defaults folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f}\chrome folder moved successfully.
Folder move failed. C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f} scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01890CB2-F363-439A-8A33-083BBDD7BF3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01890CB2-F363-439A-8A33-083BBDD7BF3f}\ deleted successfully.
C:\Users\Anon\AppData\Local\InternetCodec.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67D2DE69-FF07-DBC4-13E4-3370EFBCA85A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67D2DE69-FF07-DBC4-13E4-3370EFBCA85A}\ deleted successfully.
File C:\Users\Anon\AppData\Local\InternetCodec.dll not found.
C:\Windows\System32\regxplor.dll moved successfully.
C:\ProgramData\344cb3d9 moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Anon\Desktop\cmd.bat deleted successfully.
C:\Users\Anon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Anon
->Temp folder emptied: 6436244 bytes
->Temporary Internet Files folder emptied: 31595387 bytes
->Java cache emptied: 3411313 bytes
->FireFox cache emptied: 59922045 bytes
->Google Chrome cache emptied: 9753215 bytes
->Flash cache emptied: 4755133 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56509 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gas
->Temp folder emptied: 409490 bytes
->Temporary Internet Files folder emptied: 14751745 bytes
->FireFox cache emptied: 10754345 bytes
->Flash cache emptied: 1908 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5388804 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66782 bytes
RecycleBin emptied: 426757 bytes

Total Files Cleaned = 141.00 mb


[EMPTYFLASH]

User: All Users

User: Anon
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: gas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_084952

Files\Folders moved on Reboot...
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{4d6f9453-60f7-40c6-9f44-1997a8f90997} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6c69851a-6ddd-4590-80e2-0ccf607f6f31} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{6f5d109a-72a0-4fd2-b75a-bfa5bfe3a2c6} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{7b7f9bd5-4788-4f66-a981-c1ed76f79b1d} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8b8478bd-ba96-4782-9322-da6937a1d8ec} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{8cfb5ae1-c409-4a33-9838-288af6e70de7} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{acc2f632-b0a0-4d27-8eb9-5716ad5b9536} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{ad64d9dd-4c12-499e-bd17-da04735aadd5} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c2d851ac-d793-4c9b-95b8-7757964e3b3c} folder moved successfully.
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{c417facb-24f6-43eb-936b-804067b1588f} folder moved successfully.
C:\Users\Anon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88G8LPD5\fastbutton[1].htm moved successfully.
C:\Users\Anon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\88G8LPD5\page__gopid__2077395[1].htm moved successfully.
C:\Users\Anon\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements


#17
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 10/30/2011 9:05:11 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.10% Memory free
6.19 Gb Paging File | 4.92 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 100.40 Gb Free Space | 68.03% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 148.94 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: ANON-PC | User Name: Anon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 08:26:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anon\Desktop\OTL.com
PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/25 13:51:04 | 000,906,496 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\ApVxdWin.exe
PRC - [2009/09/17 13:17:32 | 000,293,120 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrvx86.exe
PRC - [2009/09/07 17:40:04 | 000,198,400 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
PRC - [2009/08/25 14:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\psksvc.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrlS.exe
PRC - [2009/08/10 14:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
PRC - [2009/08/10 14:45:48 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
PRC - [2009/04/23 13:31:16 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\WebProxy.exe
PRC - [2009/04/17 11:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/08 11:56:24 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2010\FIREWALL\PSHost.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2009/02/14 10:17:33 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2008/06/27 14:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\SrvLoad.exe
PRC - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
PRC - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/11/14 12:08:48 | 000,027,400 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2007/11/14 11:43:58 | 000,054,024 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/05/31 08:38:48 | 000,053,248 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2010/06/21 12:31:27 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/08/06 11:00:18 | 000,821,248 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2010\PLATCTRL.bpl
MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007/11/16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2004/05/19 12:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2010\LIBXML2.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (FontCache3.0.0.032)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/17 13:17:32 | 000,293,120 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/08/25 14:28:20 | 000,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe -- (PskSvcRetail)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/08/10 14:45:52 | 000,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/04/17 11:17:24 | 000,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe -- (TPSrv)
SRV - [2009/04/08 11:56:24 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/02/14 10:17:33 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2008/07/02 15:09:36 | 000,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\GWMsrv.dll -- (Gwmsrv)
SRV - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/05/31 08:38:48 | 000,053,248 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011/10/30 08:23:18 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/06/23 10:23:46 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/11/20 22:24:46 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2009/10/01 00:07:44 | 000,075,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2009/09/09 11:29:18 | 000,199,432 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1639.sys -- (NETIMFLT01060039)
DRV - [2009/09/02 04:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/06 13:29:16 | 000,049,160 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2009/07/23 13:42:00 | 009,814,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/30 18:17:12 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 14:33:02 | 000,046,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/06/16 14:33:00 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/06/16 14:32:58 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/06/16 14:32:58 | 000,053,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/06/10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/06/01 07:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/28 12:25:06 | 000,022,072 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2008/03/04 16:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 08:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/07 12:16:28 | 000,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/05/31 12:33:44 | 000,012,800 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2007/04/23 10:28:56 | 000,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 10:28:56 | 000,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 00:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2005/10/04 04:16:22 | 000,007,936 | ---- | M] (M Three Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\keychain.sys -- (keychain)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.jillcataldo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.7.0.6
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Anon\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins
pArtistScope42.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 12:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 12:32:15 | 000,000,000 | ---D | M]

[2009/07/17 00:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anon\AppData\Roaming\Mozilla\Extensions
[2009/07/17 00:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/10/30 08:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions
[2011/10/02 14:31:42 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/10/02 14:31:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/26 22:01:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(23)
[2010/07/31 23:00:01 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\[email protected]
[2011/09/24 19:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{2F3A21C4-CE26-4C78-AC60-8970B64E1906}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{4D6F9453-60F7-40C6-9F44-1997A8F90997}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{6C69851A-6DDD-4590-80E2-0CCF607F6F31}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{6F5D109A-72A0-4FD2-B75A-BFA5BFE3A2C6}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{7B7F9BD5-4788-4F66-A981-C1ED76F79B1D}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{8B8478BD-BA96-4782-9322-DA6937A1D8EC}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{8CFB5AE1-C409-4A33-9838-288AF6E70DE7}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{AD64D9DD-4C12-499E-BD17-DA04735AADD5}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{C2D851AC-D793-4C9B-95B8-7757964E3B3C}
File not found (No name found) -- C:\USERS\ANON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DPXALV9G.DEFAULT\EXTENSIONS\{C417FACB-24F6-43EB-936B-804067B1588F}
[2009/01/15 13:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2011/03/13 15:33:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/13 15:33:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 12:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 12:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/09/01 00:07:42 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/10/30 08:49:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://207.245.65.10...?SKU=99154&RGB=[244,242,180]&DisplayShockwave=1" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-172382132-1955810624-3325907670-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D89EECA-1E1C-4E4E-A056-26367852D582}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (Panda Security, S.L.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/30 08:49:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/30 08:25:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anon\Desktop\OTL.com
[2011/10/30 08:20:00 | 000,000,000 | ---D | C] -- C:\Users\Anon\Desktop\RK_Quarantine
[2011/10/29 22:10:03 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Anon\Desktop\FixTDSS.exe
[2011/10/29 12:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011/10/20 17:37:09 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\dictator deaths
[2011/09/30 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\My Photos
[2011/09/30 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\My Documents
[2011/09/30 16:57:31 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/09/30 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\Htc
[2011/09/30 16:49:22 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\HTC
[2011/09/30 16:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011/09/30 16:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011/09/30 16:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011/09/30 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\HTC

========== Files - Modified Within 30 Days ==========

[2011/10/30 09:09:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/30 09:02:42 | 000,372,536 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/10/30 09:02:42 | 000,372,536 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/10/30 09:02:42 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2011/10/30 09:02:42 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2011/10/30 09:02:42 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2011/10/30 09:02:42 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2011/10/30 09:02:42 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2011/10/30 09:02:42 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2011/10/30 09:02:42 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2011/10/30 09:02:42 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2011/10/30 09:02:42 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2011/10/30 09:02:42 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2011/10/30 09:02:42 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2011/10/30 09:02:42 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2011/10/30 09:02:39 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2011/10/30 09:02:39 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2011/10/30 08:56:35 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/30 08:56:35 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/30 08:52:33 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2011/10/30 08:52:33 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2011/10/30 08:52:29 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2011/10/30 08:52:29 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2011/10/30 08:52:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/30 08:51:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 08:51:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/30 08:51:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/30 08:49:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/30 08:49:10 | 000,001,356 | ---- | M] () -- C:\Users\Anon\AppData\Local\d3d9caps.dat
[2011/10/30 08:26:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anon\Desktop\OTL.com
[2011/10/30 08:23:18 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/30 08:19:30 | 000,725,504 | ---- | M] () -- C:\Users\Anon\Desktop\RogueKiller.exe
[2011/10/30 07:53:02 | 000,079,872 | ---- | M] () -- C:\Users\Anon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/30 07:51:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/30 00:03:07 | 000,002,569 | ---- | M] () -- C:\Users\Anon\Desktop\Microsoft Office Word 2003.lnk
[2011/10/29 22:24:38 | 000,804,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/29 22:10:03 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Anon\Desktop\FixTDSS.exe
[2011/10/29 21:31:51 | 000,302,592 | ---- | M] () -- C:\Users\Anon\Desktop\mbqkq3c7.exe
[2011/10/29 17:03:01 | 000,046,986 | ---- | M] () -- C:\Users\Anon\Desktop\bookmarks-2011-10-29.json
[2011/10/29 16:37:49 | 000,015,714 | ---- | M] () -- C:\Users\Anon\AppData\Roaming\wklnhst.dat
[2011/10/28 10:55:45 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/09/30 16:56:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/09/30 16:49:12 | 000,000,942 | ---- | M] () -- C:\Users\Anon\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk

========== Files Created - No Company Name ==========

[2011/10/30 08:20:00 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/30 08:19:30 | 000,725,504 | ---- | C] () -- C:\Users\Anon\Desktop\RogueKiller.exe
[2011/10/29 21:31:50 | 000,302,592 | ---- | C] () -- C:\Users\Anon\Desktop\mbqkq3c7.exe
[2011/10/29 17:03:01 | 000,046,986 | ---- | C] () -- C:\Users\Anon\Desktop\bookmarks-2011-10-29.json
[2011/09/30 16:56:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/09/30 16:49:12 | 000,000,942 | ---- | C] () -- C:\Users\Anon\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/07/08 12:03:45 | 000,004,397 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\E0FA.BD8
[2011/02/22 12:09:28 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/25 21:11:15 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/02/20 23:45:01 | 000,000,141 | ---- | C] () -- C:\Windows\asym.ini
[2009/12/06 18:45:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/06 18:45:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/20 22:24:46 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2009/11/20 22:24:30 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2009/11/20 22:24:26 | 000,372,536 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2009/11/20 22:24:26 | 000,372,536 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 22:22:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/09 23:34:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/09 23:34:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/10 14:16:15 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2009/05/10 14:16:15 | 000,014,381 | ---- | C] () -- C:\Windows\Tw533a.ini
[2009/05/10 14:16:15 | 000,001,325 | ---- | C] () -- C:\Windows\Remove.ini
[2009/03/05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/14 10:17:33 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2009/01/23 15:17:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/06 21:37:29 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/09/06 21:37:29 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/07/24 06:05:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/05 15:48:38 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/07/04 17:56:47 | 000,031,007 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\UserTile.png
[2008/07/04 14:58:43 | 000,001,356 | ---- | C] () -- C:\Users\Anon\AppData\Local\d3d9caps.dat
[2008/07/02 22:33:30 | 000,079,872 | ---- | C] () -- C:\Users\Anon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/02 21:16:24 | 000,027,240 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\nvModes.001
[2008/07/02 20:30:09 | 000,015,714 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\wklnhst.dat
[2008/07/02 19:46:05 | 000,027,240 | ---- | C] () -- C:\Users\Anon\AppData\Roaming\nvModes.dat
[2008/07/02 19:13:13 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/07/02 17:00:44 | 000,000,016 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2008/02/21 13:34:55 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/02/18 19:56:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/18 19:56:41 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/18 19:56:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/18 19:56:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/18 19:56:41 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/18 19:56:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/18 19:04:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 18:57:50 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 18:55:00 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 18:55:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 18:55:00 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 18:55:00 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 17:53:20 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/04/24 14:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/03/06 18:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,804,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004/05/10 10:33:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lhtool.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/08/21 22:14:41 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Anarchy
[2010/07/08 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Avanquest
[2011/03/13 15:33:55 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Catalina Marketing Corp
[2010/01/12 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/02/27 14:53:51 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\com.zipeg
[2008/07/08 12:27:19 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Downloaded Installations
[2009/12/06 01:20:26 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\GTM_Bodie
[2010/09/02 22:04:41 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\HamsterSoft
[2011/09/30 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\HTC
[2011/09/30 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2009/12/02 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\IronCode
[2008/07/03 15:23:11 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\iWin
[2009/10/24 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Meridian93
[2009/03/29 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Neopets Toolbar
[2009/10/26 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Oberonv1001
[2009/10/24 00:54:56 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Oberonv1002
[2009/01/05 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\OpenOffice.org
[2009/12/02 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Orbit
[2010/08/21 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Orneon
[2009/11/20 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Panda Security
[2008/07/04 17:56:47 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\PeerNetworking
[2009/11/29 00:51:15 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\PlayFirst
[2009/12/06 00:56:37 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Playrix Entertainment
[2009/10/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Princess Isabella
[2008/08/05 10:39:10 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\SecondLife
[2009/10/24 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Sudden Games
[2008/07/02 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Template
[2009/11/29 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\TheScruffs
[2010/03/12 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\toshiba
[2008/07/02 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\WinBatch
[2010/02/27 14:56:41 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Zipeg
[2011/10/04 13:17:34 | 000,000,000 | ---D | M] -- C:\Users\gas\AppData\Roaming\HTC
[2011/10/30 08:08:31 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Anon\Documents\MVI_0127.AVI:TOC.WMV
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2FAFBD6A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6CE0638C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4E158DDD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:0AC32449

< End of report >
  • 0

#18
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Redirect seems to be gone :) I tried both IE and Firefox. Can you tell me what was wrong that caused this to happen please? Do I have other issues as well?

Why didn't Panda catch this?

Edited by JodiP, 30 October 2011 - 08:23 AM.

  • 0

#19
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes still is showing that trojan. Just deleted it again and am rescanning again.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8046

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10/30/2011 9:29:48 AM
mbam-log-2011-10-30 (09-29-48).txt

Scan type: Quick scan
Objects scanned: 186044
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This was the IE problem
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

This was the FF problem
C:\Users\Anon\AppData\Roaming\Mozilla\Firefox\Profiles\dpxalv9g.default\extensions\{2f3a21c4-ce26-4c78-ac60-8970b64e1906}\defaults\preferences folder moved successfully.

These were the programme problems
File C:\Users\Anon\AppData\Local\InternetCodec.dll not found.
C:\Windows\System32\regxplor.dll moved successfully.
C:\ProgramData\344cb3d9 moved successfully
.

They were generic trojan downloaders and redirectors

Could you now confirm that Panda is working properly and that you are able to access windows updates
  • 0

#21
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Running Panda now. I had to shut it off before to allow MBam to delete bad files. It's always been like that so not sure it was related to this. Panda seems to not like to play well with certain other programs.

Curious why I still show that trojan even though it's been deleted several times. How do I get rid of it for good?

Win Update never been a problem and I have 2 office related updates waiting to be installed. System restore seemed to have been disabled though the one restore point it has now is a bad one from last night.

Oh, I'll take your word as to what was wrong since I have no clue what all that means :)

Edited by JodiP, 30 October 2011 - 08:52 AM.

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you see if you can create a restore point please as I would like to confirm that it is running properly

Also any other problems ?
  • 0

#23
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Only other problem is the question of why that trojan comes back. Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.


I've deleted it several times the last 24 hours but it still comes back.

Created a system restore point sucessfully!

Hmmm...IEspell is gone. Tried to spell check and it said it was missing.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You may need to re-install IESpell :yes:

I have noticed this with MBAM - on several machines, in fact the key is not present. But, I have been unable to trace down the why

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :)
  • 0

#25
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Amazing (You are)! I will report back tomorrow and do as you asked in your last post.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#27
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Looks like all is perfect now :) Can't thank you enough. I will be sending you something by Paypal later today (have doctor appointment now). You really went above and beyond with fixing this problem in no time at all.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, I really love flattery :yes:

Thank you for the daonation and keep safe now :)
  • 0

#29
JodiP

JodiP

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
PM'd you :)
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP