Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyStart by Incredibar virus removal help [Solved]

Started by Chouse28 , Feb 20 2012 03:32 PM

  • This topic is locked This topic is locked

#1
Chouse28
Posted 20 February 2012 - 03:32 PM

Chouse28

    Member

  • Member
  • PipPip
  • 27 posts
Hi,
MyStart by Incredibar is taking over my internet search engine. I type a search into Google and a MyStart web search pops up. It seems to be slowing down my browser (Firefox) as well. I have done some research and found out that it is in fact a virus. I need some help in removing it.

Any help would be much appreciated! Thanks

Here is my OTL Log:

OTL logfile created on: 20/02/2012 3:25:53 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Chris.CHOUSE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 52.52% Memory free
3.78 Gb Paging File | 3.13 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 4.02 Gb Free Space | 6.85% Space Free | Partition Type: NTFS
Drive D: | 174.28 Gb Total Space | 146.98 Gb Free Space | 84.34% Space Free | Partition Type: NTFS

Computer Name: CHOUSE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
PRC - [2012/02/17 21:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 21:07:30 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/01 19:44:40 | 008,527,008 | ---- | M] () -- C:\WINXP\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/06 16:34:26 | 000,221,184 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanDll.dll
MOD - [2009/03/24 14:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanSup.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/23 11:54:34 | 000,212,992 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanCtl.dll
MOD - [2008/08/20 00:42:00 | 000,466,944 | ---- | M] () -- C:\WINXP\system32\nvshell.dll
MOD - [2008/06/27 10:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWps.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/01/31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 01:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 10:15:15 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2012/01/04 13:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2011/12/19 20:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2011/09/26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINXP\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/01 08:08:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 08:08:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/24 17:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/30 06:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 06:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 05:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/09 02:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010/03/04 18:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 18:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/12/09 11:00:50 | 000,592,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\dwarusb.sys -- (arusb(Atheros))
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/12/11 09:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINXP\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINXP\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-too...&as=0&isid=9851
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6R84eosULZ&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FileServe"
FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "MyTools"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: " http://www.google.co...m.my/search?q="
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXP\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ef7f254-8bcc-48d6-b1bb-980964a775d0}: C:\Program Files\HDVid Web Player\HDVidFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 21:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM\idmmzcc5

[2011/04/25 12:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Extensions
[2012/02/15 21:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions
[2012/02/11 22:57:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/31 11:26:22 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\conduit.xml
[2012/02/10 13:33:28 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyStart Search.xml
[2012/02/02 17:46:33 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyTools.xml
[2011/05/15 10:11:24 | 000,002,532 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\speedbit.xml
[2012/02/10 13:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/17 21:07:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/01 17:10:16 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINXP\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1313618912328 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95B36804-FAE4-490E-83D4-F4F84D72B9F3}: DhcpNameServer = 172.16.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/26 15:51:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29f37154-22ec-11e1-8517-1cbdb9d9f1c1}\Shell - "" = AutoRun
O33 - MountPoints2\{29f37154-22ec-11e1-8517-1cbdb9d9f1c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{29f37154-22ec-11e1-8517-1cbdb9d9f1c1}\Shell\AutoRun\command - "" = F:\PC_ImageViewer4.exe
O33 - MountPoints2\{86a52ba3-84cc-11e0-8415-1cbdb9d9f1c1}\Shell - "" = AutoRun
O33 - MountPoints2\{86a52ba3-84cc-11e0-8415-1cbdb9d9f1c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86a52ba3-84cc-11e0-8415-1cbdb9d9f1c1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 15:22:46 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\PC Tools
[2012/02/20 14:36:49 | 000,000,000 | ---D | C] -- C:\WINXP\CSC
[2012/02/20 14:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\STOPzilla
[2012/02/20 14:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2012/02/20 14:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/02/20 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\STOPzilla!
[2012/02/15 22:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\SharePoint
[2012/02/15 22:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Office
[2012/02/15 22:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Microsoft
[2012/02/15 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/02/15 22:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft Help
[2012/02/15 22:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
[2012/02/14 18:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Free Video Joiner
[2012/02/14 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
[2012/02/12 18:26:17 | 000,000,000 | ---D | C] -- C:\android
[2012/02/12 15:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2012/02/12 15:32:50 | 000,000,000 | ---D | C] -- C:\WINXP\System32\LogFiles
[2012/02/12 15:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2012/02/10 13:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\100
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BitTorrent
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/10 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/10 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\D-Link
[2012/02/10 12:27:01 | 000,000,000 | ---D | C] -- C:\WINXP\pcidevice
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Real
[2012/02/04 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\calibre - E-book Management
[2012/02/04 11:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Kobo
[2012/02/04 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Kobo
[2012/02/04 11:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2012/02/01 16:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\.shsh
[2012/01/31 21:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Premiumplay Codec-C
[2012/01/31 21:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
[2012/01/31 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DivX
[2012/01/31 21:36:52 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/01/31 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2012/01/31 21:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate
[2012/01/31 19:58:00 | 000,547,880 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | C] (iS3, Inc.) -- C:\WINXP\System32\IS3Win325.dll
[2012/01/31 17:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/31 17:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\DivX
[2012/01/30 16:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\.bitrock
[2012/01/29 19:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\GetFLV
[2012/01/29 09:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012/01/23 20:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ProgSense
[2012/01/23 20:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Orbit
[2012/01/23 20:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenCandy
[2012/01/23 16:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM
[2012/01/23 16:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DMCache
[2012/01/23 16:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Internet Download Manager
[2012/01/23 16:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/01/15 11:46:46 | 000,689,552 | ---- | C] (MindSpark) -- C:\Program Files\2pUninstall Coupon Alert.dll
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:59:16 | 000,067,627 | ---- | M] () -- C:\WINXP\System32\nvModes.001
[2012/02/20 14:57:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/20 14:39:35 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/02/20 14:39:26 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoSweep.job
[2012/02/20 14:39:16 | 000,000,280 | ---- | M] () -- C:\WINXP\tasks\SmartDefrag_Startup.job
[2012/02/20 14:39:15 | 000,184,725 | ---- | M] () -- C:\WINXP\System32\nvapps.xml
[2012/02/20 14:39:06 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/02/20 11:15:31 | 000,000,418 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
[2012/02/20 01:30:00 | 000,000,432 | ---- | M] () -- C:\WINXP\tasks\Wise Registry Cleaner Schedule Task.job
[2012/02/19 18:12:28 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/19 17:00:45 | 000,000,292 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoUpdate.job
[2012/02/18 11:29:02 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/02/17 17:00:06 | 000,000,288 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoCare.job
[2012/02/15 23:16:41 | 000,294,864 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/02/15 22:41:30 | 000,000,219 | -HS- | M] () -- C:\boot.ini
[2012/02/12 18:57:00 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012/02/12 15:32:51 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/10 13:33:51 | 000,000,898 | ---- | M] () -- C:\user.js
[2012/02/10 13:23:46 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 13:03:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/02/10 12:27:38 | 000,376,832 | ---- | M] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/10 12:27:13 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/10 10:20:30 | 000,493,866 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/02/10 10:20:30 | 000,084,244 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/02/04 11:42:59 | 000,000,033 | ---- | M] () -- C:\affiliate.conf
[2012/02/03 07:13:54 | 000,067,627 | ---- | M] () -- C:\WINXP\System32\nvModes.dat
[2012/02/01 17:10:16 | 000,000,734 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2012/02/01 17:05:41 | 000,000,792 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts.umbrella
[2012/01/31 19:58:00 | 000,547,880 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\SZComp5.dll
[2012/01/31 19:58:00 | 000,482,344 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\SZBase5.dll
[2012/01/31 19:58:00 | 000,134,184 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3HTUI5.dll
[2012/01/31 19:58:00 | 000,024,616 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\SZIO5.dll
[2012/01/31 19:57:58 | 000,457,768 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3DBA5.dll
[2012/01/31 19:57:58 | 000,392,232 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3UI5.dll
[2012/01/31 19:57:58 | 000,105,512 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3Inet5.dll
[2012/01/31 19:57:58 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3Svc5.dll
[2012/01/31 19:57:58 | 000,068,648 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3Hks5.dll
[2012/01/31 19:57:58 | 000,030,248 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3XDat5.dll
[2012/01/31 19:57:56 | 000,810,024 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3Base5.dll
[2012/01/31 19:57:56 | 000,232,488 | R--- | M] (iS3, Inc.) -- C:\WINXP\System32\IS3Win325.dll
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 14:57:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/12 18:57:00 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/12 15:32:39 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012/02/10 13:23:46 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 13:03:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/10 13:03:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/02/10 12:27:13 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\wlndis50.sys
[2012/02/10 12:27:13 | 000,010,667 | ---- | C] () -- C:\WINXP\System32\wlndis50.cat
[2012/02/10 12:27:13 | 000,001,593 | ---- | C] () -- C:\WINXP\System32\wlndis50.inf
[2012/02/10 12:27:13 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/10 12:24:33 | 000,376,832 | ---- | C] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/04 11:42:59 | 000,000,033 | ---- | C] () -- C:\affiliate.conf
[2012/02/02 21:37:24 | 000,000,898 | ---- | C] () -- C:\user.js
[2012/01/15 12:08:03 | 000,014,776 | ---- | C] () -- C:\WINXP\System32\drivers\SmartDefragDriver.sys
[2012/01/03 01:28:06 | 002,570,286 | ---- | C] () -- C:\WINXP\System32\abgx360.exe
[2011/12/29 08:50:44 | 000,000,337 | ---- | C] () -- C:\WINXP\lgfwup.ini
[2011/12/07 20:12:28 | 000,000,233 | ---- | C] () -- C:\WINXP\Brpfx04a.ini
[2011/12/07 20:12:28 | 000,000,093 | ---- | C] () -- C:\WINXP\brpcfx.ini
[2011/12/07 20:12:12 | 000,003,302 | ---- | C] () -- C:\WINXP\BRPARAM.INI
[2011/12/07 20:11:14 | 000,000,000 | ---- | C] () -- C:\WINXP\brdfxspd.dat
[2011/12/07 20:11:07 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\BRTCPCON.DLL
[2011/12/07 20:11:03 | 000,000,114 | ---- | C] () -- C:\WINXP\System32\BRLMW03A.INI
[2011/12/05 17:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\winscp.rnd
[2011/10/12 20:47:07 | 000,175,616 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2011/09/13 23:59:31 | 000,259,584 | ---- | C] () -- C:\WINXP\System32\TomsMoComp_ff.dll
[2011/09/13 23:59:31 | 000,251,904 | ---- | C] () -- C:\WINXP\System32\ff_kernelDeint.dll
[2011/09/13 23:59:31 | 000,136,704 | ---- | C] () -- C:\WINXP\System32\libmpeg2_ff.dll
[2011/09/13 23:59:30 | 003,872,256 | ---- | C] () -- C:\WINXP\System32\ffmpeg.dll
[2011/09/13 23:59:30 | 001,524,224 | ---- | C] () -- C:\WINXP\System32\ff_samplerate.dll
[2011/09/13 23:59:30 | 001,175,371 | ---- | C] () -- C:\WINXP\System32\unins000.exe
[2011/09/13 23:59:30 | 000,327,680 | ---- | C] () -- C:\WINXP\System32\ff_libfaad2.dll
[2011/09/13 23:59:30 | 000,211,456 | ---- | C] () -- C:\WINXP\System32\ff_libdts.dll
[2011/09/13 23:59:30 | 000,158,208 | ---- | C] () -- C:\WINXP\System32\ff_unrar.dll
[2011/09/13 23:59:30 | 000,145,920 | ---- | C] () -- C:\WINXP\System32\ff_libmad.dll
[2011/09/13 23:59:30 | 000,113,664 | ---- | C] () -- C:\WINXP\System32\ff_liba52.dll
[2011/09/13 23:59:30 | 000,045,965 | ---- | C] () -- C:\WINXP\System32\unins000.dat
[2011/09/13 23:52:31 | 000,917,504 | ---- | C] () -- C:\WINXP\System32\dtsdecoderdll.dll
[2011/09/13 23:52:31 | 000,258,048 | ---- | C] () -- C:\WINXP\System32\libFLAC.dll
[2011/09/12 23:00:50 | 001,097,728 | ---- | C] () -- C:\WINXP\System32\vorbis.dll
[2011/09/12 23:00:50 | 000,909,312 | ---- | C] () -- C:\WINXP\System32\vorbisenc.dll
[2011/09/12 23:00:50 | 000,237,568 | ---- | C] () -- C:\WINXP\System32\OggDS.dll
[2011/09/12 23:00:50 | 000,036,734 | ---- | C] () -- C:\WINXP\System32\OggDSuninst.exe
[2011/09/12 23:00:50 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\ogg.dll
[2011/09/10 00:13:04 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/07/27 14:20:41 | 000,018,440 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011/07/25 16:21:05 | 000,451,072 | ---- | C] () -- C:\WINXP\System32\ISSRemoveSP.exe
[2011/07/25 16:18:48 | 000,016,480 | ---- | C] () -- C:\WINXP\System32\rixdicon.dll
[2011/07/25 16:15:56 | 000,010,084 | ---- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2011/07/25 16:14:53 | 000,067,627 | ---- | C] () -- C:\WINXP\System32\nvModes.dat
[2011/07/15 14:38:06 | 000,000,016 | ---- | C] () -- C:\WINXP\System32\PCProxyOff.ini
[2011/07/15 13:37:03 | 000,032,256 | ---- | C] () -- C:\WINXP\System32\AVSredirect.dll
[2011/07/15 13:32:48 | 000,107,520 | RHS- | C] () -- C:\WINXP\System32\TAKDSDecoder.dll
[2011/05/20 14:27:09 | 000,000,094 | ---- | C] () -- C:\WINXP\awshkwv.ini
[2011/05/15 10:00:33 | 000,109,216 | ---- | C] () -- C:\WINXP\System32\EasyHook64.dll
[2011/05/15 10:00:33 | 000,090,784 | ---- | C] () -- C:\WINXP\System32\EasyHook32.dll
[2011/04/30 13:21:56 | 000,000,066 | ---- | C] () -- C:\WINXP\wininit.ini
[2011/04/25 23:42:01 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 20:57:18 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\drivers\WLNdis50.sys
[2011/04/25 12:47:28 | 000,000,050 | ---- | C] () -- C:\WINXP\MegaManager.INI
[2011/04/25 12:30:13 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\vso_ts_preview.xml
[2011/04/25 12:27:49 | 000,073,728 | ---- | C] () -- C:\WINXP\VMInstNT.exe
[2011/04/25 12:27:49 | 000,040,960 | ---- | C] () -- C:\WINXP\VM303UninstNT.exe
[2011/04/25 11:46:29 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/04/25 11:39:25 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/04/25 05:28:09 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/04/25 05:26:40 | 000,294,864 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2011/03/18 08:08:17 | 000,415,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2012/02/10 13:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\100
[2011/12/07 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\ControlCenter4
[2011/10/11 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\EasyMP3Downloader
[2011/05/01 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\FileServe Limited
[2012/01/15 11:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Innovative Solutions
[2012/02/10 13:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate
[2011/08/24 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IObit
[2011/12/29 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LightScribe
[2011/11/30 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MumboJumbo
[2012/01/31 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2011/09/11 18:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\RapidSolution
[2012/01/15 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\SpeedBit
[2012/02/20 14:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\STOPzilla!
[2011/12/29 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TEMP
[2011/05/18 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\vsosdk
[2011/06/03 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/25 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/04 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\abgx360
[2011/12/12 07:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\AppKeys
[2011/06/04 08:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BabylonToolbar
[2012/02/19 20:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/04 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/01/12 17:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ControlCenter4
[2012/01/23 17:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DMCache
[2011/12/29 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoft
[2011/10/14 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers
[2011/10/11 16:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\EasyMP3Downloader
[2011/04/26 10:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ElevatedDiagnostics
[2011/11/03 18:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ezNZB
[2011/10/13 19:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Garmin
[2011/09/12 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\GetRightToGo
[2012/01/23 17:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM
[2011/04/25 13:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ImgBurn
[2011/10/25 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IObit
[2012/02/12 15:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2011/07/25 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leadertech
[2011/10/12 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leawo
[2011/09/12 22:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\mkvtoolnix
[2011/06/26 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Nicalis
[2012/01/23 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenCandy
[2011/05/13 09:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenOffice.org
[2012/01/24 17:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Orbit
[2011/05/31 21:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\PokerCreations
[2012/01/23 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ProgSense
[2011/12/31 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\redsn0w
[2011/06/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Rovio
[2011/12/11 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ShoppingDaisy
[2011/04/30 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\TeamViewer
[2011/09/11 07:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Tunebite
[2011/05/31 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\UFC Poker
[2012/01/13 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Vso
[2012/01/18 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Xilisoft
[2012/02/17 17:00:06 | 000,000,288 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoCare.job
[2012/02/20 14:39:26 | 000,000,290 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoSweep.job
[2012/02/19 17:00:45 | 000,000,292 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoUpdate.job
[2012/02/20 14:39:16 | 000,000,280 | ---- | M] () -- C:\WINXP\Tasks\SmartDefrag_Startup.job
[2012/02/20 11:15:31 | 000,000,418 | -H-- | M] () -- C:\WINXP\Tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
[2012/02/20 01:30:00 | 000,000,432 | ---- | M] () -- C:\WINXP\Tasks\Wise Registry Cleaner Schedule Task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:ECF54A0E

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 27 February 2012 - 01:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Chouse28 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6R84eosULZ&i=26
    FF - prefs.js..browser.search.order.1: "MyTools"
    FF - prefs.js..network.proxy.type: 1
    FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search"
    FF - prefs.js..browser.search.order.1: "MyTools"
    [2012/02/02 17:46:33 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyTools.xml
    [2012/02/10 13:33:28 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyStart Search.xml
    [2012/02/02 17:46:33 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyTools.xml
    O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
Chouse28
Posted 27 February 2012 - 05:53 PM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for your help MaliProg!

OTL Log:

Prefs.js: "MyTools" removed from browser.search.order.1
Prefs.js: 1 removed from network.proxy.type
Prefs.js: "PhotoJoy Bar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "MyTools" removed from browser.search.order.1
C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyTools.xml moved successfully.
C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyStart Search.xml moved successfully.
File C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\MyTools.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011041135}\ deleted successfully.
C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINXP

User: Chris
->Temp folder emptied: 817895 bytes
->Temporary Internet Files folder emptied: 28754285 bytes
->Java cache emptied: 21981 bytes
->FireFox cache emptied: 621886868 bytes
->Flash cache emptied: 67286 bytes

User: Chris.CHOUSE
->Temp folder emptied: 48585466 bytes
->Temporary Internet Files folder emptied: 7833799 bytes
->Java cache emptied: 28809 bytes
->FireFox cache emptied: 364091540 bytes
->Flash cache emptied: 62755 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINXP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33950 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33302 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 762201 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1191516 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115171 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 108413392 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1694833776 bytes

Total Files Cleaned = 2,744.00 mb


OTL by OldTimer - Version 3.2.33.1 log created on 02272012_174131

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
Chouse28
Posted 27 February 2012 - 06:03 PM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Malwarebytes Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris :: CHOUSE [administrator]

27/02/2012 5:55:42 PM
mbam-log-2012-02-27 (17-55-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253047
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\CouponAlert_2p (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\2pUninstall Coupon Alert.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WGASetup.exe (Hacktool.WPA) -> Quarantined and deleted successfully.

(end)
  • 0

#5
maliprog
Posted 28 February 2012 - 12:01 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Chouse28,

How is your system now? Any problems?
  • 0

#6
Chouse28
Posted 28 February 2012 - 07:20 AM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, it is still searching MyStart by Incredibar. It only searches for it when I use the main search on google. When I search using the bar in the top right corner of firefox, it uses google. But that is what is what doing before.
  • 0

#7
maliprog
Posted 28 February 2012 - 07:34 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's see new logs and what's left behind.

Step 1

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit-&gt;Select All, Edit-&gt;Copy) the contents of this file, and post it with your next reply.
Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe &amp; follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#8
Chouse28
Posted 28 February 2012 - 04:12 PM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL Log:

OTL logfile created on: 28/02/2012 4:07:04 PM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Chris.CHOUSE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 67.24% Memory free
3.78 Gb Paging File | 3.29 Gb Available in Paging File | 86.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 3.41 Gb Free Space | 5.83% Space Free | Partition Type: NTFS
Drive D: | 174.28 Gb Total Space | 144.53 Gb Free Space | 82.93% Space Free | Partition Type: NTFS

Computer Name: CHOUSE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
PRC - [2012/02/17 21:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/09 16:45:54 | 000,373,080 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/10 17:02:14 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 21:07:30 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/06 16:34:26 | 000,221,184 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanDll.dll
MOD - [2009/03/24 14:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanSup.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/23 11:54:34 | 000,212,992 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanCtl.dll
MOD - [2008/06/27 10:10:30 | 000,118,784 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWps.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/01 08:08:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 01:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/28 19:57:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/02/11 19:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\D-Link\DWA-130 revE\WLSVC.exe -- (WLSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 10:15:15 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011/12/19 20:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/01 08:08:10 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 08:08:10 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/07 06:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/05/24 17:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/30 06:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 06:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 05:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/09 02:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010/03/04 18:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 18:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/12/09 11:00:50 | 000,592,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\dwarusb.sys -- (arusb(Atheros))
DRV - [2009/08/05 22:23:22 | 000,588,032 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/02/27 10:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/12/11 09:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINXP\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 00:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-too...&as=0&isid=9851
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FileServe"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: " http://www.google.co...m.my/search?q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXP\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ef7f254-8bcc-48d6-b1bb-980964a775d0}: C:\Program Files\HDVid Web Player\HDVidFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 21:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM\idmmzcc5

[2011/04/25 12:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Extensions
[2012/02/15 21:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions
[2012/02/11 22:57:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/31 11:26:22 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\conduit.xml
[2011/05/15 10:11:24 | 000,002,532 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\searchplugins\speedbit.xml
[2012/02/10 13:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS.CHOUSE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ISCCZM2C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/17 21:07:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/01 17:10:16 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINXP\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2p...bs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1313618912328 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95B36804-FAE4-490E-83D4-F4F84D72B9F3}: DhcpNameServer = 172.16.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/26 15:51:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{29f37154-22ec-11e1-8517-1cbdb9d9f1c1}\Shell - "" = AutoRun
O33 - MountPoints2\{29f37154-22ec-11e1-8517-1cbdb9d9f1c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{29f37154-22ec-11e1-8517-1cbdb9d9f1c1}\Shell\AutoRun\command - "" = F:\PC_ImageViewer4.exe
O33 - MountPoints2\{86a52ba3-84cc-11e0-8415-1cbdb9d9f1c1}\Shell - "" = AutoRun
O33 - MountPoints2\{86a52ba3-84cc-11e0-8415-1cbdb9d9f1c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86a52ba3-84cc-11e0-8415-1cbdb9d9f1c1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 15:58:02 | 004,420,957 | ---- | C] (Swearware) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ComboFix.exe
[2012/02/27 17:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Malwarebytes
[2012/02/27 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/27 17:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
[2012/02/27 17:54:16 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012/02/27 17:41:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/24 17:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\PCHealth
[2012/02/22 22:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\My Documents\Outlook Files
[2012/02/22 21:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BoxeeBrowser
[2012/02/22 21:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BOXEE
[2012/02/22 21:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Start Menu\Programs\Boxee
[2012/02/22 21:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Boxee
[2012/02/20 15:22:46 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\PC Tools
[2012/02/20 14:36:49 | 000,000,000 | ---D | C] -- C:\WINXP\CSC
[2012/02/15 22:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\SharePoint
[2012/02/15 22:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Microsoft Office
[2012/02/15 22:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/15 22:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Microsoft
[2012/02/15 22:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/02/15 22:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft Help
[2012/02/15 22:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
[2012/02/14 18:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Free Video Joiner
[2012/02/14 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Joiner
[2012/02/12 18:26:17 | 000,000,000 | ---D | C] -- C:\android
[2012/02/12 15:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2012/02/12 15:32:50 | 000,000,000 | ---D | C] -- C:\WINXP\System32\LogFiles
[2012/02/12 15:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2012/02/10 13:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\100
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\BitTorrent
[2012/02/10 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/10 13:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/10 12:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\D-Link
[2012/02/10 12:27:01 | 000,000,000 | ---D | C] -- C:\WINXP\pcidevice
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/02/09 15:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Real
[2012/02/04 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/02/04 11:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\calibre - E-book Management
[2012/02/04 11:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Kobo
[2012/02/04 11:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Kobo
[2012/02/04 11:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2012/02/01 16:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\.shsh
[2012/01/31 21:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\Premiumplay Codec-C
[2012/01/31 21:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
[2012/01/31 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DivX
[2012/01/31 21:36:52 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/01/31 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2012/01/31 21:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate
[2012/01/31 17:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/01/31 17:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\DivX
[2012/01/30 16:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris.CHOUSE\.bitrock
[2012/01/29 19:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\GetFLV

========== Files - Modified Within 30 Days ==========

[2012/02/28 16:10:04 | 000,000,418 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
[2012/02/28 16:07:50 | 000,096,939 | ---- | M] () -- C:\WINXP\System32\nvModes.001
[2012/02/28 15:58:30 | 004,420,957 | ---- | M] (Swearware) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\ComboFix.exe
[2012/02/28 15:55:13 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012/02/28 15:55:04 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoSweep.job
[2012/02/28 15:54:47 | 000,185,128 | ---- | M] () -- C:\WINXP\System32\nvapps.xml
[2012/02/28 15:54:43 | 000,000,280 | ---- | M] () -- C:\WINXP\tasks\SmartDefrag_Startup.job
[2012/02/28 15:54:41 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012/02/27 20:22:54 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 17:54:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 17:15:32 | 000,000,292 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoUpdate.job
[2012/02/26 09:01:30 | 000,096,939 | ---- | M] () -- C:\WINXP\System32\nvModes.dat
[2012/02/25 11:29:02 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2012/02/24 17:01:30 | 000,294,864 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012/02/24 17:00:32 | 000,000,288 | ---- | M] () -- C:\WINXP\tasks\ASC4_AutoCare.job
[2012/02/24 16:34:36 | 000,497,268 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012/02/24 16:34:36 | 000,085,586 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012/02/24 16:32:26 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012/02/20 15:22:48 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris.CHOUSE\Desktop\OTL.exe
[2012/02/20 14:57:10 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/20 01:30:00 | 000,000,432 | ---- | M] () -- C:\WINXP\tasks\Wise Registry Cleaner Schedule Task.job
[2012/02/15 22:41:30 | 000,000,219 | -HS- | M] () -- C:\boot.ini
[2012/02/12 18:57:00 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | M] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/10 13:33:51 | 000,000,898 | ---- | M] () -- C:\user.js
[2012/02/10 13:23:46 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 13:03:10 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/02/10 12:27:38 | 000,376,832 | ---- | M] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/10 12:27:13 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/04 11:42:59 | 000,000,033 | ---- | M] () -- C:\affiliate.conf
[2012/02/01 17:10:16 | 000,000,734 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2012/02/01 17:05:41 | 000,000,792 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts.umbrella

========== Files Created - No Company Name ==========

[2012/02/27 17:54:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 09:03:13 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2012/02/24 09:03:13 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\dllcache\iacenc.dll
[2012/02/20 14:57:09 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Desktop\SystemLook.exe
[2012/02/12 18:57:00 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/12 15:32:51 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2012/02/12 15:32:43 | 000,000,000 | -H-- | C] () -- C:\WINXP\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/02/12 15:32:39 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012/02/10 13:23:46 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/02/10 13:03:10 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/10 13:03:10 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk
[2012/02/10 12:27:13 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\wlndis50.sys
[2012/02/10 12:27:13 | 000,010,667 | ---- | C] () -- C:\WINXP\System32\wlndis50.cat
[2012/02/10 12:27:13 | 000,001,593 | ---- | C] () -- C:\WINXP\System32\wlndis50.inf
[2012/02/10 12:27:13 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/02/10 12:24:33 | 000,376,832 | ---- | C] () -- C:\WINXP\System32\AegisI5Installer.exe
[2012/02/04 11:42:59 | 000,000,033 | ---- | C] () -- C:\affiliate.conf
[2012/02/02 21:37:24 | 000,000,898 | ---- | C] () -- C:\user.js
[2012/01/15 12:08:03 | 000,014,776 | ---- | C] () -- C:\WINXP\System32\drivers\SmartDefragDriver.sys
[2012/01/03 01:28:06 | 002,570,286 | ---- | C] () -- C:\WINXP\System32\abgx360.exe
[2011/12/29 08:50:44 | 000,000,337 | ---- | C] () -- C:\WINXP\lgfwup.ini
[2011/12/07 20:12:28 | 000,000,233 | ---- | C] () -- C:\WINXP\Brpfx04a.ini
[2011/12/07 20:12:28 | 000,000,093 | ---- | C] () -- C:\WINXP\brpcfx.ini
[2011/12/07 20:12:12 | 000,003,302 | ---- | C] () -- C:\WINXP\BRPARAM.INI
[2011/12/07 20:11:14 | 000,000,000 | ---- | C] () -- C:\WINXP\brdfxspd.dat
[2011/12/07 20:11:07 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\BRTCPCON.DLL
[2011/12/07 20:11:03 | 000,000,114 | ---- | C] () -- C:\WINXP\System32\BRLMW03A.INI
[2011/12/05 17:17:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\winscp.rnd
[2011/10/12 20:47:07 | 000,175,616 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2011/09/13 23:59:31 | 000,259,584 | ---- | C] () -- C:\WINXP\System32\TomsMoComp_ff.dll
[2011/09/13 23:59:31 | 000,251,904 | ---- | C] () -- C:\WINXP\System32\ff_kernelDeint.dll
[2011/09/13 23:59:31 | 000,136,704 | ---- | C] () -- C:\WINXP\System32\libmpeg2_ff.dll
[2011/09/13 23:59:30 | 003,872,256 | ---- | C] () -- C:\WINXP\System32\ffmpeg.dll
[2011/09/13 23:59:30 | 001,524,224 | ---- | C] () -- C:\WINXP\System32\ff_samplerate.dll
[2011/09/13 23:59:30 | 001,175,371 | ---- | C] () -- C:\WINXP\System32\unins000.exe
[2011/09/13 23:59:30 | 000,327,680 | ---- | C] () -- C:\WINXP\System32\ff_libfaad2.dll
[2011/09/13 23:59:30 | 000,211,456 | ---- | C] () -- C:\WINXP\System32\ff_libdts.dll
[2011/09/13 23:59:30 | 000,158,208 | ---- | C] () -- C:\WINXP\System32\ff_unrar.dll
[2011/09/13 23:59:30 | 000,145,920 | ---- | C] () -- C:\WINXP\System32\ff_libmad.dll
[2011/09/13 23:59:30 | 000,113,664 | ---- | C] () -- C:\WINXP\System32\ff_liba52.dll
[2011/09/13 23:59:30 | 000,045,965 | ---- | C] () -- C:\WINXP\System32\unins000.dat
[2011/09/13 23:52:31 | 000,917,504 | ---- | C] () -- C:\WINXP\System32\dtsdecoderdll.dll
[2011/09/13 23:52:31 | 000,258,048 | ---- | C] () -- C:\WINXP\System32\libFLAC.dll
[2011/09/12 23:00:50 | 001,097,728 | ---- | C] () -- C:\WINXP\System32\vorbis.dll
[2011/09/12 23:00:50 | 000,909,312 | ---- | C] () -- C:\WINXP\System32\vorbisenc.dll
[2011/09/12 23:00:50 | 000,237,568 | ---- | C] () -- C:\WINXP\System32\OggDS.dll
[2011/09/12 23:00:50 | 000,036,734 | ---- | C] () -- C:\WINXP\System32\OggDSuninst.exe
[2011/09/12 23:00:50 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\ogg.dll
[2011/09/10 00:13:04 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/07/27 14:20:41 | 000,018,440 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011/07/25 16:21:05 | 000,451,072 | ---- | C] () -- C:\WINXP\System32\ISSRemoveSP.exe
[2011/07/25 16:18:48 | 000,016,480 | ---- | C] () -- C:\WINXP\System32\rixdicon.dll
[2011/07/25 16:15:56 | 000,010,084 | ---- | C] () -- C:\WINXP\System32\drivers\nvphy.bin
[2011/07/25 16:14:53 | 000,096,939 | ---- | C] () -- C:\WINXP\System32\nvModes.dat
[2011/07/15 14:38:06 | 000,000,016 | ---- | C] () -- C:\WINXP\System32\PCProxyOff.ini
[2011/07/15 13:37:03 | 000,032,256 | ---- | C] () -- C:\WINXP\System32\AVSredirect.dll
[2011/07/15 13:32:48 | 000,107,520 | RHS- | C] () -- C:\WINXP\System32\TAKDSDecoder.dll
[2011/05/20 14:27:09 | 000,000,094 | ---- | C] () -- C:\WINXP\awshkwv.ini
[2011/05/15 10:00:33 | 000,109,216 | ---- | C] () -- C:\WINXP\System32\EasyHook64.dll
[2011/05/15 10:00:33 | 000,090,784 | ---- | C] () -- C:\WINXP\System32\EasyHook32.dll
[2011/04/30 13:21:56 | 000,000,066 | ---- | C] () -- C:\WINXP\wininit.ini
[2011/04/25 23:42:01 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 20:57:18 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\drivers\WLNdis50.sys
[2011/04/25 12:47:28 | 000,000,050 | ---- | C] () -- C:\WINXP\MegaManager.INI
[2011/04/25 12:30:13 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Chris.CHOUSE\Application Data\vso_ts_preview.xml
[2011/04/25 12:27:49 | 000,073,728 | ---- | C] () -- C:\WINXP\VMInstNT.exe
[2011/04/25 12:27:49 | 000,040,960 | ---- | C] () -- C:\WINXP\VM303UninstNT.exe
[2011/04/25 11:46:29 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2011/04/25 11:39:25 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2011/04/25 05:28:09 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2011/04/25 05:26:40 | 000,294,864 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2011/03/18 08:08:17 | 000,415,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2012/02/10 13:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\100
[2011/12/07 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\ControlCenter4
[2011/10/11 18:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\EasyMP3Downloader
[2011/05/01 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\FileServe Limited
[2012/01/15 11:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Innovative Solutions
[2012/02/10 13:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\InstallMate
[2011/08/24 17:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IObit
[2011/12/29 08:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LightScribe
[2011/11/30 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MumboJumbo
[2012/01/31 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Premium
[2011/09/11 18:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\RapidSolution
[2012/01/15 12:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\SpeedBit
[2011/12/29 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TEMP
[2011/05/18 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\vsosdk
[2011/06/03 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/25 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/04 17:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\abgx360
[2011/12/12 07:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\AppKeys
[2011/06/04 08:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BabylonToolbar
[2012/02/27 22:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BitTorrent
[2012/02/22 21:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\BOXEE
[2012/02/04 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\calibre
[2012/01/12 17:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ControlCenter4
[2012/01/23 17:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DMCache
[2011/12/29 11:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoft
[2011/10/14 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers
[2011/10/11 16:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\EasyMP3Downloader
[2011/04/26 10:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ElevatedDiagnostics
[2011/11/03 18:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ezNZB
[2011/10/13 19:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Garmin
[2011/09/12 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\GetRightToGo
[2012/01/23 17:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IDM
[2011/04/25 13:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ImgBurn
[2011/10/25 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\IObit
[2012/02/12 15:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Jason Robitaille
[2011/07/25 16:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leadertech
[2011/10/12 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Leawo
[2011/09/12 22:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\mkvtoolnix
[2011/06/26 10:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Nicalis
[2012/01/23 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenCandy
[2011/05/13 09:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\OpenOffice.org
[2012/01/24 17:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Orbit
[2011/05/31 21:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\PokerCreations
[2012/01/23 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ProgSense
[2011/12/31 13:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\redsn0w
[2011/06/23 19:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Rovio
[2011/12/11 14:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\ShoppingDaisy
[2011/04/30 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\TeamViewer
[2011/09/11 07:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Tunebite
[2011/05/31 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\UFC Poker
[2012/01/13 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Vso
[2012/01/18 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris.CHOUSE\Application Data\Xilisoft
[2012/02/24 17:00:32 | 000,000,288 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoCare.job
[2012/02/28 15:55:04 | 000,000,290 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoSweep.job
[2012/02/27 17:15:32 | 000,000,292 | ---- | M] () -- C:\WINXP\Tasks\ASC4_AutoUpdate.job
[2012/02/28 15:54:43 | 000,000,280 | ---- | M] () -- C:\WINXP\Tasks\SmartDefrag_Startup.job
[2012/02/28 16:10:04 | 000,000,418 | -H-- | M] () -- C:\WINXP\Tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
[2012/02/20 01:30:00 | 000,000,432 | ---- | M] () -- C:\WINXP\Tasks\Wise Registry Cleaner Schedule Task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINXP\Application Data\TEMP:ECF54A0E

< End of report >
  • 0

#9
Chouse28
Posted 28 February 2012 - 04:30 PM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ComboFix Log:

ComboFix 12-02-27.02 - Chris 28/02/2012 16:17:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1296 [GMT -6:00]
Running from: c:\documents and settings\Chris.CHOUSE\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINXP\Application Data\100
c:\documents and settings\All Users.WINXP\Application Data\TEMP
c:\documents and settings\All Users.WINXP\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users.WINXP\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users.WINXP\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users.WINXP\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\Chris.CHOUSE\Application Data\vso_ts_preview.xml
c:\documents and settings\Chris\Application Data\inst.exe
c:\documents and settings\Chris\Application Data\vso_ts_preview.xml
c:\program files\CouponAlert_2pEI
c:\program files\iexplorer
c:\program files\iexplorer\AxInterop.QTOControlLib.dll
c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll
c:\program files\iexplorer\iExplorer.exe
c:\program files\iexplorer\Interop.QTOControlLib.dll
c:\program files\iexplorer\Interop.QTOLibrary.dll
c:\program files\iexplorer\isxdl.dll
c:\program files\iexplorer\MPCrashReporter.dll
c:\program files\iexplorer\MPUpdater.dll
c:\program files\iexplorer\msvcr71.dll
c:\program files\iexplorer\PodPhone2.dll
c:\program files\iexplorer\unins000.dat
c:\program files\iexplorer\unins000.exe
c:\program files\iexplorer\unins000.msg
c:\winxp\system32\drivers\etc\hosts.ics
c:\winxp\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-27 23:54 . 2012-02-27 23:54 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\Malwarebytes
2012-02-27 23:54 . 2012-02-27 23:54 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Malwarebytes
2012-02-27 23:54 . 2011-12-10 21:24 20464 ----a-w- c:\winxp\system32\drivers\mbam.sys
2012-02-27 23:41 . 2012-02-27 23:41 -------- d-----w- C:\_OTL
2012-02-26 02:16 . 2007-08-23 22:45 307200 ----a-w- c:\winxp\system32\nvexpbar.dll
2012-02-24 23:05 . 2012-02-24 23:05 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\PCHealth
2012-02-24 15:03 . 2012-01-11 19:06 3072 -c----w- c:\winxp\system32\dllcache\iacenc.dll
2012-02-24 15:03 . 2012-01-11 19:06 3072 ------w- c:\winxp\system32\iacenc.dll
2012-02-23 03:33 . 2012-02-23 03:34 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\BoxeeBrowser
2012-02-23 03:29 . 2012-02-23 03:29 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\BOXEE
2012-02-23 03:28 . 2012-02-23 03:29 -------- d-----w- c:\program files\Boxee
2012-02-20 20:37 . 2012-02-20 20:37 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\PC Tools
2012-02-16 04:38 . 2012-02-16 04:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-16 04:37 . 2012-02-16 04:37 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-02-16 04:37 . 2012-02-16 04:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-16 04:37 . 2012-02-16 04:37 -------- d-----w- c:\documents and settings\All Users.WINXP\Microsoft
2012-02-16 04:34 . 2012-02-16 04:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-02-16 04:33 . 2012-02-16 04:33 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\Microsoft Help
2012-02-16 04:32 . 2012-02-16 04:44 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Microsoft Help
2012-02-15 00:01 . 2012-02-15 03:55 -------- d-----w- c:\program files\Free Video Joiner
2012-02-13 00:26 . 2012-02-13 00:30 -------- d-----w- C:\android
2012-02-12 21:33 . 2012-02-12 21:33 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\Jason Robitaille
2012-02-12 21:32 . 2012-02-25 20:53 -------- d-----w- c:\winxp\system32\LogFiles
2012-02-12 21:31 . 2011-03-15 22:35 581192 ----a-w- c:\winxp\system32\WinUSBCoInstaller.dll
2012-02-12 21:31 . 2011-03-15 22:35 1112288 ----a-w- c:\winxp\system32\WdfCoInstaller01007.dll
2012-02-12 21:31 . 2012-02-13 00:50 -------- d-----w- c:\program files\Palm, Inc
2012-02-10 19:22 . 2012-02-28 04:42 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\BitTorrent
2012-02-10 19:22 . 2012-02-10 19:22 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\BitTorrent
2012-02-10 18:27 . 2012-02-10 18:27 21361 ----a-w- c:\winxp\system32\drivers\AegisP.sys
2012-02-10 18:27 . 2008-02-27 16:54 20480 ----a-w- c:\winxp\system32\wlndis50.sys
2012-02-10 18:27 . 2012-02-10 18:27 -------- d-----w- c:\winxp\pcidevice
2012-02-10 18:27 . 2009-08-06 04:23 588032 ----a-w- c:\winxp\system32\drivers\RTL8192su.sys
2012-02-10 18:24 . 2012-02-10 18:27 376832 ----a-w- c:\winxp\system32\AegisI5Installer.exe
2012-02-09 21:45 . 2012-02-10 17:31 -------- d-----w- c:\program files\Real
2012-02-04 17:52 . 2012-02-04 17:54 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\calibre
2012-02-04 17:52 . 2012-02-04 17:52 -------- d-----w- c:\program files\Calibre2
2012-02-04 17:42 . 2012-02-04 17:42 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\Kobo
2012-02-04 17:41 . 2012-02-04 17:42 -------- d-----w- c:\program files\Kobo
2012-02-03 03:37 . 2012-02-10 19:33 898 ----a-w- C:\user.js
2012-02-01 22:55 . 2012-02-01 22:55 -------- d-----w- c:\documents and settings\Chris.CHOUSE\.shsh
2012-02-01 03:37 . 2012-02-01 03:37 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\Premiumplay Codec-C
2012-02-01 03:37 . 2012-02-01 03:37 -------- d-----w- c:\program files\Premiumplay Codec-C
2012-02-01 03:36 . 2012-02-01 03:36 -------- d-----w- c:\documents and settings\Chris.CHOUSE\Application Data\DivX
2012-02-01 03:36 . 2012-02-10 19:33 -------- d-----w- C:\codec-info
2012-02-01 03:35 . 2012-02-01 03:35 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\Premium
2012-02-01 03:35 . 2012-02-10 19:34 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\InstallMate
2012-01-31 23:46 . 2012-02-10 15:51 -------- d-----w- c:\program files\DivX
2012-01-31 23:45 . 2012-02-10 15:51 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\DivX
2012-01-30 22:27 . 2012-01-30 22:27 -------- d-----w- c:\documents and settings\Chris.CHOUSE\.bitrock
2012-01-30 01:43 . 2012-02-01 04:38 -------- d-----w- c:\program files\GetFLV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 14:53 . 2011-07-25 22:10 16400 ----a-w- c:\winxp\system32\drivers\LNonPnP.sys
2012-02-10 16:15 . 2011-02-26 22:14 822272 ----a-w- c:\winxp\system32\drivers\BCMWL5.SYS
2012-01-12 16:54 . 2010-12-14 16:18 1869056 ----a-w- c:\winxp\system32\win32k.sys
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\winxp\system32\abgx360.exe
2011-12-29 14:52 . 2011-12-29 14:48 16384 ----a-w- c:\winxp\system32\lgfwunis.exe
2011-12-20 02:46 . 2011-12-20 02:46 37376 ----a-w- c:\winxp\system32\libusb0.dll
2011-12-20 02:46 . 2011-12-20 02:46 21504 ----a-w- c:\winxp\system32\drivers\libusb0.sys
2011-12-17 19:45 . 2010-12-14 16:19 919552 ----a-w- c:\winxp\system32\wininet.dll
2011-12-17 19:45 . 2010-12-14 16:19 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2011-12-17 19:45 . 2010-12-14 16:19 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2011-12-16 23:21 . 2012-01-15 18:08 29016 ----a-w- c:\winxp\system32\SmartDefragBootTime.exe
2011-12-16 12:32 . 2010-12-14 16:19 385024 ----a-w- c:\winxp\system32\html.iec
2011-12-02 01:44 . 2011-12-02 01:44 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2012-02-18 03:07 . 2012-02-10 19:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 18:06 163328 --sha-r- c:\winxp\system32\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\winxp\system32\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\winxp\system32\nbDX.dll
2010-01-07 06:00 107520 --sha-r- c:\winxp\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" [2011-08-09 373080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2008-08-20 13537280]
"nwiz"="nwiz.exe" [2008-08-20 1630208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINXP\Start Menu\Programs\Startup\
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2012-2-10 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Chris.CHOUSE^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Chris.CHOUSE\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\winxp\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
2011-08-09 22:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 00:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-06-20 21:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 00:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2011-08-09 22:45 373080 ----a-w- c:\program files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Chris.CHOUSE\\Desktop\\Programs\\redsn0w_win_0.9.10b1\\redsn0w.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Boxee\\BOXEE.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R0 SmartDefragDriver;SmartDefragDriver;c:\winxp\system32\drivers\SmartDefragDriver.sys [15/01/2012 12:08 PM 14776]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15/01/2012 12:00 PM 328536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/02/2011 4:19 PM 136360]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [24/08/2011 5:39 PM 820568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winxp\system32\drivers\LBeepKE.sys [25/07/2011 4:10 PM 12184]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [15/03/2011 4:35 PM 61440]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\winxp\system32\drivers\WLNdis50.sys [25/04/2011 8:57 PM 20480]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\winxp\system32\drivers\RTL8192su.sys [10/02/2012 12:27 PM 588032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 WLSVC;WLSVC;c:\program files\D-Link\DWA-130 revE\WLSVC.exe [10/02/2012 12:27 PM 167936]
S3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\winxp\system32\drivers\dwarusb.sys [24/04/2011 1:22 PM 592384]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [07/12/2011 8:11 PM 245760]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/02/2011 4:14 PM 193840]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\winxp\system32\drivers\libusb0.sys [19/12/2011 8:46 PM 21504]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/01/2010 5:51 PM 30963576]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\winxp\system32\drivers\netaapl.sys [15/10/2011 9:31 AM 18432]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 8:37 PM 4640000]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [24/08/2011 5:39 PM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [24/08/2011 5:39 PM 16080]
S3 WinRM;Windows Remote Management (WS-Management);c:\winxp\system32\svchost.exe -k WINRM [14/04/2008 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [24/08/2011 5:39 PM 239600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 21:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-02-24 c:\winxp\Tasks\ASC4_AutoCare.job
- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2012-01-15 22:38]
.
2012-02-28 c:\winxp\Tasks\ASC4_AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2012-01-15 22:38]
.
2012-02-27 c:\winxp\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2012-01-15 22:38]
.
2012-02-28 c:\winxp\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-08-24 20:26]
.
2012-02-28 c:\winxp\Tasks\User_Feed_Synchronization-{A9220C7E-FF89-42FC-8D12-4CE7EA2AF99D}.job
- c:\winxp\system32\msfeedssync.exe [2008-04-14 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Chris.CHOUSE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Chris.CHOUSE\Application Data\Mozilla\Firefox\Profiles\iscczm2c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R84eosULZ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 804ac4760000000000001cbdb9d9f1c1
FF - user.js: extensions.incredibar_i.hardId - 804ac4760000000000001cbdb9d9f1c1
FF - user.js: extensions.incredibar_i.instlDay - 15380
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2713:33
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R84eosULZ
FF - user.js: extensions.incredibar_i.upn2n - 92822958178755935
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 15
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-Facebook Update - c:\documents and settings\Chris.CHOUSE\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-SpeedBitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 16:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1228)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-02-28 16:24:54
ComboFix-quarantined-files.txt 2012-02-28 22:24
.
Pre-Run: 3,571,802,112 bytes free
Post-Run: 3,510,550,528 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F0A146E236BB7B0E0F7092F640A35ED9
  • 0

#10
maliprog
Posted 29 February 2012 - 12:23 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please test your system after this step and let me know results.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.my-too...&as=0&isid=9851
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

    :Files
    ipconfig /flushdns /c

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

Advertisements

#11
Chouse28
Posted 29 February 2012 - 04:38 PM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL Log:

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chris.CHOUSE\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.33.1 log created on 02292012_163448
  • 0

#12
Chouse28
Posted 29 February 2012 - 04:40 PM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I just did another search and MyStart by Incredibar stills takes over as the search engine...
  • 0

#13
maliprog
Posted 01 March 2012 - 12:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Chouse28,

Let's try to test your router connection

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit-&gt;Select All, Edit-&gt;Copy) the contents of this file, and post it with your next reply.

Step 3

Download GMER from Here.&nbsp;&nbsp;Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • New OTL scan log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#14
Chouse28
Posted 01 March 2012 - 07:32 AM

Chouse28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok, I am in a basement suite and rent from the guy upstairs and we share the internet connection. Will checking the router connection affect his internet at all?

Thanks,
Chris
  • 0

#15
maliprog
Posted 01 March 2012 - 03:35 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
No it will not. Do you know does he have the same redirect problem?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP